(Some) Computer Technicians Are Creepy

Well, this leaves me feeling somewhat sick in the stomach.

I was planning to put out some other blog entries just now, but i've felt dizzy and nauseous for the last few hours. Here's the story:

Last week I took my computer in to the shop to get it fixed. (I refuse to deal with hardware. I don't even change staples in a stapler. I have the midas touch and can even blow up passive circuits when they're disconnected plus i'm wearing a static wrist strap.)

I got the computer back a few days later and everything was fine.

On a crazy paranoid whim, I decided to look back through my TimeSnapper history to see if the technicians had used my computer in any unexpected ways.

I've been meaning to check this all week. I even woke in the night once, thinking: I really ought to check what TimeSnapper says happened on my computer when it was in the shop.

Well I finally got around to checking, just now. And what I found has left me unwell. It's nothing too major, but here goes.

A technician started up the computer and spent a short while looking through the 'my pictures' folder. First they looked at some photos of my baby daughter. Then they perused through some other family photos. Finally, they cleared the 'recent documents' list, checked that it was clear, and shut down the computer. (Sequence shown at right.)

The bit where they deleted the recent documents list happened extremely quickly. Watching it play out i am certain that they've done this activity many times before on many other people's machines.

I'm not too worried. They were pretty quick about it, only had the most cursory glance really. All sorts of other things were possible. My paranoid delusions included them installing a keylogger, searching for banking information. Lots of other possibilities. So it's not bad as such. I'll probably continue to use them for my computer needs (hey they're the best in town). But I'll probably create a guest account with minimum permissions, next time. And I still wonder what other things dirty technicians are getting away with on other machines entrusted to their care.

Okay that's off my chest now. And onto yours ;-)

 

'honest<T>' on Fri, 29 Feb 2008 11:55:38 GMT, sez:

If you give your computer to a technician and don't have a password on it then you get what you deserve.

You got away lightly!

'jtboofle' on Fri, 29 Feb 2008 12:18:33 GMT, sez:

Unfortunately, this is really common.

See: http://consumerist.com/consumer/investigations/video-consumerist-catches-geek-squad-stealing-porn-from-customers-computer-271963.php

'Chad' on Fri, 29 Feb 2008 12:53:11 GMT, sez:

That's really disappointing. However creating a limited user account won't work for techs - they may need admin access on your machine to do their job.

I believe that creating password protected accounts will limit access to other password protected accounts personal folders though, so you should at least do that.

My friend actually got "burned" by this when he reinstalled (not formatted) his machine without backing anything up. His admin account no longer had access to his old user directory!

If your pictures are stored outside of your user account folder, they won't be protected with this.

We put a lot of trust in our service people - Janitors, Car repair tech, Garbage collectors (need I say TSA reps?) all have access to vast amounts of personal information. Hopefully most of them are behaving in a professional manner, but you may want to "encourage" this particular tech by talking to his/her manager about the issue.

'aaron' on Fri, 29 Feb 2008 13:26:42 GMT, sez:

Weeellll...I'd disagree with mr. honest<t>.

1.) if you have physical possession of the machine, a p/w is largely irrelevant
2.) often a tech needs the admin password to do whatever it is s/he needs to do.

And if it really comes to it, there are numerous linux live (bootable) CD's that'll mount an NTFS filesystem and allow untraceable browsing and/or resetting of any of the account passwords.

Per jtboofle, I'd wager that's what your wayward tech was indeed looking for.

The only way, off hand, I can think of providing some small modicum of protection would be to use ntfs encryption on those folders you'd like private. (mydocs, etc) It's tied to the nt user, so the tech logging in as a separate user (admin or not) wouldn't be able to browse 'em.

Come to think of it, Vista does this (or something like it)...

Anywho...if that's defeated (let's say, by the aforementioned pw reset) you'll know...because your account password will be different.

All that said, this doesn't sound like a particularly tech savvy tech...if he didn't notice timesnapper running in the background. =^)))))

I have to relate a story: (I'm almost done, really!)

I've trumpeted the goodness of timesnapper far and wide in the IT department where I work. Great for filling out timecards and figuring out "just what _was_ I doing last monday?!!" A few have installed it, including this manager friend-of-mine.

Now this manager friend has a nasty habit of walking away and leaving his computer unlocked. Bad, bad, bad.

I decided to "clippy" him. ( http://www.rjlsoftware.com/software/entertainment/clippy/ ) Stuck the .exe on a network share for one of my servers, and when I next found his PC unlocked, walked up <start>=><run>=>\\aaronserver\share, copied the file over and launched it.

The next morning he called me into his office and wondered aloud what could have happened to his system. Thought some odd spyware might have infected it.

Then he looked at me and grinned an evil grin. "So I decided to look back over my timesnapper history and see what could have happened..."

Oh s##t.

I'd been caught red-handed. (so to speak) He saw the file copy, the server name, etc.

We both laughed.

And now he always locks his system. =^)

-aaron

'Colin' on Fri, 29 Feb 2008 22:26:25 GMT, sez:

If you really don't want people like this to have access to your data in this way remove it before they get it if you can or put it in a truecrypt file/drive (and hope they can freeze the memory chips)
Admin accounts can easily be reset in XP (I personally would not know about Vista) so I think various accounts will not help much

'Phillip' on Tue, 04 Mar 2008 12:47:29 GMT, sez:

Actually, as a computer technician, I can see where this could be used legitimately. I've had cases where people will ask for things to be done, whether software installed or removed or hardware upgrades, and find out that it's affected several unrelated things in strange ways. After enough times having things brought back to me because something was "different", I got used to just checking everything to make sure that documents would open correctly, pictures would open, and websites would load, just to name a few. It takes me all of ten minutes to go through and test everything, versus up to half an hour or more if the client has a complaint. And when you're talking on-site service, it can eat a couple or more hours out of your day that you can't charge for. Better to test it all, and then you can say honestly "I checked it for functionality, everything seems fine." I even tell people what I did if they seem at all interested. Most people want to pay and go on, though.

However, there are some technicians I've known that will look to see if you've got anything 'interesting' in your "My Pictures" folder, and I've no doubt some will look for banking information. What you have to take into consideration is whether the guy that's working on your system has a vested interest in making it work, or is it just some high school kid making some side money? That does tend to figure high in the reason for looking there.

Go with your gut. If you think they're not trustworthy, don't give them your computer. If you think they are, then give it to them. But always keep backups of the important stuff.

'lb' on Tue, 04 Mar 2008 19:57:52 GMT, sez:

@Phillip

Yeh, what you describe is a 'smoke test' where you make sure that a few basic things work. And this was no smoke test.

Trusting your 'gut' is not as good as using careful measurement. In this case I have figures to show that my gut instinct was wrong.

'mrwilhite' on Mon, 29 Sep 2008 23:36:33 GMT, sez:

Thinks if you are that concerned about what they are looking at on your computer, that it shouldnt be there! Forget time snapper! Store all sensitive information on an external hard drive or a password protected partition. Security is the responsibility of the owner/user. Find a tech which HAS a security clearance and or is bonded. Locks etc are only to keep the honest man honest, the same holds true for passwords and computer security. Time Snapper will not stop a good tech and wouldnt even slow me down if I were looking to access a computer. A guest account? I would laugh and recommend a shop down the street! Do you wear a tin foil hat to keep aliens from reading your mind? As the Time Snapper Icon below says "Know Thyself"

'John Smith' on Mon, 05 Jan 2009 15:47:30 GMT, sez:

I am a pc technician and in alot of cases it is neccassary to view the customers documents folder to assertain the next proceddure for backup, this is because usually custmers dont have a backup copy of there work and personal files and I do not do anything to a computer until the customers documents are backed up. I always explain this to the customer

name


website (optional)


enter the word:
 

comment (HTML not allowed)

All viewpoints welcome. But the right to delete any post for any reason is reserved. Don't make me do it. Comments may be republished, emailed to your loved ones or printed and used as toilet paper. Who reads this legal bit anyhow?

TimeSnapper_{Know thyself!}

TimeSnapper is a life analysis system that stores and plays-back your computer use. It makes timesheet recording a breeze, helps you recover lost work and shows you how to sharpen your act.

TimeSnapper won last year's Developer Competition at Larkware.com, and is used by over 10,000 people.