Completely Disable Remote Access?

I recently had to install something to allow a tech agent free reign on my Win 8 Pro Home PC. The tech agent was courteous and professional and I have reasonable faith in her/him; however, I must be prudent when protecting my home PC.

What do I need to do that make 100% sure that the tech agent or an associate of the same company can never remote into my PC again? I have unchecked "Allow Remote Assistance connection to this computer" in Control Panel/System Properties. Also, I have a DLink 2540B external Firewall/Router but I'm not sure how to block the appropriate ports.

NOTE: This is nothing against the tech agent or her/his company. I'm just paranoid...

Mr. Paranoid

Posted 2013-06-17T03:09:10.647

Reputation: 3

This question seems a bit overly broad, and likely to get more debate than solid definitive answers. – killermist – 2013-06-17T03:43:54.843

The question is purposefully broad to try and protect the tech agent and her/his company. It's very unfortunate that I was nearly forced into allowing the agent into my machine. The 100% legal software in question had serious activation issues... – Mr. Paranoid – 2013-06-22T08:00:18.140

Answers

-5

Destroy the computer.

If someone has already been on the computer then there is no guarantee. In fact if that computer is so much as on then it's not 100%. Since your agent has been inside it's more like 50%. You have done the biggest step but past that there isn't really much you can do.

Welcome to information security :)

Griffin

Posted 2013-06-17T03:09:10.647

Reputation: 1 034

What if I destroy my external firewall? Will that do the trick? – Mr. Paranoid – 2013-06-17T03:36:33.660

It will if you don't want them accessing the external firewall. – Griffin – 2013-06-17T03:53:50.383

3Don't "destroy your computer". What a ridiculous suggestion. – Austin ''Danger'' Powers – 2013-06-17T03:57:18.660

@KimJong-Un Says the North Korean leader. In top of that of course it is. I was however giving him the only 100% way. – Griffin – 2013-06-17T03:59:54.733

1100% way of guaranteeing nobody could EVER use it again. – Michael Frank – 2013-06-17T21:03:45.667

Isn't that what he asked for? – Griffin – 2013-06-17T21:43:51.627

Please explain why you are suggesting physical destruction of a machine which has not been physically compromised. Reformatting and reinstalling gets everything, no? Or is it haunted now? – Austin ''Danger'' Powers – 2013-06-18T01:16:28.110

They can remain after reformatting. Don't believe me? Google it. – Griffin – 2013-06-18T05:43:37.483

On top of that it doesn't have to be the fault of the machine itself. The router is a very vulnerable target along with any other computers on the network. – Griffin – 2013-06-18T05:44:44.317

Actually, I tend to believe Griffin and think that destroying the computer might be an plausible but costly option. I'm not sure why he was voted down. Griffin is correct in stating that reformatting a drive will not get rid of everything... – Mr. Paranoid – 2013-06-22T07:49:20.657

@Mr.Paranoid That's why he didn't respond. – Griffin – 2013-06-22T10:16:15.330

1@Griffin: so presumably you throw every computer that gets a boot sector virus in the garbage and tell the user they need to buy a new one (instead of doing a low level format and re-flashing the BIOS if you felt it necessary as an extra precaution)? Where else, other than the BIOS and the hard drive, can malware realistically persist in a computer? Be careful- your response to this may seriously reduce your credibility. Someone who didn't know any better could waste hundreds of dollars unnecessarily if they made the mistake of believing you. – Austin ''Danger'' Powers – 2013-06-29T00:34:49.420

1@Griffin: so where in the chassis can malware persist? Where in the CPU can malware persist? Where in the motherboard after the BIOS has been re-flashed can malware persist? Where on a hard drive after doing a low-level format can malware persist, or even better, on an SSD after running the Secure Erase command? Where on the network card or graphics card can malware persist? Where in the RAM can a virus persist? Discarding the ENTIRE computer is starting to look a bit foolish now. – Austin ''Danger'' Powers – 2013-06-29T00:39:47.490

1Just realized I'm arguing with a 16-year old. Poor guy's parents probably buy him a new computer every time he gets a virus. – Austin ''Danger'' Powers – 2013-06-29T00:42:51.953

@Austin''Danger''Powers Thing is I don't get viruses. Seems like normal event for you by the way you worded that. – Griffin – 2013-07-07T05:58:14.933

@Austin''Danger''Powers Discarding the whole computer is foolish, if you don't want 100% guarantees. – Griffin – 2013-07-07T06:00:30.520

@Austin''Danger''Powers Also if you don't know by now your graphics card actually has a bios update now! http://www.techpowerup.com/vgabios/

The fact that you had to be told that by a 16-year old makes you seem kind of foolish.

– Griffin – 2013-07-07T06:08:26.723

Do a wipe and reload of the OS to remove all prior traces of software and start with an OS you can trust again.

No need to "destroy the computer".

This implies it has been PHYSICALLY compromised which, of course, it has not.

Austin ''Danger'' Powers

Posted 2013-06-17T03:09:10.647

Reputation: 5 992

1Well, I agree with Griffin. While its very unlikely the tech agent would do this, it is theoretically possible that the agent may have flashed my BIOS when my children were distracting me... If that happened, then reformatting the HD will not help me. – Mr. Paranoid – 2013-06-22T07:52:52.483

1But you would still not need to "destroy the computer". If you were that paranoid and believed they were that smart, you could simply re-flash your BIOS and save yourself a few hundred dollars (i.e. the expense of a new computer). I will always call people on their useless, alarmist answers which could end up someone a lot of money for no reason. And that was one of them. – Austin ''Danger'' Powers – 2013-06-29T00:26:30.963

I might start by looking for new icons in the task tray that when hovered show an IP or something remote oriented, then find the corresponding program in add remove programs and get rid of it.

Could open a RUN menu and type msconfig and go to the startup tab and untick anything that looks suspect.

Also probably go down and change the default RDP Port if you don't remote access your computer yourself at times. http://support.microsoft.com/kb/306759

ssaviers

Posted 2013-06-17T03:09:10.647

Reputation: 366

Yes, I think changing the RDP Port is one of my better options, but maybe I just need to destroy the computer as Griffin said... – Mr. Paranoid – 2013-06-22T07:55:38.887