Who would be able to figure out if an invisible hacker is on your computer?

There is one reliable way you could detect cyber attackers who “silently” compromise your computer. But it requires preparation. And, there is an ongoing administrative burden.

It’s called “file integrity monitoring.” The most reputable product I know that can do this for Windows computers is called “Tripwire”:

File Integrity and Change Monitoring (FIM) | Tripwire

Here’s a short description of how it works:

  1. Use Tripwire to calculate a “fingerprint” of all your critical files, especially the ones that should not be changing often or at all. This would include critical executable files of the operating system. In Windows, many of these files are stored in this directory: <C:\Windows\System32> or <C:\Windows\SysWOW64 >
  2. Every day, calculate a new “fingerprint” of all your critical files.
  3. Then, create a report showing which files have changed.
  4. Next, figure out why each one of those files has changed. Start with the most important files and work your way down the list. Some changes are useful, like a software security update, and the cause of the change can be quickly determined. Other changes may be useful but are more difficult to explain. And, changes for which you have no explanation could indicate your computer has been compromised. At this point, you need to look for other indicators of compromise.
  5. Eventually, you’ll get to know what “normally” changes on your computer and why. At that point, you’ll quickly spot any digital cooties that silently show up.

Leave a Reply

ten − three =