Bit of advice needed.

Some scummy, muvver-frigging sons of goat $h1te have hacked a hotmail account I use and are happily spamming all and sundry on my contacts list.

I use AVG for AV and CCleaner to periodically clean out cookies and cache. I immediately changed my password and will put additional measures in place to stop anyone accessing from a non trusted PC. However, I'm not too up on Home user security and wanted to make sure this would be adequate.

Any advice?

Get yourself at least one dedicated AntiSpyware.
Right now I have Spybot and AdAware coupled with Symantec AV (Avira was a great free alternative for many many years).

I used to use spybot. Might give it a go - thanks.

Get yourself at least one dedicated AntiSpyware.
Right now I have Spybot and AdAware coupled with Symantec AV (Avira was a great free alternative for many many years).

Two anti-spywares are a bit too much IMO. Besides I've found Ad-Aware to be quite glitchy and intrusive in the past.

Bit of advice needed.

Some scummy, muvver-frigging sons of goat $h1te have hacked a hotmail account I use and are happily spamming all and sundry on my contacts list.

I use AVG for AV and CCleaner to periodically clean out cookies and cache. I immediately changed my password and will put additional measures in place to stop anyone accessing from a non trusted PC. However, I'm not too up on Home user security and wanted to make sure this would be adequate.

Any advice?

I'm running two Windows 7 64 Bit OS on a PC and laptop, and only Avast Antivirus for the last 2 years on both of them, never had a single problem. Before that I used Kaspersky Internet Security, which is a bit heavy on resources but was okay nonetheless. From what I have read, 64 bit operating systems are much more secure. I regularly access email accounts on all major email services i.e. Yahoo, Gmail, Hotmail and AOL, plus 4 company emails through Mozilla Thunderbird, and never has even one of them been hacked. If I ever access my email on a public computer, I make sure to clear all cache, cookies and delete temp files before leaving.

Also, keystroke logging is a pain in the arse for people checking their emails on public PCs. If you can, check for a hardware based keystroke logger at the back of the public PC you're using. Read more about it here: http://en.wikipedia.org/wiki/Keystroke_logging. And a picture of how a hardware based keystroke logger works through a PS/2 port looks like this:

http://upload.wikimedia.org/wikipedia/commons/d/dc/Keylogger-hardware-PS2-example-connected.jpg

That is connected to a keyboard and will save all the passwords and IDs that you might enter. Also, try not to use sensitive stuff such as important email addresses or access your netbanking on public PCs, because even if the PC might not have a hardware based keystroke logger, some sneaky hackers install keystroke logging software on these PCs, which will categorically save every password you've entered on any website, messenger etc. Obviously a big danger.

For me, adding a lot of numbers and random special characters to passwords helps, especially in case of the person trying to hack into your account knows you. Using the on-screen keyboard which you click to enter password on netbanking websites, also helps. On top of that, using Internet Explorer has been known to cause problems with security. Using a secure browser like Firefox or maybe even Chrome does the job.

Two anti-spywares are a bit too much IMO. Besides I've found Ad-Aware to be quite glitchy and intrusive in the past.

Better if AdAware is intrusive then if the intruders don't get caught in time.
In teh end you can set it up as you think it's better.

Better if AdAware is intrusive then if the intruders don't get caught in time.
In teh end you can set it up as you think it's better.

Yep. For me it was behaving weirdly with mostly Adobe software for some weird reason, especially blocking the FTP functionality within Dreamweaver. I haven't tried their newer versions yet, because the older ones pissed me off so much. :p Might have to try the new ones.

Using the on-screen keyboard which you click to enter password on netbanking websites, also helps.

Unfortunately even on-screen keyboards are open to capture.

Speaking from my Windows programming experience it would not be difficult to grab such activity.

Capturing the screen or a portion of it when the mouse is clicked (or a touch event occurs) is easy enough. For on-screen keyboards that work by hovering the mouse over a key, it isn't much more trouble to monitor movement and detect that instead of a click. And there are various ways to detect when the keyboard is up if need be to reduce the monitoring traffic.

I suppose it depends on how badly a hacker wants your details over an easier target.

For me, adding a lot of numbers and random special characters to passwords helps, especially in case of the person trying to hack into your account knows you. Using the on-screen keyboard which you click to enter password on netbanking websites, also helps. On top of that, using Internet Explorer has been known to cause problems with security. Using a secure browser like Firefox or maybe even Chrome does the job.

Carry a USB stick which has password accessible folders on it to save a .txt file with all your passwords on it - then copy and paste the passwords as required - no keystrokes to record then!

Unfortunately even on-screen keyboards are open to capture.

...and I forgot to mention that on-screen keyboards will be trigging keyboard events as per a physical keyboard for rouge software to pick up anyway...

Web pages that provide mouse driven ways of entering passwords will be open to capture as detailed in my previous post.



ps: if you're cutting and pasting passwords for any reason, aside from the insecure nature of the clipboard, make sure you remember to clear it afterwards...

Carry a USB stick which has password accessible folders on it to save a .txt file with all your passwords on it - then copy and paste the passwords as required - no keystrokes to record then!

Then they only need to save the data from the clipboard.
You are just making the hacks life easier.

The solution is NO public PCs.
With mobile internet available nowadays the best thing is to carry your laptop or tab with you.