Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can Someone Install Something on My Computer When It’s Not Logged In?

The risks of access while signed out.

by

Padlock in a chain.
(Image: canva.com)
If your computer is not physically secure, someone could install something even if you're not logged in.
Question: Before I raise heck in the house, would you please answer a question? We have several computers in our home. Recently, I have seen “Spy PC 7.0 Quick Start Guide” in the home. I don’t mind if the owner of this booklet uses it on his/her machine, but not on anyone else’s. Can this be installed on other personal computers (which are usually password locked)?

The short answer is yes, absolutely. I think you’re right to be concerned.

I also think there’s an important lesson here for everyone.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

If your computer is not physically secure, it’s not secure. If that’s of concern:

  • Keep the machine physically locked when not in use.
  • Consider adding a BIOS password.
  • Consider adding a hard-disk password or using whole-disk encryption.
  • Regardless, encrypt your sensitive data.

Physical security

I want to be sure everyone is aware of one rule of thumb. In fact, if you remember only one thing from this article, let it be this:

If your computer is not physically secure, it’s not secure.

If someone can access your computer physically, your computer is not secure.

“What about passwords?” I hear you asking.

Password locks only go so far

You indicated that the computers are “…usually password locked.” I’m assuming by “password locked” you mean either you are not logged in to the machine or a password-protected screen saver is running.

First, usually? If you’re away from the machine for any length of time while you are logged in, the door is wide open. Anyone can walk up to your computer and do whatever they want, including downloading spyware or doing much worse.

However, things are worse than you might imagine. Even when your computer is “locked” using a Windows login or screen-saver password, it’s still very vulnerable.

Related

It’s a bigger problem than most people realize. Here’s more: Walking Away From Your Computer

Think about it. Anyone walking by your machine with a boot disc or bootable USB drive could reboot the machine (by pulling the plug, if necessary), boot from their disc, and get access to everything on your machine.

Then, just as if you’d left it unlocked in the first place, that person can do anything, including installing spyware, reading your data, messing up your files, and doing whatever else they want.

In a more destructive scenario, someone could remove the hard drive or even steal the entire machine. That would be obvious to you, but if you had something you thought was safe and secure on that hard disk, it could easily end up in the hands of thieves.

In recent years, we’ve heard of hardware-based security threats — for example, so-called “USB killers” designed to damage any computer into which they’re inserted. Anything that can be connected to your computer represents yet another layer of risk.

Staying physically secure

If scenarios like this concern you, these are steps I would consider taking:

  • Keep the machine in a locked cabinet or room when not in use.
  • Consider adding a BIOS password required to boot the machine in any way. (This adds security but does not prevent hard-disk theft.)
  • Consider adding a hard-disk password or using whole-disk encryption restricting access to the hard drive completely unless the passphrase is specified.
  • Use encryption of some sort on your sensitive data.

In your case specifically, I’d get more trustworthy roommates.

Related Questions

How do I know if someone is remotely accessing my computer?

It can be very difficult to determine if someone is remotely accessing your computer. Start by using the Details view in Task Manager to look for the common remote-access utilities such as Team Viewer, Remote PC, and others. If you see any you don’t recognize, search to determine what they’re used for. Keep an eye out for unexpected disk and processor activity. Make sure to run up-to-date security tools, as much remote access happens not using standard tools, but specially crafted malware.

Can someone install spyware on my computer?

Someone can install spyware on your computer, but it typically takes your cooperation, albeit unwillingly. By far the most common cause of spyware, and malware in general, getting installed is opening email attachments that haven’t been fully vetted as being safe. Similarly, downloading and installing software from untrusted sources can also result in spyware, and worse, being installed.

Can someone see me through my computer screen?

No, your computer screen cannot be used to see you. If you have a webcam, however, that could be enabled without your knowledge in some cases. While most of the time there’s a light to indicate that the camera is in use, a) it’s easy to miss that light if you’re not looking for it, and b) some cameras can be operated without the light. The best defense is to ensure your machine remains clear of malware and is used securely. While this type of intrusion is not terribly common if you’re concerned simply cover your webcam’s lens with a sticky note or another easily removed block.

Can a hacker control my computer?

Yes, when malware has been installed on your machine, then it can do anything — including completely controlling your computer remotely. This is what many hackers do, installing remote access and remote control software and then using your compromised machine as part of a botnet, or using it to exfiltrate data from your computer or business.

Can someone remotely access my computer when it’s off?

No, your computer cannot be remotely accessed when it’s off, however you do need to make sure it’s truly off. “Standby”, for example, is not completely off, and in certain situations your system can resume on its own, allowing your computer to be remotely accessed if it happens to have remote access malware installed.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Download (right-click, Save-As) (Duration: 4:03 — 4.2MB)

Subscribe: RSS

7 comments on “Can Someone Install Something on My Computer When It’s Not Logged In?”

  1. I have the same worry.
    When I turn on my computer and DSL modem, Windows Update and Norton AntiVirus go out to get updates even before I log onto the internet using IE6 and ATT/Yahoo DSL.
    If these programs can go to the internet without my being logged on, can something out there in the World Wide Web download something onto my computer without my knowing it? (I have Windows Firewall running and Norton AntiVirus).

    Reply

  2. I use TrueCrypt whole disk encryption and my screen is always locked when I’m away.

    I know that if the encrypted filesystem is mounted, encryption is useless, so the safer route would be turn the computer off all the time when away.

    However, that’s not an option when you have some background tasks that run when computer is idle (backup, file indexing).

    I use a laptop with battery always at 100%, so it would be a problem if someone stole it that way.

    Actually, I’m thinking about installing an app to lock Windows login after a certain period of time. Windows screensaver lock doesn’t seem very safe. Any suggestions?

    Reply

    • In cases like you describe I think a double locked door would be the best option. Leave the encrypted file mounted and your background tasks and programs running. Then use a good strong passphrase (long and complex) to secure your user account when you leave your machine alone. The only way to bypass UAC would require a reboot hence your files are now inaccessible.

      Reply

  3. Sorry to bother you.
    Somehow which i did not do myself I have a toolbar called VisualBee which is preventing me to sign in on some of my website. It’s taking to much room across the Board. I went into my control panel which took it off there but not on my computer. I wrote to them about it. I believe that it has something to do with something called Conduit ? That name comes up at times. I’ve tried everything but cannot get rid of this thing. If you can help that would be very much appreciated Thank you.
    Annie

    Reply

  4. I got fired from a job because someone came to my computer, which wasn’t locked down, and sent an inappropriate joke to a bunch of managers. I had no way to prove I didn’t do it because I couldn’t remember where I was at the time.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.