Why does the Geek Squad guy have a flash drive that he hooks into our computer when he comes to visit us?o
October 21, 2008 7:33 PM Subscribe
Why does the Geek Squad guy have a flash drive that he hooks into our computer when he comes to visit us?
Background: We have a new house, had Geek Squad come over to set up the net work and other stuff. There’s been a few blips, so every time he (same guy) comes over he has a flash drive on his keyring that he hooks into our computer. I’m not standing over his shoulder watching him as the repairs take a while, but is there a legitimate reason why he’s doing this? Or should I be concerned about him trying to capture our sensitive documents?
Background: We have a new house, had Geek Squad come over to set up the net work and other stuff. There’s been a few blips, so every time he (same guy) comes over he has a flash drive on his keyring that he hooks into our computer. I’m not standing over his shoulder watching him as the repairs take a while, but is there a legitimate reason why he’s doing this? Or should I be concerned about him trying to capture our sensitive documents?
I don't know. Often times, when working on site, it's useful to have a USB key with diagnostic programs and other specialized utilities. It's easier to have them on hand than then to have to go online and download them.
If I was troubleshooting computer issues, I might have a USB key with certain hotfixes and other important OS updates, along with virus removal tools.
posted by kbanas at 7:45 PM on October 21, 2008
If I was troubleshooting computer issues, I might have a USB key with certain hotfixes and other important OS updates, along with virus removal tools.
posted by kbanas at 7:45 PM on October 21, 2008
Yes, you should be concerned, even though there is a legitimate reason for having a USB key.
posted by CKmtl at 7:50 PM on October 21, 2008
posted by CKmtl at 7:50 PM on October 21, 2008
Best answer: A year or two ago, I think it was Geek Squad that was getting beat up in the press over and over again for stories of techs "stealing" porn when people brought computers in. So as to, "should i be concerned about him trying to capture our sensitive documents," it's possible.
That said, as someone who fixes a lot of peoples' computers, I have a thumb drive loaded with various system repair tools.
So the short version? There's plenty of very legitimate reasons for him to be plugging a flash drive in. And you'd be reasonable to be suspicious of him. Occam's Razor would suggest that the more innocent explanation is also the more likely one, but a bit of paranoia is a good thing to have when it comes to computers, and isn't at all unreasonable here.
posted by fogster at 7:51 PM on October 21, 2008
That said, as someone who fixes a lot of peoples' computers, I have a thumb drive loaded with various system repair tools.
So the short version? There's plenty of very legitimate reasons for him to be plugging a flash drive in. And you'd be reasonable to be suspicious of him. Occam's Razor would suggest that the more innocent explanation is also the more likely one, but a bit of paranoia is a good thing to have when it comes to computers, and isn't at all unreasonable here.
posted by fogster at 7:51 PM on October 21, 2008
It's his toolbox, essentially - he's bringing some of the things he needs to fix your computer.
(If he did have improper intentions towards your documents, there'd be nothing stopping him from sending them out over the network, flash drive or no.)
posted by zamboni at 7:51 PM on October 21, 2008
(If he did have improper intentions towards your documents, there'd be nothing stopping him from sending them out over the network, flash drive or no.)
posted by zamboni at 7:51 PM on October 21, 2008
It's valid, because it's not always a given that you'll have stable internet to download their utilities, but... sensitive document stealing is a possibility. I mean, it's just a quick drag to the drive.
Now, I'd hope they wouldn't do that in your house, but it *could* happen. Just keep your docs out of PLAIN SIGHT, so not in your My Docs directory or on the desktop. (Nothing sensitive, anyway.)
posted by disillusioned at 7:53 PM on October 21, 2008
Now, I'd hope they wouldn't do that in your house, but it *could* happen. Just keep your docs out of PLAIN SIGHT, so not in your My Docs directory or on the desktop. (Nothing sensitive, anyway.)
posted by disillusioned at 7:53 PM on October 21, 2008
I know it's nitpicky, but I'd like to apologize for somehow converting the "I" pronoun to lowercase when I quoted you in my reply. I have no clue how I pulled that off, but as someone who sometimes rushes to judgments against people who can't be bothered to get it right, I feel bad that I messed it up while quoting you.
posted by fogster at 7:55 PM on October 21, 2008
posted by fogster at 7:55 PM on October 21, 2008
Presumably it's his set of testing and debugging tools and such, maybe even a boot disk partition... but that doesn't mean that's all he does with it.
You should most certainly watch over his shoulder the entire time. Most definitely.
You will learn things.
posted by rokusan at 7:59 PM on October 21, 2008
You should most certainly watch over his shoulder the entire time. Most definitely.
You will learn things.
posted by rokusan at 7:59 PM on October 21, 2008
They have a special set of utilities bundled into one interface that they all use. I've downloaded and looked at it -- it's nothing special. Just intended to make sure they all are using the same toolset, basically.
posted by stavrosthewonderchicken at 9:00 PM on October 21, 2008
posted by stavrosthewonderchicken at 9:00 PM on October 21, 2008
Best answer: I used to work for Geek Squad. He has a flash drive that has a variety of tools on it for diagnosing and repairing problems. If the Best Buy store he works at follows proper procedures, he turns in his flash drive every night and the service manager at his location checks his flash drive to ensure that no personal data is on it.
As far as sensitive documents, I doubt he has much interest in them. We got all sorts of financial data, personal emails, etc. at my precinct and no one ever cared.
posted by rmtravis at 9:33 PM on October 21, 2008
As far as sensitive documents, I doubt he has much interest in them. We got all sorts of financial data, personal emails, etc. at my precinct and no one ever cared.
posted by rmtravis at 9:33 PM on October 21, 2008
Best answer: This is standard procedure, and shouldn't be suspicious. The flash drive (content) is part of the diagnostic toolset mandated by the Geek Squad. Perfectly reasonable, and difficult to do without in many common situations.
That being said, any time you allow anyone access to your computer for any length of time, you are making all of your files and information on that computer available to that person and potentially the internet as a whole. There's no way around it, short of high level encryption. A determined user with access to your computer can either compromise the system at that time by loading files from media or the internet...or they could leave a small app behind that would let them compromise it remotely at their leisure. Alternately they could just email themselves all your files, and the only limitation would be your internet connection or the speed of your computer. In fact, they could probably do all this with the average computer user sitting at their side--without raising suspicion.
Should you be concerned? If your sensitive files are on the computer, and someone else is on the computer, concern won't help. Either disallow all third parties from using the computer, or encrypt your important files in such a way that they will not be apparent.
posted by Phyltre at 9:42 PM on October 21, 2008
That being said, any time you allow anyone access to your computer for any length of time, you are making all of your files and information on that computer available to that person and potentially the internet as a whole. There's no way around it, short of high level encryption. A determined user with access to your computer can either compromise the system at that time by loading files from media or the internet...or they could leave a small app behind that would let them compromise it remotely at their leisure. Alternately they could just email themselves all your files, and the only limitation would be your internet connection or the speed of your computer. In fact, they could probably do all this with the average computer user sitting at their side--without raising suspicion.
Should you be concerned? If your sensitive files are on the computer, and someone else is on the computer, concern won't help. Either disallow all third parties from using the computer, or encrypt your important files in such a way that they will not be apparent.
posted by Phyltre at 9:42 PM on October 21, 2008
Just keep your docs out of PLAIN SIGHT, so not in your My Docs directory or on the desktop.
No, encrypt them. It's really easy to write a script that searches files for text that contains credit card number patterns, as a singular example, then make a copy of the results found. If you have sensitive material on your computer, it should be encrypted. End of story.
posted by secret about box at 12:20 AM on October 22, 2008
No, encrypt them. It's really easy to write a script that searches files for text that contains credit card number patterns, as a singular example, then make a copy of the results found. If you have sensitive material on your computer, it should be encrypted. End of story.
posted by secret about box at 12:20 AM on October 22, 2008
Yeah, I've worked in tech support like that before, and we had flash drives with all of our diagnostic equipment and such on them. They were awesome.
That said, you should still encrypt anything you don't want them getting their hands on, because they totally could if they so desired.
posted by InsanePenguin at 12:42 AM on October 22, 2008
That said, you should still encrypt anything you don't want them getting their hands on, because they totally could if they so desired.
posted by InsanePenguin at 12:42 AM on October 22, 2008
+1 for encryption. Or, keep the sensitive stuff offline on your own thumb drive.
For encryption, I recommend GnuPG. If you use MSFT Windows, perhaps http://www.gpg4win.org/ does what you want. A good passphrase is important.
(And while I'm giving advice, you are making backups, right? Your computer will die. Someone may steal it. You may have a fire. Don't undervalue data just because it's in some mysterious new-fangled box.)
posted by cmiller at 7:14 AM on October 22, 2008 [1 favorite]
For encryption, I recommend GnuPG. If you use MSFT Windows, perhaps http://www.gpg4win.org/ does what you want. A good passphrase is important.
(And while I'm giving advice, you are making backups, right? Your computer will die. Someone may steal it. You may have a fire. Don't undervalue data just because it's in some mysterious new-fangled box.)
posted by cmiller at 7:14 AM on October 22, 2008 [1 favorite]
"Or should I be concerned about him trying to capture our sensitive documents? "
He already has full access to your machine, copying files to a flashdrive is probably the least efficient and highest risk method of compromising your documents. There are a massive variety of remote admin tools that would allow a knowledgeable tech to continuously glean the contents of your drive from the comfort of his living room.
IE: you should be concerned in that you have to trust the person doing this work but not specifically because of the flashdrive.
posted by Mitheral at 7:20 AM on October 22, 2008
He already has full access to your machine, copying files to a flashdrive is probably the least efficient and highest risk method of compromising your documents. There are a massive variety of remote admin tools that would allow a knowledgeable tech to continuously glean the contents of your drive from the comfort of his living room.
IE: you should be concerned in that you have to trust the person doing this work but not specifically because of the flashdrive.
posted by Mitheral at 7:20 AM on October 22, 2008
Why don't they use CD? Burning a CD full of utilities is no big deal and it would reduce the chance or the opportunity for them to steal anything.
If I were you I wouldn't let anyone attach any media device to my system.
posted by Gungho at 9:10 AM on October 22, 2008
If I were you I wouldn't let anyone attach any media device to my system.
posted by Gungho at 9:10 AM on October 22, 2008
Flash drives are physically smaller, and have MUCH more storage than a CD or even DVD. Plus they're easy to update with new utilities, patches and drivers; and are more physically robust to boot.
I always carry a 16GB flash drive with me everywhere - you don't always have an internet connection (or in my case, a network connection back to our central servers) and with drivers kicking into the 100GB range each these days, and vista SP1 a lot bigger than that, it's a lot quicker to have them all to hand, and you never know where and when you're going to need them. Besides, I could JUST as easily compromise a machine for later rummaging with rootkits on a DVD as a flash drive, if I was so inclined.
Look at it this way. Would you invite an electrician into your home, and leave him unattended? He might be rummaging through your mail sat on the sideboard. If you don't trust a contractor, sit with him and supply him with cups of tea. We don't mind, we're used to being watched over the shoulder while we work.
posted by ArkhanJG at 9:56 AM on October 22, 2008
I always carry a 16GB flash drive with me everywhere - you don't always have an internet connection (or in my case, a network connection back to our central servers) and with drivers kicking into the 100GB range each these days, and vista SP1 a lot bigger than that, it's a lot quicker to have them all to hand, and you never know where and when you're going to need them. Besides, I could JUST as easily compromise a machine for later rummaging with rootkits on a DVD as a flash drive, if I was so inclined.
Look at it this way. Would you invite an electrician into your home, and leave him unattended? He might be rummaging through your mail sat on the sideboard. If you don't trust a contractor, sit with him and supply him with cups of tea. We don't mind, we're used to being watched over the shoulder while we work.
posted by ArkhanJG at 9:56 AM on October 22, 2008
Flash drives are easier to update, you're less likely to leave them in the customer's machine (if you link them to your car keys) and when you do need to transfer files you have the tools handy.
Like I said I can silent install a remote access exploit using autorun that'll let me own you machine from the local library just by inserting a CD into your drive; worrying about your tech copying files to a flashdrive is like seizing people's nail clippers before they get on the plane.
posted by Mitheral at 9:56 AM on October 22, 2008
Like I said I can silent install a remote access exploit using autorun that'll let me own you machine from the local library just by inserting a CD into your drive; worrying about your tech copying files to a flashdrive is like seizing people's nail clippers before they get on the plane.
posted by Mitheral at 9:56 AM on October 22, 2008
But encrypting your important documents and storing them seperately is also a good idea. You're one trojan away from russian hackers having complete access to your entire machine and everything on it.
posted by ArkhanJG at 9:58 AM on October 22, 2008
posted by ArkhanJG at 9:58 AM on October 22, 2008
Incidentally, I have a couple of inside perspectives into Best Buy through friends and I heard that BB took all the bad Geek Squad publicity of a couple years ago seriously and brought the hammer down pretty hard on the lax practices that invited the abuse. For what it's worth.
posted by nanojath at 11:06 AM on October 22, 2008
posted by nanojath at 11:06 AM on October 22, 2008
If you have time and tech-savvy (enough to understand if he's doing something he's not supposed to to) stand there and watch what he's doing. He's in house and you are paying, so you have the right to inspect what is going on.
Even if you are not tech savvy enough I doubt he'll do something sneaky while you are watching.
posted by WizKid at 1:14 PM on October 22, 2008
Even if you are not tech savvy enough I doubt he'll do something sneaky while you are watching.
posted by WizKid at 1:14 PM on October 22, 2008
This thread is closed to new comments.
posted by Tomorrowful at 7:42 PM on October 21, 2008