How To Check if Someone Else is Using your Computer
Given the proper software and know-how, practically everything that you do while using your computer can be tracked and annotated. The last time you logged in, went online, launched a program, or updated your system are just a few of these things. Then there are the things you’d rather have no one else know, that can also be tracked.
To maintain your privacy and prevent wandering eyes delving into your personal business, you probably take a few precautions. Always log off or lock your PC when you leave the room, leave the computer in the company of a trusted friend or relative, or even take it with you (if a laptop) in order to avoid any snooping.
But what if you forget to lock your computer, or that trusted friend isn’t as trustworthy as you think? You can’t take your laptop everywhere, all the time. You might even get the sense that someone has been on your computer recently but you’re not quite sure how to tell. The laptop may have been slightly moved, the keyboard has a smudge on it from an unknown source, and the lid had been left up when you know that you always close it. Something is clearly off.
Has someone secretly used your PC? Did they find something that you’d much rather have been kept secret? It may be time to do a bit of detective work. You just need to know where to start. If you suspect that someone else has been using your computer when you are away, you can use a number of techniques to find out for sure.
A Bit of ‘Computer Intruder’ Detective Work
It is important to find out for certain if your computer has been compromised from an outside source as it puts your personal information at risk. Knowing where you need to start looking can help reduce the amount of time it takes to narrow down the possibility of an intrusion and find the one responsible. Here are a few different tasks you can do to learn if someone has logged into your computer with your consent.
Status checks on specific files and folders is a great way to determine if unauthorized users have been accessing your computer. You can check into your recently opened files to see if there is one (or many) that have been looked at. Windows introduced it with Windows 10 as an easy way to restore a previous point in your work. All Microsoft programs will detail when a file was opened and edited last so it will not be too difficult to determine if such an intrusion has occurred.
To access File Explorer, you can usually find it on your taskbar as a Folder icon. You can also pull it up by pressing Win+E. You should then start by heading to documents as well as anywhere else that you may store your personal files and check any dates that may not coincide with when you last opened the file. Open the file itself to determine if any unwarranted editing has occurred.
Another spot to dive into would be individual apps. Most apps come with a feature that allows you to check recent edits and additions to your files as well as when they were last accessed. This could give you a great lead as to if someone has been snooping around in your files.
Recently Modified Files
Not to discredit what has been previously stated, understand that anyone can wipe clean all recent activity conducted on your PC if they know how. It’s as simple as a left-click on Quick access, then Options, and finally, Clear File Explorer History. Of course, you can turn this act of espionage into a positive. If a recent activity has been deleted, then you’ll know for sure that someone has definitely been rooting around in your computer files. You can even discover which files they’d been snooping around in as well.
All you’ll need to do is navigate back to File Explorer and in the search field located at the top-right of the window, type in datemodified:. You can refine the search further by adding in a date range. It’s possible to go back a full year if you feel that this has been an ongoing thing.
Hit Enter, and you’ll see a full list of edited files that have been accessed. I say edited as those are the only files that will actually show up. If the snooper was editing any of the files, it’s possible your PC will autosave it, leaving behind some evidence. Do a bit of additional detective work by narrowing down the times listed to when you were away from the computer. This will give you a clearer picture of who may have accessed it.
Browser History Inconsistency
Browser history is easily deleted. You probably know this well if you’ve been clearing cache and cookies on a schedule so as to not bog down your browser. However, the culprit may have needed to leave in a hurry before they could properly cover their tracks.
Google Chrome, Firefox, and Edge all have a way of allowing you to see your search history. You can usually find it in the Settings, whichever icon that may be, toward the top-right of the screen. Click on it and locate History, then backtrack through it to see if you can notice any inconsistencies. Look for unfamiliar websites as they can be a classic sign that someone else has been accessing your computer.
Though the browsers may have different ways to search your history, you still receive the whole picture. It’s even beneficial to check all browsers that you may have installed on your machine for anything amiss. I personally have all three of those mentioned on top of the Brave browser. Any of these could have been used without your permission to snoop around on the internet for whatever reason.
Windows 10 Logon Events
So you’ve gone through all of the more simpler methods of attempting to determine if your computer has been infiltrated. Yet, you still have no concrete evidence to support your claims. This is where Windows 10 logon events can come in handy.
Windows 10 Home will automatically annotate a login every time one occurs. This means that each time you log in, the time and date is tracked and noted for you to see. The real question is how to get to logs and would you even understand what it is you’re reading when you do?
Type Event Viewer into the search bar located on your taskbar and click on the app when it populates. Follow this up by heading to Windows Log and then to Security. You should be given a long list of varying activities accompanied by Windows ID codes. It likely looks like a garbled and incoherent mess to someone who is not fluent in IT.
Luckily, I have 13 years of IT knowledge and can tell you that the only important code you’ll need in this case is 4624, which is the Windows ID for a recorded logon. If you happen to see the code 4634, this is an administrative logon code which means an account has been logged off of your PC. Not as important in this context but still a little fun fact to educate you.
Instead of scrolling through the long list of activities looking for each one that may have a 4624 Windows ID, you can use the Find… feature. This particular feature can be found off to the right in the “Actions” area and uses a Binoculars icon. Type the code into the “Find what:” input area and click Find Next.
For a more in-depth search, if you happen to know the general time spent away from the computer, you can use filters. Over in the “Actions” section, click on Filter Current Log and then click on the “Logged” drop-down menu. Choose the time frame you want to check and then click OK. You can then click on any of the individual logs to gather more details about when it took place and which account was used to log in.
Enabling Logon Auditing for Windows 10 Pro
Windows 10 Pro doesn’t automatically audit logon events the same way that the Home version does. It will require a bit of additional work in order to enable this feature.
You can begin by:
- Typing gpedit into the search bar on the taskbar. This is the Group Policy Editor, a feature that cannot be accessed while using the Windows 10 Home version.
- Next, go to Computer Configuration.
- Then, Windows Settings into Security Settings.
- Followed by Local Policies into Audit Policy.
- Finish it up in Logon Audits.
- Select Success and Failure. This will enable Windows to register both successful and unsuccessful login attempts.
- Once it has been enabled, you can view the audits the same way you do for the Home version via Event Viewer.
Computer Intruder Prevention
Now that you know a few ways to detect if your computer is being used without your permission, it may be time to beef up your security protocols. Firstly, no one should be allowed to access your personal property without your permission. This includes close family members and friends. If you think that one of them has been doing so, the first thing to do is ask directly. Disregard the attitude or “stink eye” you may receive. It’s your property and they need to respect that fact.
One of the more major defenses against intruders that everyone learns is to create a strong account password. Under no circumstances should you provide this information to anyone else. Refrain from making the password to simple or predictable and DO NOT write it down. You run the risk of divulging the information to other parties when you leave it exposed for all to see.
Locking your computer whenever you step away is also a great way to prevent a snoop. In conjunction with a strong password that you’ve given to no one, by pressing Win+L whenever you are away from your computer is a solid defense.
Hackers and Remote Access
It’s not only physical intrusion that you’ll need to worry about it, but cyber as well. If you’re connected to the internet in any way, that opens you up to a great many risks in today’s hyper-connected environment. All sorts of daily tasks take place online and with such a level of accessibility, those tasks could be opening up backdoors to malicious intent.
Malware can make its way into the deepest parts of your computer from some of the most innocent entry points. A simple email containing a fraudulent link or trojan horse can lead to severe security breach right under your nose. Cybercriminals can gain remote access to sensitive information stored on your hardware and you’d be the one to let them in. Pretty scary stuff.
Fortunately, there are plenty of remote access detection tools available to help you detect and prevent access to your system, fending off unwanted intruders before they can settle in. They can also help ensure a more ironclad security system has been put in place to stop any future incursions as well, eliminating the threats before they can manifest.
The Basics of Remote Access Detection
Avoid becoming a victim of cybercrime committed through the third-party manipulation of your computer hardware. Understanding a few of the basics in remote access detection will help you in the long run. Addressing this issue should be a priority and done as quickly as possible.
You’ll be able to know when someone accesses your computer as applications will launch spontaneously and independent of your own actions. An example of this would be an overuse of resources, slowing down the speed in which your PC can operate, limiting the tasks you can perform. Another would be an even easier catch, noticing programs and applications running without you triggering the launch.
These are usually telltale indicators of an intrusion. The first thing to do when you detect an intrusion is to immediately disconnect from any online connections. This means both LAN-based ethernet connections as well as WiFi. This will not fix the breach but it will terminate the remote access currently taking place.
This, of course, is only viable when you’re in front of the computer, witnessing the act yourself. Hacking that takes place while you are away from your device is a little trickier to detect. You’ll likely need to perform all previous steps noted within this article. However, you can also choose to use the Task Manager as well.
Using the Task Manager to Detect Access
Windows Task Manager can be used to assess whether any programs have been opened on your system unknown to you. This is true even if the criminal is not currently in the system at the time you check.
To open the Task Manager, you can choose one of three options:
- Press Ctrl+Alt+Del simultaneously to pull up a blue screen with a handful of options. Choose Task Manager from the list.
- You can right-click your taskbar and select Task Manager from the menu provided.
- Type Task Manager into the search field located on your taskbar and select the app once it populates in the list.
Once the Task Manager has been opened, search your programs for any that may currently be in use that you know should not be. Finding any may be an indicator that someone is accessing your device remotely. Even more so if you happen to come across a remote access program running.
Hackers may enable a program to be granted access through your firewall. This is a surefire way to determine if your device is being hacked or not. Any program that has been granted access without your consent should always set off an alarm in your mind. You’ll need to immediately revoke these changes in order to sever the connection that your hacker now has access to.
Head to Windows Firewall from the Control Panel in order to check out the current settings. Once you notice any inconsistencies or abnormalities, immediately remove any changes that have been made, restart your computer, and then run an anti-virus or anti-malware scan.
Done everything in this article and yet you still feel that your computer is being accessed without your permission? You may want to take your device to an IT professional that can help determine intrusions using remote access monitoring software. It may also be a good idea to ensure that your Windows Updates are current and that your anti-virus software is the best for your needs.