Experiences of a Hobo Security Consultant

by eyenot

Sometimes, when your life lacks direction or purpose, it's good to take a break.  In my case, it was good to take a nearly 12 year break from things like a job, bills, responsibilities, or a home.  I was getting allergic to mold anyway.

There's a lot you can do to survive without any income or any home.  Almost any city you find yourself in has one of two kinds of homeless shelters: notorious or secretive.  The secretive kind are usually reserved for battered women or sensitive families in emergency situations.  The notorious kind are usually crawling with people who receive some form of fixed income, but aren't spending it toward a living situation, but rather a lifestyle.

The worst case scenario I ever found myself in was when I visited the northwest to study the anarcho-primitivist enclave there.  I arrived too late - they had been arrested for burning several SUVs and a postal truck, and were among the first U.S. citizens to enjoy the new laws against "terrorism."  So I got to sleep under a perfectly nice bridge with perfectly fine intellectual hippy types instead of in a shelter.  Nothing I hadn't done for years by that time - but in a strange town, it's a bit unnerving.  Luckily, some hippy had filled their rather copious medical marijuana prescription.

Myself, with no mental or physical ailments, disabilities, or disorders - and having no felonious or serious criminal history, and being entirely able-bodied and well-minded - I faced a lot more challenges on the streets than most people.  Most of the homeless people you meet are collecting some kind of money for something being off about them; they just don't know what to really do with the money.

It was unusual just 12 years ago to see a homeless person with a smartphone or a computer of any kind.  Such items realistically offer a destitute person little more than a potential crosshair on their back.  And when cell phones of the lost, found, and stolen variety are easily sold on the street for as little as $5 to $20, you can be sure that being seen with an expensive gadget makes you look like a quick fix to your fellow destitute hustlers.

Then, about six years ago, laptops started showing up in the hands of some homeless people in the United States and, most surprising of all, started staying in the hands of their owners.  Maybe this has to do with computers being seen as more of a burden than smartphones, on the heels of smartphones becoming ubiquitous instead of frivolous.  A laptop is a magnitude more difficult to prize, to run away with, to pawn, to sell, or to ditch than a smartphone is.  And, of course, it's more a burden from the owner's perspective as well.  Especially if you don't know how to use a computer.

And, as luck would seem to have it for anyone who can repair computers but finds him or herself down and out, most fellow bums and hobos don't understand how to operate computers.  At least you would think that this fact coupled with the increasing appearance of expensive gadgets around the campfires and "day room" tables would spell lucky money for risky entrepreneurs.  As it turns out, it's just a huge headache.

Even if you aren't homeless, doing computer repair work on a walk-up, on-the-street basis is hell.  The major nuisance is competition.  The (((Hollywood))) imagery of "hacking" is prevalent within the imaginations of the United States populace.  Even among my new college peers, the "Holly-hack" image supersedes anything else you try to say to them about topics like programming or security, so just imagine the uneducated masses.  Easily nine out of ten people on the street who "can fix your computer for you" are going to beset you with a nightmarish conflagration entailing two or more actively scanning anti-virus/malware programs, a handful of "cleaner," "doctor," and "speed up" software, as well as some Trojan or spyware of their own sly choosing.

So, being the street equivalent of "white hat" isn't that hard.  Just genuinely clean a person's computer, install half-decent free anti-virus and anti-malware software in a configuration that the softwares find conducive, and then test the defenses legitimately.

The great thing is that there are numerous free end-user titles to choose from to help you out.  Smart tools available from Sysinternals go a long way towards fixing Windows XP, Vista, and 7 systems.  Your client may or may not especially enjoy if you replace their regular "Task Manager" with "Process Explorer," though if you have to walk them through something on the phone you can have Process Explorer already set up with your preference of columns.  Some Gibson Research tools are still very useful.  If your client is trying to micromanage their "friends'" use of the laptop, SteadyState is still a workable solution.  WinPatrol is helpful for long-term clients.  Baseline Security Analyzer is a must-have for its ability to fix the "Windows Update" scheduler when it hits a hiccup - clients with frequent signal interruptions over slow Wi-Fi will be grateful if you manage to rescue them from an update loop.

However, the various free anti-malware utilities always leave me scratching my head.  The most popular virus scanners are for-pay but are notorious resource hogs with morally objectionable definitions of "uninstall."  Then we find the free scanners and again the most popular ones (or at least, the ones that computers brought to me typically have installed) are also clingy and suspicious-acting.  Then when you think you've found a nice product, they go and change on you, so you're always looking for the best combination of things.  I've found one active scanner and also one passive scanner activated by a time-triggered event is the best combination.  But a client's computer isn't a good ballroom to discover which crippled free active scanner is a suitable dance partner for your favorite heuristic defense engine.  Most street business entails one thing and one thing only, and that's getting their computer running "fast," "again."

As an aside, another nice "white hat" thing to do is walk onto the scene at one of the local second-stores operated by a charity non-profit organization, and offer to create and maintain a computer department for them.  I was successful with this as a means of earning my keep at a homeless shelter that demanded an hour of verified volunteer work in exchange for every night I slept under their roof.  I managed to pump computers out at a pretty fast rate, especially since they were all mostly built for XP and their cases still had valid product keys on them.  Of course, the product keys are useful even when you are parting a machine out and throwing the case in the scrap heap.  There are other fringe benefits of such a position.  And just because you haven't seen such an operation, don't imagine it can't be done.  Trust me, the rural, semi-rural, and suburban areas around you are chock full of computers that somewhat intelligent people detect are too valuable to just be "thrown away."  "Maybe some poor people can make good use of the computer.  I will donate it to the second-hand store owned and operated by a non-profit charity."  Try to convince the management to take any old or new computer, indiscriminately.  If anything, busted-up old hard drives still yield those amazing rare Earth magnets, which are great for hanging tools from in the amazing, magical workshop you've set up.  But I digress.

To continue on, you then explain to your street client the trouble with browsing, downloading, and running things as Administrator, and set them up with the "User" account.  Oh, now we're getting somewhere.  And get them to learn and stick to a regimen of not doing things to directly attack their own computer.  Ah, exactly: now we've arrived squarely back at "work" but you're only going to get between $5-$20 for it.  And it's work you'll be doing with them over your shoulder, and in one spot, for upwards of a few hours.

And we all know the education can't stop there.  I once sat down with the ostentatious ambition of writing "Ten things you have to know about computers," which quickly became "25 things," and when I hit a weird number like 34, I decided to just make a thorough list.  I concluded with 80 things I wished every one of my clients already knew about computers (or else would learn).  Who has the time when your clients don't listen because they don't truly care, even to the same one single item at a time for weeks and weeks?

Sure, there are things that you can do to make the "work" easier on you.  You can give the client a bulleted list of finishing-up tasks they can complete on their own.  Or can they?  Maybe they'll be capable of using the "Uninstall a Program" panel to remove an annoying or potentially unwanted toolbar.  Or maybe they'll just say they will - while secretly they covet their precious little browser doodad that they successfully installed all on their own.  And they'll become silent for a few weeks while they enjoy their precious, forbidden little spyware you insisted was malicious.  "Grandma's Recipe Organizer."  *Sniff*

And maybe they'll be capable of updating the newly installed scanner and performing a full scan.  Or maybe they'll attempt the update without making an Internet connection first because McDonald's shooed them out, and maybe they'll feel like the scanner is taking too long and hit abort because the police were pulling up to the park bench.  In which case, when you try to follow-up with them, they'll tell you "It didn't find anything!"  (Ting!)  They have other things to do and can't always make it to a hotspot or find time to sit in one place for an hour or two while not being entertained.

And when you get tired of them bringing the same computer to you with the same problem, and you smell something fishy and ask them if they let anybody else use the Administrator account, they will spill the beans and admit they let their nephew (or their fellow addict) "fix some problems" with it.  Oh, here we go, again.  "What kind of problems?  It was fine when you left me."

"Well, you know.  It started running slow.  A-gain."

"When did it start doing that?"

"Right after I let my 'nephew' use it to chat online."

"The same nephew who then offered to fix it for you?  Can you remember if you typed anything sensitive after he started using it?  It's kind of important."

So, eventually, you start to add a bulleted item at the bottom of the list: No Outside Consultancy.  But that doesn't work, because now you're insulting the person by what appears to be an ultimatum.  It's one thing to really represent a lifeline to a company who has no option but to honor such an agreement.  But on the street, to America's special and sensitive population, you're just another computer person.  They have no idea what the hell you're doing and have no reason to trust you any more or any less than the next "computer guy."  Frankly, you'll eventually lose the respect of people whose respect you can't afford to lose, just because you're the only "uptight" computer guy out of all the rest of the pretenders, and the rest are schmoozing while you're accomplishing nothing but to make your clientele grow increasingly uncomfortable with you.  Especially when that enemy you're warning them about is one of their closest friends, or worse, their family.

There are, of course, some pieces you could play to win the game against those who are attacking your client's computer.  But they're extreme moves.  You could lock your client entirely out of administrative privileges, for example.  I tried this.  "You sure this is all you want installed and you're completely content?  Here we go.  Now only I, your consultant, knows the Admin password."  But they will eventually forget why you said that was important, or they will want another piece of software installed, and they will take it to another consultant, and that consultant will either just Ophcrack the account password or else wipe and install with a compromised copy of Windows they torrented.  The client won't come to you to change the setup, because they don't want to supersede your presumptuous appearance of authority, but they don't exactly like your genuinely necessary position of authority, either.

Or you could rootkit your client's computer.  But then you're not strictly white-hat (depending on your philosophy) or, at the very least, you're just overcomplicating the matter.  What else are you going to do?  Set up a honeypot and a LoJack?  If you had a server to dedicate to the cause, you could even maintain your own levelheaded, nigh-impenetrable dragnet over all the computers of the gentle salt of [your city here].  Yes, to the tune of decreasing amounts of money (wow, $5/3 per hour!) while people on the street gripe to each other of what a stick you have up your ass.

When it comes down to it, there isn't anything to gain from street level computer security consultation.  The money isn't there, the respect isn't there, and even the experience of educating people and doing a good deed goes unfulfilled.  That warehouse I worked in?  They kept taking up all my time, insisting I should try to repair and resell used and discarded printers.  They didn't want to listen to the hobo ranting and rave madly about how he worked for several years in new and used computers and electronics and that if there's anything you don't do, then you don't do used printers.  I tried to tell them that they couldn't keep installing XP forever, but they weren't eligible for Microsoft's free OEM offers to charities because they discriminated against sexual orientations.  Because God.

The department was eventually deemed unprofitable and was shut down.  I managed to decently train three novice repairmen and to successfully bring a formerly knowledgeable ex-con up to snuff and make him into a fully-fledged secure end user and modern-day computer repair person.  But the "eBay" department, which consisted of an insane hoarder who didn't understand the real meaning of "mint condition," was deemed more important.  She told everybody she was a "computer hacker" and a "computer expert," but when she infected her own computer with a virus and I pointed out her incompetence to the management, she rallied every day to have my section shut down and spent every hour trying to get on my nerves.  Eventually, I gave up my only means of keeping shelter, and quit.  The "Holly-hack" is like The Nothing of The NeverEnding Story.

Hobo security consultant?  Depending on if the economy is worsening or improving, (consecutively) your time would be better spent trying to write the next Steal This Book or The Joy of ... [insert some thing that gives you joy but is outdated, here.]

(In my personal story, I eventually shook my head sadly and decided to go to college in pursuit of a Ph.D. in computer engineering.  In retrospect, if I had made that decision sooner in life, it would only have been for the better.  However, there is no other lifestyle to rival homelessness in offering instant gratification of the need to feel carefree, to relax, and to take it easy for a while.  As long as you can handle the street environment and relish being a literal bum.)