Hi there,
First let me say that what you are going through must be a nightmare. Everyone needs to be online these days and you simply cannot cut yourself off from the rest of the world so you've soldiered on, albeit with an element of caution.
There's a lot going on so I'll deal with each of your concerns as best I can, some of it you may have heard before, tried before, and it's not helped but there's a lot of info condensed in your post so apologies if what I'm about to say has been covered already.
Personally I have never worried about someone hacking my PC but I can appreciate why people do. The question I ask myself is what could anyone gain from hacking me. There's a couple of things, banking and bank details being the main one. I subscribe to an online bank that supports Rapport, most do these days but nothing can ever be truly unhackable for the gifted.
Rapport has a high level of encryption and you'd be hard pressed to find someone with the skills to hack it and have spare time and interest to focus on anyone on a personal level. These guys have better things to do. And I don't have much money anyway. Even if they did hack my account then the bank would likely give me the cash back and start their own investigation.
The other way to get bank details is through advertisements, ransomware and scareware scams. By redirecting your browser pages and randomly flashing popups telling you that there's a problem and to buy their software or pay them money to clear the PC is all part of a scam.
Have a look at Autoruns, Security Task Manager and Process Explorer. Personally I prefer these tools as it gives me a more hands on view of my system. It's better than watching a scanner status bar increase without really knowing what it's doing.
The other reason could be to garner personal information to be used against me in some way.
Someone who really wants to get your details and info will try and hide as best they can, they will not give any inclination they are even on your system and try and bypass any security software silently.
So for me I can't logically see why someone would want to gain bank or personal info but then popup a message telling you they are there and watching.
I can't think of any other reasons. I have nothing on the PC that is worth stealing and if they can be bothered looking at my web history then I have nothing to hide. I use email and I wouldn't like anyone in there but again, it's nothing that can be used against me and I like to keep it that way. You could keep your outlook PST file on an external drive and only plug it in when you download mail. If you really want to be safe only read it when the computer connection is offline.
So without sounding too personal, if you have something to hide then I wouldn't be hiding it on the PC. And if you have any personal info you need to work on, do it offline and keep it on an external encrypted drive. Windows has bitlocker encryption which is easy to use. If this isn't enough then there are plenty others available to choose from. No one can hack a computer that isn't online.
Virus software is not 100% no matter how it's sold to you. But, using software and best practice you can quite easily keep your PC clean. In my opinion best practice being the most important of the two; I use firefox with the adblock addon and a real time virus program. I've had 1 virus in 10 years. And that was because I downloaded a piece of software without considering the source.
For someone to gain access to the PC they need to be able to get a piece of software on the PC and they do that through the web or phishing emails, just be careful what you open and click on.
Zero-day is a classification virus companies label a virus that has found a security hole in the av software or OS and has not been detected and named. However, a good virus checker will use real time heuristics to monitor the system and block anything that is acting 'virus like', whether it has a definition or not. Again not 100% but still can be very effective.
https://www.sophos.com/en-us/security-news-trends/security-trends/zeroday-threats.aspx
A rootkit will install itself outside the OS, normally as an actual device and be able to interact with the OS at admin level. Often undetectable by normal software but they do make themselves known eventually, normally used for ransomware or scareware. Again, what info can someone really glean from your PC silently? If you have an answer then consider protecting said info in a different way. Nothing can interact with Rapport without it knowing so your bank transactions are safe from rootkits.
A rootkit does have limitations and is never completely invisible, it still needs to interact with the OS so it will always have an active service, which is it's gateway into the OS an ultimately it's downfall. There are many rootkit detectors available so if it was me I'd try them all. This is a very basic description but what I'm saying is that with the right software you can detect and remove rootkits.
https://en.wikipedia.org/wiki/Rootkit
The email to your son is not difficult to do. Mail providers employ security to stop people being able to send as someone else (spoofing). They call it 'closed relay'. About 10 years ago you could use pretty much any mail server and send as whoever you wanted but now it's not possible with established providers. However anyone setting up their own mail server and forget to close the relay can have their servers used to send unsolicited email.
There are also groups who scan IP ranges and provide details of open relay servers to whoever want to take advantage of them. So it's not really that difficult to find a server to use.
I used to work for BT's abuse department and was given lists of email header information that customers sent in if they had been port scanned, received spam, phishing or malicious email. I'd search BT's Radius for the IP in the header info and, based on time and date, would uncover the user. A letter would be sent to them outlining the steps they should take to protect their server or PC and advise them what would happen if they didn't.
If the IP belonged to another ISP then I would send the info to their abuse dept and they would contact their own user and do the same thing. ISP's don't like people abusing their network like this and can often take a hard line approach. So send the header info to abuse@bt.com and keep sending them if you get more.
This site might help http://btplc.com/Inclusion/ProductsAndServices/Scams/index.htm
To access the PC through networking the routers firewall would have to be bypassed, as well as the software firewall on your PC. There are backdoor programs that can be installed to do this but again, it has to get on your PC somehow, either through phishing emails or the web browser. Software cannot be forced onto your PC through a connection, it needs something that's already there and listening.
Wireshark can detect listening ports but the info that it produces can be overwhelming and unless you know exactly what to look for ultimately confusing and fruitless. Try getting to grips with NETSTAT instead.
http://www.computerweekly.com/tip/How-to-use-a-netstat-command-in-Windows-to-watch-open-ports
As for mobile phones, they can be cloned or hacked (someone usually has to get their hands on it though) so my advice would be limit the personal info you keep on them and if you are really concerned use a landline for communication where possible. I don't have one so I can't really give any advice.
As the previous poster mentioned, only Business customers can have a static IP, if you are a residential customer then your IP will likely change every time you connect and there is no way someone outside the network can know what your personal IP is unless there's something on your PC transmitting it.
The tools I described earlier will also help detect any unknown and potentially malicious software.
If you do decide to buy new computers go for Macs. They are way more secure than PC's and could give you that piece of mind you need.
Hope this helps!
