Remote threats

I’ll assume that by now you’ve been scared witless by the various adware, spyware and virus threats that have attempted to take over your PC in the past year. Some of you, no doubt, use Macs for the lure of safer surfing.

You’ve doubtless learned by now that your laptop is in danger when you connect to public Wi-Fi hotspots (Why, Microsoft, won’t you allow us to automatically turn off exceptions in the XP Firewall for unsecured access points?). What if you don’t have a laptop? Clearly, you turn to public computers in cafes and libraries. At least you’re not pushing your private data for the world to see, but there are still dangers – potentially huge ones.

The Old Concerns

Safe surfing on public computers has long been a challenge – one that most people don’t give a lot of thought to. Fortunately, “modern” browsers (I suppose that means those released or updated in the last week or two) in conjunction with more careful design by website owners offer some protection against leaving your passwords and credentials behind for other users.

Safer browsers notwithstanding, you should always keep an eye out for yourself when using a public computer.

Close the browser when you’re done surfing. This prevents the next guy from just hitting the back button to see where you’ve been – and possibly have access to any sites you logged in to.

Any time you enter logon credentials, double check to be sure you didn’t elect to have the browser “remember” you.

If you logged on to any banking sites or sites that store personal information like your address, social security number or credit card numbers, double check to ensure the browser didn’t remember anything by closing the browser and trying the sites again before you leave.

If at all possible, clear the browser cache before you leave. Most responsible web cafe operators set their browsers to do this whenever they close. Many don’t. You may not be able to do it, but it’s worth a try.

The New Threat

By now, you’ve probably encountered at least one form of spyware. Using every imaginable exploit in Windows, malicious authors have crafted tools that install themselves on your computer and report back on your habits (or passwords, or bank accounts) to the author. As I said at the beginning, I’m sure that you are a responsible web citizen and use one (or more) of the many free or commercial tools to keep your computer free of these pests.

Does your web cafe? Can they?

While scanning tools are frequently updated to remove spyware, new problems arise in web cafes. An ambitious hacker can craft his own keylogging software and manually install it on a public computer. Even if the computers are wiped clean every night, that’s still a great window of opportunity for you to crash into.

How do I protect myself? Can I?

If at all possible, avoid using public computers to access any information that you wouldn’t want your mother to read about in the paper. If you need to access your company’s website to do your job, have your company look in to authentication tokens to be used in conjunction with traditional user-name/password login credentials.

Banks are beginning to move toward issuing similar tokens to their customers who access their accounts through the Internet – and this is a very good thing. With any luck, there will be some standardization so you won’t need 15 different keys, but the focus on security is long overdue.