"Paranoia, or Are Public Internet Computers Dangerous?"

"Paranoia, or Are Public Internet Computers Dangerous?"

© Doug Partridge - All Rights Reserved

I admit it. I'm a bit paranoid, especially when it comes to "public" facilities. For example, an unfamiliar public restroom has my mind racing with thoughts of cleanliness ... and hoping someone enters as I'm exiting (so I don't actually have to touch anything).

The story I have to tell began two years ago while on vacation in Mexico. Rather than enjoy my surroundings, foolishly I felt the need to "stay connected." I found the nearest Internet Cafe. All was well until my tranquility was suddenly railroaded with an *overwhelming* sense of computer security-related fears.

Why?

As all public computers seem to be, this was a Windows computer. From my computer security background, I knew that Windows computers require several security tools and settings for thorough protection against the numerous threats on the Internet. "Out of the box," a Windows computer is not in good security shape.

So, what ripped me out of my peaceful serenity was the sudden realization that I didn't know how many, if any, security measures were applied to this particular computer. Really, when using public computers, how is anyone to know how protected they are?

Cleanliness aside, what exactly are the dangers faced when using public computers?

Of course viruses are always a concern when using unfamiliar computers, but if I could pick one thing to highlight above the rest, it's Spyware. If you're unfamiliar with Spyware, it's quickly becoming one of the most menacing threats on the Internet.

What does Spyware do? The less harmful varieties like Adware observe your web browsing activities and based on this deliver targeted advertising usually in the form of web pop-ups and Spam.

The more serious forms of Spyware like "keyboard loggers" (programs that record everything you type) will sit quietly in the background recording information about you. If you shop or bank online, this kind of Spyware is absolutely your worst enemy.

Public Internet computers are in no way immune to this threat. In fact, the opposite is true.

To cite but one example, I recently read an article discussing how a hacker installed Spyware on several Internet terminals at New York-area Kinko's. Before this Spyware was discovered, this person managed to record over 400 account names and passwords! He even accessed and opened bank accounts online.

OK, I had confirmation. I wasn't just "being paranoid" ... but I now faced a dilemma.

There's no denying the convenience of public computers, especially when away from home. However, acknowledging the serious security risks forced me into one of two choices: *never* use public Internet computers, or try to figure out a "secure" way to use them.

I'll offer what I consider a secure strategy for using public computers.

First off, there are several "high risk" activities I wouldn't do on these computers. I would never use a public Internet computer to do online banking, make purchases, or do anything that involved potentially compromising financial information. Many companies allow you to check your work email account through a web page; again think twice before doing this on a public computer.

A Secure Strategy for Public Computers:

When I'm away, I use public computers for two purposes only:

1. Read favorite websites
2. Check my personal web email account.

To ensure my privacy and security, I do the following:

- Before I leave for my trip, I change my email password to something else, basically anything I'll remember while I'm away.

- As soon as I return, I change my password to a new password, or back to what it was prior to leaving for the trip.

What's the advantage of this strategy?

Since I don't know how secure these computers are to begin with, I realize that I'm taking a risk by using them in the first place. At the same time, I'm mitigating the risk by limiting what I'll do on the computer (i.e. only check personal email and not access any information that would potentially reveal financial information).

In the event that my email account and "travel" password are recorded, I've already changed the password to something else. This strategy has worked well for me, allayed my paranoia, and allowed me to stay in contact when away from home.

Of course, you *could* use this "strategy" for any account and password (think banking, websites with user accounts, etc.). My prudent paranoia just can't allow me to recommend this strategy for anything financial.

Here's to practicing safe computing.