What Not to Do on a Public Computer
Parts 1 and 2 of this series focused on how to protect your computer and your information. The focus of this post is to cover how to protect your information and security when using a public computer such as those at Internet cafes, hotel business centers, airline clubs and public kiosks.
There are three major concerns when using a computer you don’t control:
Having your information intercepted while you’re working. This could be from a keystroke logging program hidden on the computer or data interception on an insecure network.
Leaving behind information that a subsequent user can steal; or
Having the files or accounts you access compromised by malware on the machine you’re using.
The first is probably the most out of your control, especially the risk of keystroke logging (recording the actual typing you do on the computer; a very good way to steal account passwords). Standard security software can guard against this on your own computers; there is a nice writeup on InternetSecurity101.com. But it’s not so simple on a public machine.
You can visually check for a hardware logging device – if there’s an extra unknown device between the machine and the mouse or keyboard cable, then assume your keystrokes are being logged.
Short of installing your own security software, which is probably not going to be allowed, there is little you can do to detect software keystroke logging. You can thwart it to some degree by using the mouse to vary the order in which you enter characters in your user name, password or account number.
Use common sense to protect yourself. Do you really need to check your bank balance right now if there’s a chance your login details will be stolen?
To guard against data being stolen off the network consider using VPN software, or software that passes data in encrypted form, or encrypting files before passing them across the Internet. Keep in mind that while these techniques can protect your data your login details may still be vulnerable.
Protecting yourself against leaving information behind is easier to do.
Be sure to erase any files you download – that means deleting them from the computer, not just moving them to the trash or recycle bin. It’s best to empty the recycle bin when you’re done working.
Before you close the browser on a public machine use the browser’s own tools for erasing browsing history, tracking cookies and temporary files. The choices to do this vary a bit with the browser version but it’s generally under the Tools menu choice.
Finally, consider if you may be compromising your own systems from what you do on a shared computer. If you create a document on a virus-infected computer and then upload it to a shared document system (Quickr, Sharepoint, etc.), or to a company shared folder via your VPN, that file can then infect the next machine that opens it if that machine doesn’t have adequate protection. Using remote control or shared desktop solutions, such as pcAnywhere, GoToMyPC or Windows Remote Desktop, also risk spreading a virus or other malware from the computer you’re using to the computer you’re accessing.
Google Docs may provide a good way to protect yourself here. When the file is uploaded into Google Docs it is converted into their proprietary format, presumably losing any virus affecting the file. You can safely access the file via Google Docs from any computer and then download it to your desired format on a computer you control. (Google Docs is not very precise as to what features are retained on upload. You may to experiment if you’re concerned about macro viruses in Office documents.)
Unfortunately there are many more warnings in this area than there are good practices to protect yourself. You need to rely on having strong passwords – and preferably frequently changed passwords – and good security on the machines and accounts you do control to minimize the risk that a problem with the shared computer will come back to bite you.