Browser

10 things you should do to protect yourself on a public computer

Most of us will occasionally have to use a public computer for one reason or another. Unfortunately, using public computers carries an inherent risk of exposing personal data. Here are some things you can do to protect yourself and lessen that risk.

Most of us will occasionally have to use a public computer for one reason or another. Maybe it's an emergency situation (your own computer crashes or you get caught without your laptop when traveling) or perhaps the opportunity is just too convenient to pass up. But whatever your reasons, using public computers will always carry an inherent risk of exposing your personal data. Here are some things you can do to protect yourself and lessen that risk.

Note: This information is also available as a PDF download.

#1: Delete your Browsing History

This should be the first step you take to protect your privacy when Web surfing on a public computer. When you've finished browsing, it's a good idea to delete your cookies, form data, history, and temporary Internet files. In Internet Explorer 7, you can do this all at once under Tools | Delete Browsing History. In older versions of IE, each of these must be deleted separately, under Tools | Internet Options.

In Mozilla Firefox, go to Tools | Options, click the Privacy tab, and select Always Clear My Private Data When I Close Firefox. By default, this erases your browsing history, download history, saved form information, cache, and authenticated sessions. Click the Settings button and select the options to erase your cookies and saved passwords, too.

#2: Don't save files locally

When you're using a computer other than your own, even if it's a trusted friend's machine, it's polite to avoid saving files locally if you can help it. This is basically equivalent to not cluttering up another person's home with your junk. On a public machine, though, this goes beyond politeness and is an important security practice. Many of the files you would normally save locally, such as e-mail attachments, can contain private or sensitive information. An easy way to protect this data is to carry a flash drive and save files there when necessary. It's also a good idea to attach the flash drive to your key ring so you'll be less likely to misplace it and create a new security problem.

#3: Don't save passwords

This should be obvious when using a public computer, but if the option is already turned on, you might forget about it. To make sure passwords are not saved in Internet Explorer 7, go to Tools | Internet Options | Content. In the AutoComplete panel, click the Settings button and verify that the Prompt Me To Save Passwords check box is deselected. None of the other AutoComplete features needs to be enabled either, so deselect them as well. In Firefox, choose Tools | Options | Security and deselect Remember Passwords For Sites.

#4: Don't do online banking

You should remember that ultimately, a public computer is never going to be anywhere close to completely secure, so there are some things you just shouldn't use them for. If you really need to check your balance on the road, you're much better off finding a branch office or ATM or using your phone.

#5: Don't enter credit card information

As with online banking, public computers are not the place for online shopping. Your purchases from eBay or Amazon.com can and should wait until you can browse from a more secure location. A little added convenience isn't worth the trouble of having your credit card hijacked.

#6: Delete temporary files

Temporary files (often abbreviated to "temp files"), as opposed to temporary Internet files, are created when you use programs other than a Web browser. For instance, when you create a Word document, in addition to the actual document file you save, Word creates a temporary file to store information so memory can be freed for other purposes and to prevent data loss in the file-saving process.

These files are usually supposed to be deleted automatically when the program is closed or during a system reboot, but unfortunately they often aren't. To find these files, do a search on all local drives (including subfolders, hidden, and system files) for

*.tmp,*.chk,~*.*

This will bring up all files beginning with a tilde or with the extensions .tmp and .chk, which are the most common temp files. Once the search is complete, highlight all and Shift + Delete to remove them. (If you don't hold down Shift, they'll usually be sent to the Recycle Bin, which you would then have to empty.)

#7: Clear the pagefile

The pagefile is the location on the hard disk that serves as virtual memory in Windows. Its purpose is to swap out data from RAM so that programs can operate as if they have more RAM available than you actually have installed in the computer. Anything that can be stored in memory could also be stored in the pagefile. To have this automatically cleared on shutdown, you need to use Local Security Policy.

To access Local Security Policy, open Control Panel, double-click on Administrative Tools, and double-click on Local Security Policy. Then, click Security Options in the right-hand pane and scroll down to Shutdown: Clear Virtual Memory Pagefile. Double-click that item and make sure it's enabled.

Note: On many public machines you won't have the rights to get to Local Security Policy, and while this task can also be accomplished from the registry, on these machines you likely won't be able to use regedit either. In this case, you can delete the page file manually. First you'll have to change the settings in Windows Explorer. Click View | Folder Options and the View tab, then scroll down and click Show Hidden Files And Folders. Deselect the Hide Protected Operating System Files check box. Now, find the file named pagefile.sys. It is usually (but not always) on the C: drive. Delete it; a new one will be created when the system reboots. Speaking of which...

#8: Reboot

When you're finished using the public computer, the final thing you should do is a hard reboot. This will not only clear the pagefile, if you've enabled that option, but it will also clear out everything you did from the physical memory (RAM).

#9: Boot from another device

This is a fairly advanced option, and one that is often overlooked. If you boot from either your own USB drive or from a CD, many of the problems mentioned above can be avoided. Today, many Linux distributions have the option of running completely in memory after booting from a CD. If a public computer has had its BIOS options left at default (which happens more often than you would think), this could be an option. If you are able to do this and remember not to save any other files to the local hard drive, everything will be gone when you reboot.

#10: Pay attention to your surroundings and use common sense

Finally, you need to remember to pay attention to things outside of the actual computer that could be a risk. Be aware of strangers around you (potential shoulder surfers) and remember that a public computer is just that -- public. Don't view any truly sensitive documents you couldn't bear for others to see. Remember the security camera over your shoulder. Cover your hands from view when entering any login information to prevent any casual spying.

Most important, remember that there is nothing you can do to make a public computer completely secure. A truly malicious owner or user could install a hardware keystroke logger that would be impossible to detect without actually opening the case and inspecting it. With that less-than-comforting thought, use common sense and use public computers only for nonsensitive tasks.


Kris Littlejohn is a graduate of the University of Texas at Dallas, distinguished by its large population of nerds and lack of a football team (almost unheard of in Texas). He builds computer systems, does network consulting for small businesses, and teaches chess. He grew up in a home that had four times as many computers as people and has been trying to tame the beasts for most of his life.

About

Kris Littlejohn grew up in a household of tech writers and has been playing with, building/disassembling, and writing about computers and other gadgets from an early age, including a number of articles for TechRepublic.

9 comments
dobi2009
dobi2009

Thanks for such great lists. I also believe having a backup is a good way to prevent data loss. Especially online backups because external HDD could be damaged as well. I use SafeCopy backup, www.safecopybackup.com, to backup my iPhone as well as USB drives, share files and backup both my Mac and PC with one account. It's a very nice product and a good way to keep my files safe.

daret0273
daret0273

I hv tried some of this things which am sure they really work, I mean they are protective.

The Listed 'G MAN'
The Listed 'G MAN'

You dont have the access rights to do most of these on a public computer. If you did then the public computer would be even more a danger than it is!

grad2010by
grad2010by

Wow just use the iPhone like I am now and forget the hasle

Neon Samurai
Neon Samurai

hehe.. I couldn't resist. Seriously though: 11. user portable applications and realize you are in a free fire combat zone firefox, thunderbird, putty, winscp, keypass are all available as portable applications meant to run from a USB drive or the folder they are uncompressed into. No install to the local hard drive, no temp files, caching or cookies on the local system. Obviously, you need to be aware of how you are connecting and what you are doing. If you have to check your banking, ensure your using https. If you just can't live without your email, ensure you are using imaps or pops. Never connect to anywhere you don't need too and avoid unencrypted protocols in all but where http is your only option. keypass will hold your unames/passwds in an encrypted database on your flashdrive. It'll confirm with a passphrase when you open it. You can then use it to paste in your credentials on websites you can't go without loggin into and checking. The enrypted https/imaps/pops/ssh protects your data between you and the server. The use of keypass protects your uname/passwd from any keyboard loggers that may be installed. I'd recommend a USB card reader and SDIO card with write-protect physical switch set. If you are lucky and can find a USB flashdrive with a physical write-protect switch; that works too. Prey that there is no screen capture snoopers installed; hope, beyond hope, that the person in charge of maintaining the public computers is not oblivious. Unfortunately, technically astute staff managing the coffee shop public terminals is not usually the case. Use the machine as if you have twenty strangers standing behind you watching your discussion with your girlfriend/boyfriend and each key you press because you do even if you can't see them. If you don't have to do something right then and there; save it until you are on a trusted system. If the public computer is running Windows, there is too much potential for bad configuration, malware and plainly blatant ways for anyone minimally motivated to take control of the system. If the public computers are run by someone more astute, you may be greater with a friendly Linux based OS desktop. Your out of luck with the portable apps and still shouldn't be doing banking, email or anything else personal but there's a higher likelyhood that the system is more secure, malware is nonexistent and any keylogging is only done by the system administrator. A recently read example was a university registration office with a bank of four computers. They required the potential student's SSN and other personal information. There was no indication of where "survey" and application information was sent though it was not sent encrypted. The computers where wide open; anyone who wanted to install software, harvest cookies/cache or any other malicious criminal activity had no risks. This is basically my own additions to the general recommendations from any Hacker and in many Hacker written articles. Hackerdom is here to help the user and improve the use of technology while enjoying the learning process. Oh, and don't forget your finger condoms. :)

Neon Samurai
Neon Samurai

I rarely have any reason to look at public terminals other than personal interest in the machine itself. Sadly, I often find that the user does have the rights to do a lot of this stuff still around these parts.

Neon Samurai
Neon Samurai

Bah.. use your iPhone if that's what you got.. or use your N800, Blackberry or whatever network capable mobile device you have. In some cases, the small screen of even the iPhone doesn't work as well as a full 15 inch screen though. Admittedly, the article was probably not targeting the person who already has these gadgets. The iPhone also wouldn't account for areas where wifi is available but your cell network may not be. If one is travelling, internet cafe's may be the only option available. But my question, how are you finding the encryption on the iPhone? Does it support encrypted protocols for all your entwork functions such as https, imaps, pops and ssh for telnet/ftp type functions? If your using unencrypted protocols then your data is wide open as soon as the little radio broadcasts it.

The Listed 'G MAN'
The Listed 'G MAN'

I remember a while back (few years) when setting up some public access computers we used terminal services with a thin client. After every session all data was cleared for the next user. It worked quite well unless you were stupid enough to logoff the PC when using it and still expect your data to be there. There was also the odd issue if the session crashed then data would be lost. I also noted around this time some users expecting a public computer and backend firewall to let them access all sorts of web services on random ports. Mostly this was the business user connecting back to the office. Needless to say we would nor & did not modify the firewall for every Joe that walked through the doors. What would have been be handy however is a system that allows you to query the technical user when buying a session on any special outgoing ports that are needed. From this you could have some kind of session firewall service related to that user session or IP (if a PC is used). Not sure if such things exist however.

Neon Samurai
Neon Samurai

Well, unless you where running a packet aware firewall. If the firewall simply blocked ports then I'd route my ssh session out through port 80 or whatever the open rule was. No adjustment to the firewall needed and I'd be running my own software from my home machine so a disconnection or crash would simply be resolved through the normal process. (blew my mind when I had a lost connection from a thin client and had firefox ask if I wanted to restore the session the next time I was at my desktop directly.) Now, if your firewall checked packets and blocked protocols or content rather than just the port to be used; things get a little interesting. ;)