Security on Public Machines?

ThePopeLayton wonders: "I am currently a university student and unfortunately don't have my own computer yet. With all the key loggers and mal-ware out there, what can I do to keep my information secure. I probably log onto 20 different machines a week and changing my password, every two weeks, on all of my online accounts seems a little too much. What can I and other public computer users do to keep our personal information secret and safe?"

Re:public machines and security: non sequitur

[Saxophonist]

If you're a university student, look around for financial assistance to get a machine.

Typically, you can get additional money added to your aid eligibility (for subsidized loans, etc.) one time for a computer purchase. Check with your financial aid department if that interests you.

Password Management

[Lord+Prox]

As far as password management goes try KeePass. Free as in speech and beer, flashdrive friendly, and darn nifty.




Debt is Hell. Get out now.

livecd?

[SillyNickName4me]

I'd think the easiest solution is to get yourself a livecd and boot one of the machines from it. Here is a nice list

Re:public machines and security: non sequitur

[christopherfinke]

If you're a university student, look around for financial assistance to get a machine.

Better yet, check to see if your school's NTS (Networking/Telecom) department sells the computers that have been replaced at your university. At the U of MN, you could get a decent PC for less than $75 or an older Mac for $125.

Public Computers

[mcspoo]

Well, unless you're a conspiracy theorist... Trust your local library. Libraries are increasingly at the fore front of protecting your rights (because no one does that anymore in Dubbya's America...)

As a tech for a local library here, we set our workstations to be usable for just about any means, and all user cookies, cache files, or anything installed erase instantly upon log off or reboot. We're not as concerned about security on the computer as we are about insuring YOUR security as a user.

Don't be afraid to ask the Library about it's privacy policies, and what it does to protect your privacy. A written policy should (in most cases) be available.

On the other hand... DON'T try using a Live CD on a public computer in a library: you're liable to have an angry tech in your face ejecting you from the premises or calling the police. Live CD's on a public terminal can be interpreted as breaking and entering under most Public Access terminal usage agreements. That's another argument in itself, but it's how we'd treat live cd usage in my library.

An actual solution

[theglassishalf]

When I'm on a public terminal I always open up a notepad-like application and then type all the letters in the alphabet into it. After that, when I'm typing a password or something else sensitive, I'll copy and paste individual letters into the password field. This stops keyloggers, makes you no longer "low-hanging fruit," and should solve your problem.

-Daniel
Ownyourphone.com. Custom ringtones, cheap and easy.

buy a machine

[gEvil+(beta)]

Assuming the school is doing a good job of maintaining those machines, you won't be able to boot off a live cd or usb thumbdrive or anything. In which case I'd say your safest bet is to get yourself a cheap machine.

A few weeks ago I ordered a refurbished HP Athlon64 3500+ machine from ecost.com. Total cost was $401 after shipping. It had a few mobo screws rattling around in the case when I got it, but after putting those back in place, I haven't been able to find a thing wrong with it. You'll need to supply your own monitor, but that shouldn't be hard to come by. Even a broke college kid can manage to scrounge up 400 bucks after a little while.

Windows Live CD

[TubeSteak]

Roll your own WinXP Live CD: http://www.nu2.nu/pebuilder/

If you poke around the various torrent sites or mIRC, you should be able to find pre-made ISOs.

Anyhow, this way you won't get any strange looks from non-techies who become suspicious of anything other than the normal Windows GUI. And you can even run as Administrator.

a live cd + USB thumbdrive and you'll have all your files & settings to go.

Use your own programs

[andy753421]

Load firefox onto a flash drive and keep all your passwords stored (encrypted) on there. You'll still have to type a master password, but if you make that something that you dont use anywhere else it wont matter.
Another thing to do might be to find a SSL proxy server and use that for all your browsing, that should prevent packet sniffing, but someone *could* still be monitoring the RAM for passwords and such.
You'll never get it entirely secure, so if there's anything really important just borrow one of your friends computers for a few minutes.

KeePass?

[natmsincome.com]

If I was in your situation I'd put KeePass on a USB stick and carry that around with me.

It is able to enter your username and password in such a way that key loggers can't pick it up.

Have a look and tell me what you think.

http://keepass.sourceforge.net/

Get a Computer

[hahafaha]

Seriously, they are really not that expensive. Dell has brand new notebooks starting at $499. eBay has more and cheaper. Seriously, you could easily get a decent compy and install GNU/Linux on it for $300-$400.

Portable Firefox

[ScaryFroMan]

Try running Portable Firefox off of a flash drive, or even Damn Small Linux. Then you can keep your browser cookied so you don't have to enter data into forms. Not a great solution, but still better than the basic IE on whatever you're using.

Of course, you could also just try using a Mac whenever possible. That would at least trim down the number of possible dangers.

clear history / logout

[Danny+Rathjens]

Noone seems to have pointed out the obvious. Look for an option to "clear history" or "logout" when you are done using a public kiosk. (I know my company's kiosk software has the feature. I'm sure some other kiosk software have similar options, albeit not running a secure linux kernel like us.
(yeah, yeah, shameless plug for firecast. :) We actually do a complete browser restart to be sure everything starts from scratch; no saved history, cookies, cached images/css/js, etc. and also have an idle timeout which does the same.
Of course, there is no way to protect from a boot and root and someone running their own software without well secured hardware, but at least being sure to logout protects you from the more likely problem of someone else using the machine right after you.

My, um, friend, used to gain extra cpu time for MUDing by walking in to the university lab and being greeted by a prompt. ;) (yes, they used to limit cpu time per user way back in the 90s and our login names were our social security number with just the last digit swapped for a letter)

Re:blackdog linux portable server/dongle

[jascat]

Does it require you to boot to it? Most public terminals would have such things disabled.

Re:blackdog linux portable server/dongle

[dr_leviathan]

I spoke at length with an Expo rep at Linux World last year about the blackdog. This is what I remember....

No, it does not need to reboot the terminal. The gadget shows up as a USB drive. You then start up an app (or it is automatically started on connection if that is enabled on the Windows terminal) which runs a virtual server on the host terminal that acts like a virtual DHCP VPN X-server router box. The blackdog then uses the host's virtual router for all of its network traffic.

Since the host is now running an X-server, you can run all of your applications on the blackdog but have them rendered on the host screen. None of your document data ever lives on the host.