Q: I heard someone call your radio show saying that all public Wi-Fi is completely unsecured and anyone around you could easily see anything that you were doing… is this true and, if so, what should I be doing to protect my computer? — Nathan
A: The convenience and relative low cost of wireless technology has helped foster a huge network of over 100,000 U.S. public Wi-Fi ‘hotspots’ specifically designed to allow anyone to freely connect and access the Internet.
The fact that anyone can connect also means that those with malicious intent can be lurking as well.
While I agree that there are security risks when connecting to public Wi-Fi systems, I wouldn’t say that ‘anyone’ around you could electronically ‘see what you are doing.’
In order to intercept your transmissions, a fellow user would have to install special software called a ‘packet sniffer,’ which secretly copies unsecured packets transmitted on the same network or create a ‘man-in-the-middle’ exploit to trick you into connecting directly to their computer instead of a Wi-Fi access point.
Packet sniffers are readily available on the Internet and any motivated 14-year old could figure out how to use one, but that doesn’t mean that everyone around you has one.
The other issue is even if they can see what Web site you are surfing while you are at the airport, no harm is done unless you access your e-mail account, an online banking site, or other normally secured resources on the Internet.
Secured sites on the Internet will show up as ‘https:’ instead of ‘http,’ so if you do need to type sensitive information into your computer, make sure you are doing it on a page that has the ‘https:’ prefix so your transmissions are being encrypted.
Sadly, many Web-based e-mail systems have a secured login page, but once you get past it, the rest of the pages are not secured. The easiest way to tell if your webmail system is secure at all times is to log in, then go to your inbox and see if the ‘https:’ remains.
If your webmail does not encrypt pages after the login screen, then you need to think twice about using it on public Wi-Fi networks without adding additional security software, such as VPN (Virtual Private Network) software (more on this later).
To avoid the ‘man-in-the-middle’ attack, be very careful to look at the icon next to each available connection when you are attempting to connect to a Wi-Fi network. A fake Wi-Fi connection will appear as two computers instead something that looks like an antenna.
This type of exploit is especially prevalent at airports or hotels that charge for Internet access. Hackers will set up something that looks like a free alternative to the pay services, which causes folks to try them first.
For most users, if you connect to anything and get Internet access, you don’t think anything of it and continue on with your business, which is exactly what they want you to do.
Windows XP users can change a setting in their wireless network adapters to tell Windows not to allow connections to ‘Ad Hoc’ or machine-to-machine networks (Vista users by default have this turned on). Step-by-step direction for XP users can be found here.
The ultimate security for road warriors comes in two options: pay for a cellular based data service or use VPN software to protect everything that you type in public.
There are a number of free and low cost options for personal VPN software, but it’s important that you understand the differences before making a decision. Free systems monitize the service by taking over your browser and adding a banner ad to everything that you do. In addition, these free services make money by giving advertisers targeted audiences, which means they will be tracking everything you do. If you want true privacy, don’t consider a free VPN service.
If you only need to secure your system for a short trip, companies like SurfBouncer offer weekly or monthly options starting at $4.99 a week.
If you are on the road a lot more often or deal with lots of secured access while on the road, Witopia offers services starting at $39.99 per year that work with both Windows and Mac as well as many handhelds such as iPhones and Windows Mobile 5 and 6 devices.
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to CNN.com
Host of the award-winning “Computer Corner” radio show