locked
Wi-Fi Security at "Hotspots." RRS feed

  • Question

  • Dear Sir or Madem,

     

    If I go to a public place where they offer free Wi-Fi access to the Internet, will Windows Live OneCare protect my computer from potential security threats, or are there other steps that I need to take?

     

    Thank you,

     

    Bennie 2

    Saturday, April 12, 2008 11:08 PM

Answers

  • When WLOC detects a new network, it gives you the option of setting it up as Home, Work, or Public Place.  Just select Public Place and it will adjust the firewall accordingly.

     

    Sunday, April 13, 2008 12:41 AM

All replies

  • When WLOC detects a new network, it gives you the option of setting it up as Home, Work, or Public Place.  Just select Public Place and it will adjust the firewall accordingly.

     

    Sunday, April 13, 2008 12:41 AM
  • Dear Mitch,

     

    Thank you for your prompt response. I didn't realize that Windows Live OneCare was structured to handle a Wi-Fi site. I thought I'd have to buy some addtional software for my laptop.

     

    An article I read on the wi-fi.org website talked about how dangerous it was to do, say, online banking at a public Wi-Fi location. The experts mentioned in the article, and in similar articles that I've read in the last couple of days on various websites, the experts seemed to unanimously agree that things like online banking are just plain too risky to attempt at such places. Are you, or anyone else reading this, sure that OneCare is up to the task in this regard? Soon, I'll be without an Internet provider, so these public Wi-Fi hotspots were to be the only way to accomplish my sensitive online transactions. 

     

    I asked a librarian the other day about the library's advertised free Wi-Fi hookup, and she mentioned that different Wi-Fi spots can have different security measures of their own in place, and that sometimes you may be asked to turn off your computer's firewall, for example, so as not to conflict with the Wi-Fi spot's built-in security features, in order to obtain the free Internet connection they offer.

     

    So, does all that sound correct; and, if so, are there Wi-Fi locations you know of that are more secure than others? Also, have you heard of Wi-Fi locations where you can pay some minimal fee for x-number of minutes online, that would assure you a secure connection while you're on the Internet?

     

    Thanks again,

     

    Bennie 2

     

    Sunday, April 13, 2008 1:26 AM
  • I am kind of new to wireless myself and the only other place I use my laptop is at work which is on a secure wireless network.  I think if the WiFi hotspot is secure there should be no problems (OC and/or Windows should tell you if it is or not).  Some banking institutions, along with e-commerce sites, will not let a transaction take place on unsecured network which is a good thing on their parts. 

     

    Sunday, April 13, 2008 1:43 AM
  • I believe that the person telling you that a free WiFi provider might ask you to turn off your firewall would be incorrect. In fact, if that was a requirement to use the access, I'd go elsewhere as that exposes your PC to entirely too much.

    -steve

     

    Sunday, April 13, 2008 1:56 AM
    Moderator
  • Dear Mitch,

     

    You ought to work for OneCare; you're very knowledgeable.

     

    You gave me a great idea: I'll simply call the businesses that I'd like to frequent online at a Wi-Fi site, and ask them for their recommendations. They've probably heard all of the horror stories, and have researched the antidotes that they then pass on to their customers.

     

    I'm glad I discovered this Forum!

     

    Hasta la vista,

     

    Bennie 2

     

    P.S. to Steve: I agree! If I find that some hotspot doesn't like my Windows Live OneCare...I'll be out the door el pronto!

     

     

       

     

    Sunday, April 13, 2008 2:04 AM
  • Thanks, but I am far from being a OneCare expert, lol.  Steve and the other mods here are much more knowledgeable on OC than I am.  Back in January I bought my first laptop, a cheap Acer, just to learn about networking which I haven't had much experience on (I only had a single desktop since '86).  I was just passing what I have learned in the past few months on to you Smile

     

    Sunday, April 13, 2008 2:28 AM
  • Mitch,

     

    So Steve's a "mod," huh! I'm not quite sure what that is, but I used to watch a show called "The Mod Squad"! That Julie was hot!

     

    I'm new to computers, too. I got my first one in February of 2006. I'll be 90 before I understand all the things it can do.

     

    Well, goodnight everyone.

     

    Bennie 2

     

    Sunday, April 13, 2008 3:37 AM
  • Bennie 2,

     

    Along with the good advice Steve and Mitch have already given, there is a  more important consideration when performing things like banking while at any "hot spot", whether it's wireless or even wired.

     

    The first concern is control of the PC being used, because all the wireless security in the world means nothing when using a computer provided by the hot spot, like a kiosk in a library or Internet Cafe PC. Since you don't know who else has done what at that computer before you, you really can't trust it, so using your own PC which is well protected with Anti-Virus and a firewall is always the safer alternatinve, regardless of how it connects to the Internet.

     

    Second, with anything that might reveal personal information like banking or even simply logging into your personal email, it's actually much more important that you are using some sort of encrypted connection directly to the remote site. For banking or other web browser based applications, this would generally be done using SSL, which displays that little gold padlock icon in your Internet Explorer browser when it's properly secured. This means that there is an encrypted "tunnel" between you and the remote web server that you're connected to. For some other applications only software called a VPN can provide this encryption, so you really need to consider whether whatever you're doing would place you at risk if someone else could read it.

     

    The reason for the above is that again, how do you know you can really trust whoever is providing the free wireless, or even others along the Internet path to your bank? The point is, you can't  since you don't know them, so the best idea is simply to assume they'll try to get your information. There are sophisticated methods of capturing and even eventaully de-crypting any of this data with enough effort, but generally a real thief wouldn't bother, he'll simply look for someone who's not as well protected as an easier target.

     

    I work in the computer security field and use major public hot spots like airports all the time, but everything critical I do is completely encrypted, including all Internet access to my business email, even when accessing it form home. My personal email doesn't do this, so I must really consider whether reading these email messages in a public place is worth the risk. My PC always has AntiVirus and firewall protection and I never leave the PC on unattended while connected to hotel or other semi-private networks, since these are potentially very dangerous.

     

    The thing to remember is that no PC connected to the Internet is ever completely "safe", even in your home. You simply have better knowledge of the network connecting it to the Internet and possibly some additional hardware blocking direct access to your private home or business network. In general though, once you are accessing the Internet you are only as safe as the level of protection on your own PC and to some extent the security and trustworthiness of the remote servers you access, though this is difficult to judge.

     

    OneCareBear

    Sunday, April 13, 2008 5:56 AM
    Moderator
  • Dear OCB,

     

    Thank you for all of that information. Would you agree with me then that the Verizon PC Card that I've been using, that lets me access the Internet from just about anywhere on my portable laptop, is a pretty safe alternative to using these Wi-Fi hookups, even though the PC Card plan is kind of pricey, and isn't very fast at downloading, and moving from one web page to the next?

     

    That is, if you have time to answer. You're probably answering these questions all day long. Maybe someone else would like to add their thoughts.

     

    Thank again,

     

    Bennie

     

     

     

     

     

    Sunday, April 13, 2008 6:22 AM
  • If the Verizon card is using the Verizon cellular high speed network to connect, you are little more secure than at a Hot Sport. However, you should still have the firewall at highest security as you are directly connected to the Internet. If you are using the Verizon card to connect to available access points (Hot Spots) it is the same as using the built in wireless adapter.

    -steve

     

    Sunday, April 13, 2008 12:38 PM
    Moderator
  • Bennie 2,

     

    One of the most common issues with WiFi hot spots is when the user himself makes a mistake configuring the connection, leaving their firewall open and their PC at risk. Along with the fact that your Verizon PC card should avoid this issue, it also means you only need to trust Verizon at your end of the connection, which is much more like connecting to your ISP (also Verizon?) at home. It's still some form of wireless connection, so a sophisticated thief could still theoretically monitor the connection, but it's less likely than with the easily available hardware and software tools that exist for the common WiFi used at hot spots.

     

    This is really the key, knowing who is controlling the connection and the path to the Internet, which is difficult with many hot spots since they may have been installed locally by the owner of the business/franchise or possibly by a major networking installer or ISP under contract. This is why the recommendation to only accept connection to secured (encrypted) WiFi connections, since it implies some level of an attempt to insure security, though it in no way guarantees it.

     

    As I mentioned earlier though, your best bet is to confirm that your most critical applications like banking, bill-paying and possibly email if and when you send semi-private information are using some form of encrypted security themselves. Your earlier idea of contacting these organizations yourself is a good one if you're not sure how they protect you when connected, though with web applications you can generally see this when the SSL Certificate (golden padlock) is displayed in Internet Explorer. Make sure it stays on though, since it's common for email systems to use it only during the initial logon, but not while sending the messages themselves. Of course, non-private Internet email systems aren't really that secure in the first place, so no really private information like SSN or banking information should ever be sent using them.

     

    As for time, you'll find I post fewer responses, but your's is the type of question I like to answer since it transcends just OneCare alone. OneCare is part of a good security profile and is well designed for the non-technical user, but it can't protect you from everything as this discussion shows. Asking these questions is your best defense, since in the end your PC security is still up to you, just like your personal security when walking through an unknown part of town.

     

    OneCareBear

    Sunday, April 13, 2008 1:18 PM
    Moderator
  • Hey, everyone!

     

    It's all starting to make sense now...sort of. I noticed that my Verizon PC Card is inserted into the side of my laptop, and that there's a window on my computer's screen that's named the "VZ Access Manager." This is the interface to a software program that I installed on my computer, that came with the PC Card,  that allows me to click on the Manager's window to connect and disconnect my PC Card to and from the Internet. It's the VZ Access Manager that offers the option of switching over to a wireless connection.

     

    Therefore, since you don't need to connect to the Internet through a questionable wireless connection at a Hotspot (when you can connect to the Internet from anywhere with the PC Card's more secure Verizon Broadband connection), what this VZ Access Manager does is act as a convenient way to switch from Verizon's Broadband services to the wireless adapter that's on your computer. It's with this wireless adapter (I'm not sure what the "adapter" is; maybe it's the "Intel(R) PRO/Wireless 3945ABG Network Connection" that came with the computer, as in my case) with which you make your wireless connection at a Hotspot, or at your office, or at your home.

     

    At home, and at your office, assuming you have a home and an office, you have a whole slew of encryption choices for securing a signal between your computer's wireless adapter and a wireless router, the router acting as the control center for the wireless network that's set up. You can coordinate your computer's passwords and encryption styles with the router's, for a secure connection between them, by making various settings to both of them that their respective manuals tell you how to make.

     

    But, at a Hotspot, it's a hit-or-miss proposition. You have to rely on the security methods offered by the particular web page you're on, in order to have a hopefully secure connection. As OCB mentioned, there's the SSL Certificate to look for in the lower right corner of the screen. Naturally, you'll want to set your Firewall to it's highest settings, too; the "Public Place" setting, I believe it's called, that Steve and Mitch referenced.

     

    I guess the only practical solution to doing sensitive transactions over the Internet is to have a contract with a well-established ISP; and to know and trust whom you're transacting with--or to do your business instead via the telephone, or snail mail, or in person.

     

    Which begs the question: Don't these hackers have mothers who told them to be good boys and girls? 

     

    Bennie 2

     

    P.S. I'm sure that I just made a bunch of incorrect conclusions...so, bring it on! 

     

    Sunday, April 13, 2008 8:54 PM