A very common part of the Internet landscape is the availability of public-access computers that are connected to the Internet. These were made available in schools, universities and libraries but then ended up as being part of cafes, bars and the like, including hotel business centres.
But there had to be a level of control over what software ended up on these computers so that they don’t become a conduit for mailware. Even before the Internet, there was the issue of people bringing in software on floppy disks and these were known to be a conduit for viruses. For example, the computer systems that I used at the TAFE college where I studied my computer course were connected to a network but these were set up to boot from the network where the IT department had control over the software that was made available. In some cases, the boot sequence required the computer’s local hard disk to be “swept clean” of data and the locally-required software image to be reinstalled on that hard disk.
A common reality with public-access computers nowadays is that they operate all the time the business is open, surviving the day without being rebooted. In some cases, it becomes feasible to install software on them thus allowing any “Tom, Dick and Harry” to install software off removeable media or the Internet. As well, there is a culture amongst a lot of organisations who run these computers where no-one cares about what goes on with them, usually due to technically-inept or overworked customer-service staff or IT support staff who are distant from the venues.
This has lead to situations like keylogger malware being planted on these machines because users enter personally-identifiable information in to these computers to complete transactions or communicate with others.
What can we do
If you can, use your own computer equipment to perform your sensitive communications or transactions. If you have to use a public-access computer, make sure that the machine you intend to use implements a “wipe-clean-and-install” arrangement where the local hard disks are “wiped clean” and the software reinstated from a known image after every usage session.
What venues can do
Encourage the staff to keep an eye on the public-access computers and respond to issues that the users may have with the systems. As well, they keep an eye out for any physical tampering with these systems such as installation of hardware keyloggers or similar devices.
Another issue worth considering is deploying system-management software that can either restore from a known disk image when the computer is restarted (Faronics DeepFreeze), lock down the computer (Anfibia Deskman) or provide a simple “Web kiosk” environment (Webconverger). These can limit the effect that malware can have on the public-access computers.
At least, they could keep the computers running operating systems, application software and desktop-security software that is kept updated with the latest security patches. In a lot of cases, the software could be set up with “blind updating” where the updates are downloaded and installed automatically. As well, making sure that the computers are restarted on a regular basis to be sure of updates being properly installed and can increase the effectiveness of “wipe-clean” system management software.
Personally I see the public-access computers becoming the Internet equivalent of the public pay phone – something that we are making less use of and people who use these devices regularly are seen as social pariahs. This is although they become a stop-gap measure for computing tasks when we deal with laptops or smartphones that are out of battery for example.