Windows – On unencrypted public wifi, what kind of real danger am I in


First, my setup

  • Windows 7 Home Premium

  • use the built-in firewall

  • UAC on max

  • in Windows' wireless network settings for public networks, besides the default settings, I have 1)set to block all media streaming, and 2)turned off public file sharing. When I connect to a free wifi, I always set Windows to classify it as a "Public Network".

  • fully patched Windows, Office, Firefox, Flash Player, Java, etc, etc….everything

  • I always make 100% sure I connect to the expected wifi and not someone's fake-out data-stealing pirate wifi network.

  • Whenever I log into a site I care about, I always log in using https. All of my email accounts (gmail) use https. I really don't care if anyone sees my websurfing (forum posts, google searches, etc).

Regardless of whether or not my AV would detect and stop malware that actually did make it onto my computer, let me ask

q1) what are the chances of malware getting onto my computer from the lan/wifi? (not asking about malware coming from email, websites, flash drives, etc. Only asking about the possibility of getting something from the public lan/wifi)

Next, assuming no malware was placed on my computer from the lan/wifi, what (and how great) is the danger to

q2) my data on my computer (from being stolen or viewed)?

q3) the sensitive data I transmit using https being seen or stolen and unencrypted?

I'm asking for real world ("in the wild") dangers at any random free wifi like Starbuck's etc, but not about every possibility or about methods that require skills or equipment that are extremely unlikely to be encountered.

btw, I know there are further steps I could take for better security than the ones I mentioned above, however, for now, I need to get an accurate, but not overly paranoid, picture of where I stand with my current set up. I'm hopeful there are people here that can give me perspective.


formatting edit: I edited so that each question would have a unique number

Best Answer

a1) What do you mean by "what are the chances"? What are the chances the wifi owner is malicious, or what are the chances they can do it if they are? The former question I have no data on. The latter depends on what you're using their wifi for. If you are downloading executable files and running them then obviously it's very easy for them to put malware on your computer. The next most likely vectors are PDFs, or malicious Java / Flash / scripts on websites, but all of those would need you to be running vulnerable software (although in the case of Adobe Acrobat, it is vulnerable even if you are 100% up to date, we just don't know what's wrong with it yet ;)

To avoid this I would say, in ascending order of paranoia (i.e. 1 is sensible, the rest are more paranoid):

  1. Do not download any executables over an internet connection you don't trust
  2. Don't have your browser set up to open PDFs in Acrobat (there are many safer alternatives), Flash, or Java applets without asking you
  3. Consider using NoScript

Of course, if you are using SSL websites, then they cannot modify what data you get. Probably. See answer 3.

a2) Assuming no malware has been planted on your computer, and you operate under the rules in answer 1, effectively zero. There might be programs that are leaking information, or have bugs that let people put things on your computer, but that isn't really relevant to the wifi. Minimising the number of applications allowed to use the internet (in the firewall settings) is a good idea for this reason.

a3) When you use HTTPs your browser verifies that the site is who they say they are by checking their certificate. Only certain people can give out these certificates, and your browser knows how to check theirs.

What does this mean for security? Well for one, it means you are trusting those certificate writers. There have been attacks on their systems to produce fraudulent certs in the past, and there have been cases of browsers trusting certificate authorities that no one is quite sure who owns them now.

What can you do? Some browsers have extensions to help you out here. What you want is something that remembers what certificate a given website had last time you visited it, and will put up a big fat warning if that changes. This means even if a certificate authority is compromised in some way, you still won't hand over your data.

This is a very unlikely outcome, by the way - it would require someone to obtain a fraudulent cert AND to then target people using that site over their wifi... Given the value of the cert, and the effort to obtain it, it's much more likely it would be used in a wider attack. But it won't hurt to protect yourself against such things, anyway.

Oh and of course, sites using self-signed certificates are trivial to masquerade as. Having an extension that compares the cert to the last time you accessed them would alert you to any man-in-the-middle going on.

q3) the sensitive data I transmit using https being seen or stolen and unencrypted?

Related Question