X
Tech

Here's the only safe way to use public PCs

As the Secret Service says, business center PCs can be dangerous. The only safe way to use such devices is not to use the installed OS.
Written by Larry Seltzer, Contributor

PCs in business centers probably aren't a first computing option for most business travelers. You might use them if you want to print or if your laptop computer is not available for some reason.

Unfortunately, these computers are often cesspools of criminal spyware, as the Secret Service just warned. The warning and an article about it by Brian Krebs provide some good explanation of the problem, but I believe they don't go far enough in telling you when to avoid such computers and how they might be used safely.

Accessing your personal or business resources on a public PC is the technological equivalent of sharing needles with strangers. Unless you really know what you're doing, they simply can't be trusted.

The main problem, it needs to be said, is not the hardware but the software. Some suggest locking down the PC and the user account guests may use. These are good ideas, but they don't go far enough for me. I can imagine many ways to compromise such a PC, perhaps even to get past resetting it to a default configuration.

The only safe way is to bypass the software installed on the PC by booting off a CD or USB key with an operating system image you control and trust. Obviously the computer needs to be configured to allow you to boot of the removable media.

There are many Linux Live distributions, but of course that's not a practical solution for most of us. The mass-market solution is called Windows To Go, a Windows boot image on a USB drive, usually a hardware-encrypted thumb drive, but there is at least one USB hard disk configuration available. Because Windows boots off the flash drive, the system's hard drive and any malicious software on it are out of the picture. Windows To Go is a feature of Windows volume licenses. Each seat includes a license for a Windows To Go installation; in other words, you're already paying for it.

Windows To Go is only practical in an organization with a sophisticated IT department and a well-managed network, but if the organization can support it, it is an impressively secure solution. When connected through a USB 3 port, the performance is excellent, on-par with the local hard drive, and it's good enough through USB 2. Since it is a managed user image, all communications can be encrypted from the PC all the way to the enterprise network.

Some argue that Windows To Go is practical as a company's complete remote access solution. There's a case to make for this, not least because it saves a lot of money on laptop computers, and especially if the user is happy doing most of their work on a phone or tablet. But Windows To Go is indisputably an excellent backup remote access solution for business travelers. If something goes wrong with their primary mechanism they can always find some other Internet-connected PC, such as in a hotel business center, and boot off Windows To Go.

Why don't you see a lot of Windows To Go now? I suspect the main reason is that it is Windows 8 only, and enterprises haven't been anxious to deploy Windows 8. After Microsoft cleans up that particular mess, expect a lot more Windows To Go in the real world.

A USB hardware keylogger from Amazon.com

But even if you run an operating system booted off removable media, there are still ways to monitor the system using hardware. Nearby is an image of a hardware keylogger of a type which is cheap and readily available. It plugs inline between the keyboard and the computer. Especially when the system unit is concealed under a desk, these devices are very easy to miss.

In fairness to hotels, the cleaning crew in your office building could easily be bribed and trained to install such devices and remove them a week later. So you really should look at the ports on any system you use every now and then, but particularly on public PCs.

There are other types of hardware monitoring, but they tend to require more of an NSA-level of resources and sophistication.

If I didn't have bootable USB key with me I wouldn't use a public PC such as that in a hotel business center unless it was an emergency, and even then I'd give the system a visual inspection. Be very careful.

Disclosure: I've written a paper on Windows To Go for Imation.

Editorial standards