i've used quite a few in my time and have on occasion logged onto my bank and bought stuff on credit card.

now i wuz thinking what if the owner of the cafe was to install a keylogger - he would have all the juicy personal details.

even if the owner is honest what's to stop a customer downloading a keylogger and running it in stealth mode? then coming back to collect the details?

i have been to a number of cybercafes and downloaded a variety of software to play with - some block all downloads many do not.

good point.

Although I would think any 'sensible' internet cafe owner would use DeepFreeze or similar.

I wouldn't use an I-Cafe that didn't use Deep Freeze! I always ask. A couple use similar programs. Deep Freeze is really good an I feel comfortable if I can reboot and see that it's rebooting in a frozen state.

The real danger for Internet Cafés are hardware keyloggers - these are not detectable (or preventable) by any software and can be installed in a couple of minutes - though most are physically detectable (see Finding and Removing Hardware Keyloggers (http://www.spycop.com/keyloggerremoval.htm)) it is possible to get keyboards with keyloggers built-in which are not so visible.

The best option is to only use passwords on computers you physically control. However most keyloggers can be bypassed by using Windows' On-Screen Keyboard utility or by entering your password in a random order (e.g. typing the last 3 letters, using the mouse to move the cursor back to the beginning and typing the previous 3, etc).

No, Internet cafes can NOT be trusted. End of the story. Unless you know personally the owner and you KNOW he's honest and knows a lot about Internet security, never, EVER use a credit card in a public Internet access.

-{ Quote: "However most keyloggers can be bypassed by using Windows' On-Screen Keyboard utility or by entering your password in a random order (e.g. typing the last 3 letters, using the mouse to move the cursor back to the beginning and typing the previous 3, etc)." }-

I would not feel safe by relying on something as simple as that, really. There are keyloggers able to take screen snaphots, I've seen keyloggers EASILY defeat virtual keyboards, and it takes pretty much nothing for a program to rearrange say, a 7/8 characters long password in all possible combinations.

-{ Quote: "I would not feel safe by relying on something as simple as that, really. There are keyloggers able to take screen snaphots, I've seen keyloggers EASILY defeat virtual keyboards, and it takes pretty much nothing for a program to rearrange say, a 7/8 characters long password in all possible combinations." }-Hence my qualification "most keyloggers". It should be noted that hardware keyloggers are (currently) restricted to reading the keyboard only so running a system from a boot-CD or memory-stick (bypassing any installed spyware) plus using a virtual keyboard should counter any keylogging.

While it is right to say that Internet Cafés pose a greater risk for credit card use, this should be looked at in context. Most people take a greater risk when they pass their card onto a restaurant waiter for paying a bill (while out of sight, they could make a copy of the card, run it through the reader multiple times, etc). Also, professional thieves are more likely to target destination websites rather than individual PCs since these will possibly have every customer's credit card details - unfortunately it is not possible for an end-user to judge how secure a website is against such attacks.

Internet Cafes here in our city? :o ??? My answer is no!!! I could not trust using computers in the internet cafes. For one big reason... most of them didn't know how to configure and secure their server, and their pc's are loaded with lots of spywares, pop-ups etc. :P :-[

But still they're good when use for some other things, when you're not very concerned w security or your identity then it's ok. They are very accessible, many internet cafe's or internet rental sprouts like wild mushrooms here in our country... and in our city they're everywhere. 8)

Hi,

Most of Internet Cafes need to use IRC/MSN and so on for the satisfaction of their consumers.
And many PCs in these places are realyy "junk PCs" (recently, i've mad a scan online with Panda Active Scan in one of them: 692 virus/trojans/spywares/dialers !).
It's therefore not serious to bank or shop online in Intenet Cafes.

For virtual keyboards, it's not a solution: the cityBank's Virtual keyboard for instance has been defeated: http://xforce.iss.net/xforce/xfdb/21727
I have a virtual keyboard keylogger and i've verified (with Windows one or free ones) that virtual keyboards solutions are not secure (Biometric authentication is more secure but costs also much more).
More info about the subject: http://www.wilderssecurity.com/showthread.php?t=91851

Regards

You would think that the FTC federal trade commision would do yearly or better inspections of these facilities to protect the public. I wonder if these places are inspected by internet Experts??

I would use Privacy Keeper stored on portable USB data key.
After using the the internet cafe computer, run it
and it will wipe out all traces of your surfing the Net.
freeware download and install:
http://www.softpedia.com/get/Security/Secure-cleaning/IE-Privacy-Keeper.shtml

-{ Quote: "I would use Privacy Keeper stored on portable USB data key..." }-Unless you actually booted the PC from your USB key, how could Privacy Keeper provide any protection from software keyloggers? (let alone hardware ones).

The computers in public internet cafes are very dangerous since many people use them daily, and if the computers dont have proper security measures/software in place, anybody using the computers is putting his/her own personal info at grave risk. Anyone can just install or place many varieties of malware on the computers in internet cafes. 1 thing is for sure: The owner of the internet cafe will never bother to secure the computers properly. Never ever trust comps in public internet cafes. Have you ever seen computers in internet cafes with no antivirus program at all? even basic security ain't there.

If you want to be safer in an Internet Cafe, one thing I would check with the owner is if their wireless router has an AP Isolation setting and if it does, is it turned on. Another suggestion would be to use a firewall or an IP Blocker such as Protowall and make sure the network ranges are being blocked.

Example:
10.0.0.0-10.255.255.255 or
192.168.0.0-192.168.255.255

Screen capture taken from my wireless router....