1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.
Absolutely, this is a very good point. Technically, the machine isn't compromised if the user has intentionally turned on sharing. However, usually the user doesn't realize that they have invited other users to share files (to or from) their machine. If you are using Windows, make sure you understand what is and what is not shared on your machine.
2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.
Using VPN's is exponentionally more dangerous if you are using a web vpn connect from a public terminal. The reason is that you must assume the public terminal has a key logger; The danger is that if use a single-factor authentication scheme, an attacker will then be able to login with simply your username and password and have access to your entire network - instead of just one machine.
If you use a two-factor (or three-factor) authentication scheme on a public terminal, then you prevent later attacks, however, you may still have shared other confidential information during THIS session.
Often it is easier to install malware on a backend server as they often don't have the same level of hardening (firewalls, antivirus software) because you often assume that is done at the perimeter devices.
Point being, VPN's have their place but they are complicated, harder to secure and would be overkill for your average cruiser - and they do not take care of the #1 risk factor of using public terminals.
3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.
This is not usually a good option either. The reason being is that your home PC now has an opening, listening connection. An attacker could spend months guessing user names and passwords and you would never know.
There are tools to help prevent this; For us Linux users, try Fail2Ban - it stops hundreds of attackers on my network daily. For Windows users, they often rely on devices like Linksys or Netgear routers... I don't know what features they have for preventing dictionary attacks on systems like VNC/RemoteDesktop software.
4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.
Web access is fine if you practice safe web browsing techniques. However, the key is to do this from your uninfected personal/private machine.
The message is still "never ever ever never ever use public terminals."
5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.
There are new methods of protecting your accounts all the time. Evaluate the ones that work best for you and use them.
You must watch things like having your password mailed to your phone; If you happen to lose your phone (unlocked) someone can check your e-mail, request a password change on your app (Facebook?) and have the password sent to the phone that they have stolen. Now they have your phone, your e-mail account and your Facebook account.
7. You are right about PKI.
Using encryption is overkill for the average person and doesn't get around many of the actual issues that users face.
They key message through all of this is that there is *NO METHOD* for protecting yourself if you choose to use a public terminal. Don't do it. Don't login to your e-mail, web bank account or even Facebook from someone else's machine. Don't do it.
When you use your own machine, you simply need to practice safe web browsing.
1. Login to only SSL sites
2. Do not open strange attachments
3. Be very sure you only connect to known WiFi networks; If you have a low-limit credit card, use that.
4. Windows users: Ensure you have your antivirus up to date, firewall enabled and file sharing, desktop sharing and peer-to-peer sharing disabled. Don't forget your other services.
5. Linux users: Ensure you know what daemons/servers you have running, use IPTables firewalls for added safety and particularly use Fail2Ban.
6. Mac users: Hmmm, sorry, I'm not a mac user. I bet the linux advice applies to you as well.
7. Separate the fear (FUD) from actual threats. Don't bury your head in the sand or throw the dice with your choices because this subject sounds complicated or scary.
I hope this helps at least one person.