InformAction Forums

I am setting up a new laptop for use in college classes which start in January, and I am concerned about security. The laptop runs on Windows 7 Home Premium SP1, protected by MS Security Essentials. The only strong wireless signal available at school is WEP. The more secure WPA2 signal shows either zero or two bars.

I use noscript add-on for Firefox on the desktop computer at home (wired connection) because some of my online research leads me to potentially risky web sites. The school website must be used frequently for class assignments and other purposes. The school web site contains quite a bit of personal information if you know where to look. I am avoiding as much saved personal information as possible on the laptop for security purposes. For this reason I would like to know if the script blocking that noscript provides would be useful in the school environment or not. Maybe a better question would be does noscript protect from a live human being hacking as well as it does from malware using scripts?

Thanks for your replies.

The NoScript features that might somewhat reliably protect you from some of the security problems in conjection the unsecure Wifi would be it's HTTPS enforcement and secure cookies feature.

w.learning wrote:. Maybe a better question would be does noscript protect from a live human being hacking as well as it does from malware using scripts?

It's an axiom of computer security that if anyone can gain physical access to the machine, you can be toast.

For example, they could install a keylogger, perhaps a hardware one rather than a software one. (The FBI does this with suspected criminals. Whether they have a a warrant is a different issue...) NoScript cannot protect you from that, or from any machine that has already been compromised in any of a number of ways. Nothing else can, either. So the main thing is never to let the laptop out of your sight, or lock it up very securely, using a physically-locked case, etc.

If a hacker in the school's IT room or whatever can insert malicious code into the coding of the school's site itself (as opposed to doing so from a third-party web site), then in essence you are connecting to a malicious web site. NoScript can stop some attacks, but if you have to allow the school's scripting to use the site, then the evildoer has the same privileges in your browser as the school does. School's out.

Sounds like a very careless IT department, to put so much personal info on the web site without adequate protection. Any chance they'll listen to complaints?

dhouwn's suggestion to use the Force HTTPS feature is a good one, but only if the site accepts and supports HTTPS connections. Not all do.

A more complex solution would be a VPN (Virtual Private Network) from your school laptop to your home desktop, which eliminates the concern of eavesdropping on the wireless signal. Most such solutions use non-public address spaces (E. g., LogMeIn Hamachi uses 5.x.x.x, which is not recognized on the public Internet) and very strong encryption. In essence, you're sitting at your home computer, though working it (securely) from your school computer.

Or try a different school. Good luck.

Thanks for the info.

The concept of working through the home computer is interesting; however, I don't have mobile broadband service. My connection at school is via the wireless capability of the laptop, and the budget does not allow taking on another bill at this time. As for the security at school: The IT department uses a third party web site provider and says that the bulk of the security is handled by the provider. When I questioned WEP versus WPA2, the IT department did not understand my concern. Fortunately the laptop has some good security features included in the OEM installation. I have port locker and biometric features active. I am hoping that proves to be adequate to secure the computer if someone happens to get their hands on it. Do you have any comments on this that you would like to share with me?

As for noscript, I'll install it to add one more layer of protection.

(At this point, the discussion expanded beyond NoScript, into a general discussion of securing a machine and a connection, physically and electronically, at shared access points and shared facilities in general, including the OP's situation of a very non-security-aware college. It was therefore split to Forum Extras > Security, here. Since the NoScript-related questions were answered, this topic is marked as resolved.)