We have a ‘public’ computer in the house. It runs stock Windows firewall and antivirus and runs Firefox with AdBlock and Ghostery, but not NoScript. It has the free versions of MalwareBytes and Spybot. When people visit I try and keep a Linux VM running with an open browser, but that’s far from 100 percent.
My in-laws are from Russia and frequently visit random sites linked by friends. Not to single them out, but they have stereotypical levels of credulity in visiting sites, and HolyShitWouldYouPleaseStopVisitingSitesInThe.ruDomain! When friends and relatives visit, they are excited to show pictures on a convenient USB flash drive (from Russia). That’s what gives me the most unease, but the computer is there for friends, sitters, etc. as well, so it’s pretty much a public PC as far as I’m concerned.
I’m not too concerned about data, although it can link down to our work NAS if you enter the right user/pass so that’s not far from mind. What I’m mostly concerned about is inputting names and passwords either for the server or for online services. I wouldn’t go to a bank’s site, but I do want to enter my Google and email credentials to check on things while we’re in the kitchen.
None of the basic scans have turned up anything. Assuming we’re not being specifically targeted, at what point would you feel comfortable using the PC to log into things?