Helping people with computers... one answer at a time.
It's not uncommon to leave a website open on your computer for long periods of time. That's not typically a problem, but you should still take care.
If I leave a website open on my computer, am I susceptible to hacking?
I have 128bit WEP security on a single machine home wireless network.
•
It's not at all uncommon to have browsers and websites open for lengthy periods of time, even when we walk away from our computers. I know I certainly leave several open for hours, if not days.
This may, or may not, be a security risk, depending on several factors.
•
The first thing to consider is simply this: is your computer safe? Not the web sites, but the computer.
By that I mean if you walk away from your computer, is it safe or is it possible that someone could access and use or abuse your computer in some way while you're not around? In a case like that, leaving a web site up and open is often the least of your worries, unless of course it's your banking site and your roommate or someone else comes along and drains your account.
So, as I've said so often, if your computer isn't physically secure, it's not secure.
But that's not really what you were asking about, though I'll refer to it below again.
So, assuming someone isn't going to walk up to your computer while you're away...
In short, the answer is mostly no - you're not susceptible to hacking by simply leaving a website open. But you still need to take care.
Most websites don't do anything. By that I mean that the majority of sites simply display content when you first visit the page, and then quite literally don't do anything else until you browse to another page. They don't access your machine; they don't run programs; they're just static. It's kind of like leaving a book open on a table. You can read the words, but the pages won't turn themselves, nor will the book burst into flames by itself.
Now, things get slightly more complicated as the web gets more powerful. Let's use GMail as an example.
If you leave GMail's default view open, it will in fact periodically check for and display new mail. So, yes, the web page is "doing something". The pages are turning themselves, in a sense. But still, this type of activity - while more and more common - is also typically benign. Websites that automatically update their content aren't going to allow a hacker entry into your machine.
So even there, leaving a fairly powerful website open isn't really a huge risk on its own. The content may update, but ultimately that's just fine.
What about sites that display truly confidential information - like your banking site?
Even there, leaving it open for a long period of time isn't exposing you to any additional risk. The site simply displays information, and then steps aside while you read it and decide what to do next.
There is risk, however, and it's what I alluded to earlier. Anyone who can walk up to your machine while you're logged into your bank's web site can do whatever they want. Heck, even just walking by and seeing your personal information should be enough to concern you.
That's why most secure sites like your bank will automatically log you out after you've not done anything for a while. They have to assume that it's possible you've walked away from your computer, and they must log you out for your own safety.
But if you're certain that your machine is safe - both virus free (and if it's not, then all bets are off whether you leave things open or not), and physically secure from someone walking up to the machine - then sure, leave sites open as long as you like.
I do it all the time.
Article C3822 - July 29, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Well, not logging out does nothing but tell the cookie saved in your browser to auto log you back in on your next visit, all your info is still saved on that machine, nevertheless.
Also, having a site open DOES NOT keep a constant connection to the site you are on. There may be a timer running to "refresh" the content systematically like google (which uses last connect time in the cookie), but even then all the info is done locally and a tcp connection is open only when you are "accessing" the site and auto closes once the transaction is completed. You can leave it open as long as you want -- it will connect/disconnect on its own if its made that way, otherwise it will sit there idle as the data is already on your machine.
The only threat is if someone comes by and actually reads it on your screen or if its an unsecured site, they can sniff the information on your local network AS the site refreshes... In that case, there's nothing you can really do.. Sites will usually auto secure stuff that are personal, but unless you see the lock on the bottom/top of your browser telling you you are a secure page, your stuff is 100% visible to anyone who knows what they are doing, but only as you receive the data and not before/after.
Posted by: Chris Awad at August 4, 2009 1:57 PMI would be more concerned about the fact that you are using WEP instead of WPA for your wireless encryption. I hope you have a good firewall, since your network is simple to hack.
Posted by: Michael Dawson at August 4, 2009 10:14 PM"I have 128bit WEP security on a single machine home wireless network."
Posted by: rulz.pl at August 5, 2009 3:24 PMEverything you send/ receive can be read by anyone!!! WEP is not secure - anyone can hack into it and read data exchanged by you! No firewall will help you in this situation - you have to use WPA
I am just wondering if there is a way to keep the computer displaying what it was when you left it BUT preventing further interaction(by mouse, keyboard, et cetera) until you fill in a password. It would be a neat option...although not necessarily top-notch security-wise.
Posted by: snail at August 10, 2009 12:11 PMAs for me, I use firefox and if I need to leave in a jiff and come back, I can make sure more than one tabs are open in the single window I run it in then close it but do NOT delete the data. I can then log out(winkey + L) -- lowercase L. It has occurred to me, however, that the session data from firefox can be compromised...
I don't know how accurately programs(in particular, sites visited on-line in firefox) can resume from a Lock or logging off.
OK. I read the article. Good stuff. But we just had an incident where a gambling site popped on to our computer overnight. It's just me & the Mrs. So, assume for the moment neither of us sought the site out. We are on a cable modem. We are not wireless at all. We have only one pc. I run TrendMicroPro. The pc is set to hibernate after 15 minutes. I may have left it running on my home page when I went to bed. But it was hibernating when I got up. When I woke it up, the gambling site was on instead of my desktop. I know we contend with other nearby cable subscribers for bandwidth. Is it possible for someone to sit at the IP of a shared piece of cable company hardware "out at the curb" so to speak, and "push" URLs to downstream PCs?
Posted by: Joe at October 14, 2009 3:51 PM