If I leave a website open on my computer, am I susceptible to hacking?
I have 128bit WEP security on a single machine home wireless network.
It’s not at all uncommon to have browsers and websites open for lengthy periods of time, even when we walk away from our
computers. I know I certainly leave several open for hours, if not days.
This may, or may not, be a security risk, depending on several factors.
The first thing to consider is simply this: is your computer safe? Not the web sites, but the computer.
By that I mean if you walk away from your computer, is it safe or is it possible that someone could access and use or abuse your computer in some way while you’re not around? In a case like that, leaving a web site up and open is often the least of your worries, unless of course it’s your banking site and your roommate or someone else comes along and drains your account.
So, as I’ve said so often, if your computer isn’t physically secure, it’s not secure.
But that’s not really what you were asking about, though I’ll refer to it below again.
So, assuming someone isn’t going to walk up to your computer while you’re away…
In short, the answer is mostly no – you’re not susceptible to hacking by simply leaving a website open. But you still need to take care.
Most websites don’t do anything. By that I mean that the majority of sites simply display content when you first visit the page, and then quite literally don’t do anything else until you browse to another page. They don’t access your machine; they don’t run programs; they’re just static. It’s kind of like leaving a book open on a table. You can read the words, but the pages won’t turn themselves, nor will the book burst into flames by itself.
Now, things get slightly more complicated as the web gets more powerful. Let’s use GMail as an example.
If you leave GMail’s default view open, it will in fact periodically check for and display new mail. So, yes, the web page is “doing something”. The pages are turning themselves, in a sense. But still, this type of activity – while more and more common – is also typically benign. Websites that automatically update their content aren’t going to allow a hacker entry into your machine.
So even there, leaving a fairly powerful website open isn’t really a huge risk on its own. The content may update, but ultimately that’s just fine.
What about sites that display truly confidential information – like your banking site?
Even there, leaving it open for a long period of time isn’t exposing you to any additional risk. The site simply displays information, and then steps aside while you read it and decide what to do next.
There is risk, however, and it’s what I alluded to earlier. Anyone who can walk up to your machine while you’re logged into your bank’s web site can do whatever they want. Heck, even just walking by and seeing your personal information should be enough to concern you.
That’s why most secure sites like your bank will automatically log you out after you’ve not done anything for a while. They have to assume that it’s possible you’ve walked away from your computer, and they must log you out for your own safety.
But if you’re certain that your machine is safe – both virus free (and if it’s not, then all bets are off whether you leave things open or not), and physically secure from someone walking up to the machine – then sure, leave sites open as long as you like.
I do it all the time.