Both Windows and your web browser go out of their way to tell you if your Internet connection is secured, or not secured. Secured certainly sounds better than not secured. But what does secured mean for Internet access? Let’s talk about it.
“Secured” is a friendly word to say your network connection is encrypted. But what that means, exactly, depends on whether it’s your web browser or your operating system saying the connection is secure. The most important thing to remember is that in this case, your browser can compensate for Windows, but Windows can’t compensate for the browser.
Why does your Internet connection need to be secure?
One frequent question I get is why someone should be worried about someone else seeing your Internet connection if you have nothing to hide. That’s a pretty big misnomer. Even if you’re not doing anything wrong, you have plenty to hide. Your credit card numbers are the most obvious thing, of course. But your passwords too. You don’t want anyone else getting those. You send sensitive information over the Internet all the time, and that information needs to stay between you and your bank, or whoever else you’re talking to.
Now, what exactly is secure depends on who’s talking. If Windows says your Internet connection isn’t secured, that’s a different matter than if your browser says your connection is secure. The browser is the more important piece, because the browser is responsible for the entire run. Windows is just responsible for the local wireless network.
What secured means from your browser’s perspective
When you visit a web site, your web browser will try to negotiate a secure connection with it. This negotiation involves a great deal of really obnoxious math, frequently involving extremely large prime numbers. But the idea is to come up with some math both sides can do to scramble and de-scramble the data. And if someone were to intercept the data as it travels over the network, they wouldn’t be able to figure out the math to de-scramble it in a reasonable length of time.
You don’t have to secure the data forever, necessarily. My credit card expires in four years, for example. That means in four years, I’ll get a new card with a new number on it. If it takes you 20 years to de-scramble the message, it doesn’t matter. The data isn’t useful anymore. There are some pretty strict rules about those connections that anyone who processes credit card information or sensitive health information has to follow. Web browsers didn’t used to care much about that, but in recent years they’ve gotten more strict. Clicking the green lock on your browser, or the “Not secure” message in its absence, can give you more detail. Maybe more than you want to know, but detail nonetheless.
As long as my web browser says my connection is secured, I don’t need to worry as much about what Windows says about my Internet connection. My web browser is securing my data at that point. This is why https is important.
What about viruses and stuff?
Here’s an important distinction. Your browser telling you a site is secure has nothing to do with the content or legitimacy of the site–only the network connection. For example, your browser should say my site is secure, because my site requires a secure connection. But if Bob the Bad Guy figures out how to plant a virus on my site and send it to you, your browser will still say my site is secure.
Some sites will sign contracts with a security company to scan their site for viruses every day, then they’ll display some kind of seal near the bottom of the page. But that’s not the same as the test your browser does.
What secured means from Windows’ perspective
If you’re on a wireless connection, Windows will typically tell you that you have Internet access, and the network is secured. That means the connection between your computer and the wireless access point or router (or maybe both) is encrypted. The same idea applies here. Your computer and the wireless network negotiate some math to use to scramble your data as it goes over the airwaves. That keeps the shady looking guy in the coffee shop from seeing what web sites you’re visiting.
Ideally, you want a secure connection both on your wireless connection and on the web page. But it’s the connection to the web page that’s more important. Even if your local wireless connection isn’t secured, that shady looking guy can still only see scrambled data. If it’s secured, then the data is scrambled twice.
Windows covers protecting your data on for the short haul, over the wireless network. Your web browser is responsible for the entire distance between itself and the server on the other end.