There are lots of reasons why using wifi is a bigger security risk than a standard wired network but I guess one of the biggest problems is illustrated by this quote from Jeffrey Schiller a network manager at MIT.
The only way to tell the difference between a legitimate and non-legitimate access point is intent.
Which is precisely the problem - in a public place you have no way to discriminate. Imagine any public wifi either paid or free that you use. Might be a local hotspot, airport, cafe with free access anything really - as soon as you connect to that access point you are trusting that the owner with all your data, any emails you read, any passwords, account names, unless of course you use wifi security software.
Fine you might trust your local coffee house with your data, but now I shall tell you about an increasingly common Phishing attack called the Evil Twin. It's not particularly hard to set up but it can be fantastically rewarding for the identity theft behind it.
So whats 'an evil twin' attack, well there are a few definitions but for simplicity sakes I'll illustrate the simpler one. The hacker or identity thief sits somewhere in range of the local coffee house, with his laptop in his bag. The laptop is set up to act as an Access point, it is given a very legitimate sounding name (maybe using coffee house name or a big Telecom firm like Vodaphone)
What happens next is the hacker waits for people to connect and browse through this laptop, as they do all their data is logged as it transmits, the user will not notice any difference. They might even make a very small charge for the service so that you have to type in your credit card details or paypal account.
Your browsing and data is completely in control of the owner of the laptop who can harvest any information, redirect you to copies of legitimate sites - if he's clever you'll never notice that half your online identity has been stolen, if he's not clever you probably won't notice either !
There are varieties of these attacks, the classic evil twin attack involves duplicating the SID and putting the legitimate wireless access point out of business temporarily whilst they are intercepting data. This makes it look more legitimate and ensures that there is only a single wifi connection to connect to.
So how Does Wifi Security Software help
It obviously depends on the product, the wifi security program I use is called Identity Cloaker and when I connect anywhere outside my home network I use this program. In this scenario it protects me because although it doesn't stop my data being redirected, all my browsing takes place down a Secure SSH tunnel. This means that everything I transmit is encrypted and unreadable by anyone intercepting this data.
Remember setting up an evil twin or fake Access point don't require any special skills in fact there are many hacking sites with simple step by step instructions. It is simple to do, alarmingly simple in fact and the costs to you and the rewards to the identity thief are extremely high. Remember next time you connect, who exactly are you trusting with your details and have you just sent your credit card details to the spotty kid in the corner ? Be careful on these wifi networks, don't use them or use some security software which makes them safe.