Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Windows not fit for online banking, says Washington Post blog
It would be easy for Linux and Mac users to point to this blog post by Brian Krebs at the Washington Post's Security Fix and feel smug. The post flat out states that the simplest, most cost-effective way to avoid online fraud is: "Don't use Microsoft Windows when accessing your bank account online."
If you're a Windows user, ouch.
But hold on a second. The thing is, Krebs isn't endorsing the Mac or Linux platform in his condemnation of Windows. Rather, he's pointing out that Windows is the most-targeted platform, but that certainly doesn't mean that Macs or Linux machines are invulnerable.
Krebs points out that the safest way to avoid malware and make sure your banking session is secure is to boot your machine from a Live CD that is a pristine, uninfected environment. Live CDs are typically Linux variants, but the OS doesn't really matter -- what matters here is that you are booting an operating system that malware can't infect because its state is not persistent.
This is solid advice, and it leads me to wonder how long it will be before the major OS makers offer a locked-down virtual machine, or better yet a locked-down banking partition that is a fast booting light OS containing only a secure browser with which to do your most sensitive online tasks.
Kind of sounds like a job for Chrome OS, doesn't it?
Comments
28
Subscribe to commentsakcpeOct 14th 2009 6:02PM
Then you have a weird setup. Nearly every bank allows wire transfers online. And dont forget payment services such as Paypal and Google Checkout.... They get funding directly "wired" from your account ONLINE.
blasztaOct 14th 2009 9:42PM
Chrome OS? Why wait? Webconverger already available for several years: http://webconverger.com/
It's a lock down live CD Linux (no terminal also), and targeted as web kiosk. Even with this type of OS, there's still probability of SSL compromise and phishing...
Jeff COct 15th 2009 3:24AM
Why not install a 2nd bootable Windows partition and use a partition manager to hide all others when you boot into it. Then only use that as a banking OS and only access bank websites from it and thats all.
Shouldn't this be fairly safe and practical for most users.
I think Windows license allows a 2nd install as long as only one is in use at a time.
I have witness how people in my family use a computer and how unaware they are of its risks and seen many a machine infected with malware, but this guys comments while true are not very practical.
dfgdfgdfOct 15th 2009 4:03AM
This is some serious nonsense. There are two scenarios:
1) Phishing. No operating system or live CD will protect you from that. Period.
2) Trojans on your Computer: Since there is always some kind of computer-independent security token involved (could be an iTAN list, a hardware TAN generator like for Paypal,...) the trojan would have to do a man-in-the-middle attack. Has that ever happened? Sounds very complicated. As long as there are enough users that fall for classic trojan-less phishing...
Of course there is a completely secure solution: The German HBCI standard using an external card reader to authenticate the transaction. A class 3 HBCI reader provides "absolute" security. All banks should use this or something similar. Using a desktop app for banking is more user friendly anyway.
SilverWaveOct 15th 2009 4:34PM
@Lee Mathews
Quote:
"If you read the article, I took pains to say why I was recommending these steps: For *business* users, specifically small to mid-sized businesses that can't afford to lose a million dollars in a day because of a single virus infection. As I stated, Grandma doesn't need to do this because the bank will make her whole if she gets her account cleaned out."
SilverWaveOct 15th 2009 4:50PM
@Jonathan Harford
>>>If I'm really concerned, I'll use Firefox in an Ubuntu virtual machine -- I'm sure that'll be locked-down enough, right?
Well some of this windows malware takes screen shots... and keyloggers are a huge issue so, no not really.
The whole point is to ensure you are booting from guaranteed clean OS, a LiveCD is read only so that works, but if your host machine is compromised then your VM is at risk as well.
SilverWaveOct 15th 2009 4:54PM
@set
>Has there been actual theft from online banking exploits? You can't withdraw cash online. The potential for crime is rather overstated, IMO.
Quote:
"But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection."
Jeff COct 15th 2009 8:02PM
better yet, why doesn't MS allow OEM to create a 2nd partition for a second copy of the OS that users are to only use for secure payment transactions and then maybe have it were the browser on this OS only allows certain MS approved URL domains, that is banking, paypal, ebay, etc. And have the OS to be non-writable except for cookie and cache areas.
So in effect they are giving users a second OS to boot into for only their financial transactions. I know most families who would not mind the extra hassle of this if they knew how secure it was.