PDA

View Full Version : Ubuntu LiveCD general question?



McRat
July 6th, 2010, 09:33 PM
Could you use it for secure on-line banking? Does it allow internet access directly off the CD?

Answering a question for a friend, I've never tried LiveCD.

Bachstelze
July 6th, 2010, 09:35 PM
Could you use it for secure on-line banking? Does it allow internet access directly off the CD?

Yes, though whether it would actually make you more "secure" is debatable.

GreenN00b
July 6th, 2010, 09:42 PM
You have INTERNET access from the CD, but it may not be enough.
Depending on the bank, some may require specific browsers like IE, some may require you install a certificate witch will be lost after reboot and you usually get a limited number.

McRat
July 6th, 2010, 09:42 PM
Yes, though whether it would actually make you more "secure" is debatable.

Well, if you can't write a trojan onto a CDROM, it's at least a little safer. Their computer got infected.

Crunchy the Headcrab
July 6th, 2010, 09:49 PM
Well, if you can't write a trojan onto a CDROM, it's at least a little safer. Their computer got infected.
Also whatever infected them probably wouldn't run in a Linux environment. I must ask though, why not just reinstall windows? I know it sounds like a PITA but no more so than using an infected computer imo.

ajgreeny
July 6th, 2010, 09:51 PM
Well, if you can't write a trojan onto a CDROM, it's at least a little safer. Their computer got infected.
And, of course, there will be no history, passwords or anything else saved on a running system for anyone to hack into, if, for example, the computer was stolen or passed on to others.

Paranoid? I don't know, but the question was asked, and deserves some sort of answer.

Bachstelze
July 6th, 2010, 09:54 PM
And, of course, there will be no history, passwords or anything else saved on a running system for anyone to hack into, if, for example, the computer was stolen or passed on to others.

Any decent bank would use a password system where the password can not be saved in the browser. Then again, US banks are apparently really bad in that regard, maybe that's why US people feel the need to go to such lengths for banking security.

lukeiamyourfather
July 6th, 2010, 10:02 PM
Could you use it for secure on-line banking? Does it allow internet access directly off the CD?

Answering a question for a friend, I've never tried LiveCD.

Sure, but why wouldn't you just install Ubuntu?

snowpine
July 6th, 2010, 10:23 PM
Your first line of defense is a trusting relationship with your bank. All banks have fraud departments that can protect you if someone hacks your account or uses your info to make unauthorized purchases. If you are unclear, call your bank and discuss your concerns.

I personally prefer banking online using Linux vs. Windows. Is a Linux Live CD more secure than an installed Linux system? That is a matter of debate.

The big benefit to banking from a Live CD is that a live session starts fresh when you boot and disappears when you shut down. The live session has no access to your history prior to booting up, and anything bad that happens during the live session will be undone when you shut down. The security benefits of this are obvious.

The main drawback to banking from a Live CD is that it contains outdated applications. If you are using a Live CD with an older browser that contains a security vulnerability, obviously you are putting yourself at risk compared with an up-to-date install. Many distributions (including Ubuntu) have "daily build" CDs of their testing branch with the latest software.

Personally, I do my online banking on a Linux install (not a Live CD) using Firefox's "private browsing" feature. I feel that, for a non-millionaire average guy who has a good relationship with his bank, this is an acceptable level of security/risk for my comfort zone.

Crunchy the Headcrab
July 6th, 2010, 10:40 PM
Any decent bank would use a password system where the password can not be saved in the browser. Then again, US banks are apparently really bad in that regard, maybe that's why US people feel the need to go to such lengths for banking security.
Agreed. Unfortunately I don't think it's the banks, but the American consumer that desires this feature. My wife would use that feature on every bank account if she could.

@ Snowpine: My understanding is that credit card companies (visa, chase, american express, discover--in the states) work very well with you in this regard. I had someone steal my credit card info once and the card company worked closely with me to resolve it. I have heard though that it like pulling teeth to get a bank itself to fix fraud.

My trust in CC companies might be misplaced too. The fraud that occurred originated in France. I live in the states. Because the CC company worked closely with the group I was working for, they knew that it was impossible for me to be in France. So that was probably a rare circumstance.

While it might be "your first line of defense" to have a trusting relationship with your bank, I would say that you best line of defense is to guard you personal information passionately and to only use cards (credit or debit) and checks where you trust the merchant closely.

jmszr
July 7th, 2010, 12:08 AM
McRat,

Here is some good information: http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html .

McRat
July 7th, 2010, 12:40 AM
McRat,

Here is some good information: http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html .

Good find!

There is even a link there as to HOW to use a liveCD for banking with screen shots of Ubuntu:

http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_down_non.html

TheNessus
July 7th, 2010, 01:38 AM
Your first line of defense is a trusting relationship with your bank. All banks have fraud departments that can protect you if someone hacks your account or uses your info to make unauthorized purchases. If you are unclear, call your bank and discuss your concerns.

I personally prefer banking online using Linux vs. Windows. Is a Linux Live CD more secure than an installed Linux system? That is a matter of debate.

The big benefit to banking from a Live CD is that a live session starts fresh when you boot and disappears when you shut down. The live session has no access to your history prior to booting up, and anything bad that happens during the live session will be undone when you shut down. The security benefits of this are obvious.

The main drawback to banking from a Live CD is that it contains outdated applications. If you are using a Live CD with an older browser that contains a security vulnerability, obviously you are putting yourself at risk compared with an up-to-date install. Many distributions (including Ubuntu) have "daily build" CDs of their testing branch with the latest software.

Personally, I do my online banking on a Linux install (not a Live CD) using Firefox's "private browsing" feature. I feel that, for a non-millionaire average guy who has a good relationship with his bank, this is an acceptable level of security/risk for my comfort zone.

you can always run the latest FF or other browser without actually installing it.