View Full Version : [all variants] Secure habits for on-line banking?

JC Cheloven
June 19th, 2008, 04:32 AM
Hi, I'm worried about a friend: He was recently 'converted' to linux by me, and he's quite happy now.

But he does a lot of on-line banking. Someone hacking his pswds would be a big problem.
As a previous M$W user, he asked about viruses and exploits. I told him that viruses are not an issue in linux. As for other malware, I figured out that the weaker point could be something sneakely installed in the browser, so I suggested him to use a browser (epiphany for example) only for banking, and another one for general-purpose surfing (firefox).

Was it a wise piece of advice?
Any other hints?

I would be grateful if someone adept at security could enlighten me.

June 19th, 2008, 08:17 AM
Well, using two different browsers isn't a bad idea... however I reckon firefox with noscript addon as pretty save...

(but then I don't worry much about online banking anyway...)

benny bronx
June 19th, 2008, 01:30 PM
I do not bank online, but I imagine if you did it from the live cd it would be very safe if banking was the first thing he/she did when online. Using a different browser may be a good idea, but if keyloggers stealing information is the concern, most of them are not embedded in any particular browser. Deleting all private data in firefox prior to banking would probably accomplish the same thing. Oh, and the noscript thing.

June 19th, 2008, 01:53 PM
I do all my banking online if possible. At some point you have to do a risk assessment and figure out where your risks are. For most people the risk is more likely to be a phishing attack, and this will happen regardless of operating system.

My advice? Don't worry as much about malware/viruses and focus on ensuring that the website he goes to is correct. Type it in once and then use a bookmark to ensure he always gets to the correct page.

Resorting to rebooting and using a live cd just to check your finances is, in my opinion, being a little too paranoid. Besides, that vector still does not prevent any type of phishing attack. What happens when, without using a bookmark, he types in the wrong site? All that "security" did nothing to prevent someone from stealing his credentials.


June 19th, 2008, 02:17 PM
Running from bookmarks is a first rate idea, my banks states that they will never contact me by email so that helps to cut down on the social engineering type of breaches. When banking I am warned not to use the Back or Forward buttons on the browser rather I should use the on screen icons produced by the bank's banking application within the browser. I also use a one time hardware device / token provided by my bank that will generate a code number allowing me to access my account, with all of the precautions in place I feel safe trusting on-line banking. As for key loggers and other physical intrusions that could take place are ruled out as I only use one of my home machines for communicating with my bank.

PS I also look at my accounts once every couple of days to see if any untoward or unexpected transactions have been posted to them.

benny bronx
June 19th, 2008, 09:28 PM
What happens when, without using a bookmark, he types in the wrong site

My bad, I was assuming that the person was not a blithering idiot.

Resorting to rebooting and using a live cd just to check your finances is, in my opinion, being a little too paranoid.

Absolutely agree. It was just a suggestion regarding the safest way to do online banking,

JC Cheloven
June 20th, 2008, 12:01 PM
Everybody here: Thank you for your posts. Both your suggestions and to know what does other people do, have been very interesting to me.
The collected ideas will be useful to my friend and of course to me too.