LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-03-2011, 02:28 PM   #1
rfjohn13
LQ Newbie
 
Registered: Feb 2007
Posts: 1

Rep: Reputation: 0
online banking security


Hi all, I'm new to Linux(Ubuntu 11.4), just installed it two weeks ago. I've been a

member of Linuxquestion for about 2 or 3 years mostly lurking.

I have building/buying computers for 30 years, first DOS,Windows 3.1, then Windows 95

through all to Win7.

My question is for security of online banking and other financial things. Everything

I've been reading on here indicates that no Antivirous/Malware is needed. Being new

to Linux, I can't tell if ClamAV is working or if is even needed.

I had thought about doing banking on my wife's machine(Windows only) rebooting to a

Ubuntu LiveCD. Does this sound like a more secure idea? Our two other machines are

both dual boot with Ubuntu alongside of Windows XP & Windows 7.

Thanks in advance for any help and or suggestions.
Bob
 
Old 06-03-2011, 02:38 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Out of the box, Linux is far more secure than Windows. Generally speaking, antivirus and anti-spyware tools are not needed. There are some great articles out there that deal with this subject. Here is one such document: http://linux.oneandoneis2.org/LNW.htm You also mentioned using Ubuntu. I would recommend that you read the sticky posts in the security section of Ubuntuforums.org. There is a very well written and excellent white paper on Linux Security oriented towards new users coming from a window Environment.

Also, from most of the comments I have heard on the subject, using a liveCD for your banking is a very good move as by its nature it is impervious to most malware as it doesn't have perpetual storage.
 
Old 06-03-2011, 03:10 PM   #3
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,154
Blog Entries: 1

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Quote:
Originally Posted by Noway2 View Post
I cant even remember how old that article is.

If you are worried about security, for banking purposes, I suggest you "Make sure you have a physical firewall first." This is a suggestion. But, if you are connecting directly to the internet, without a firewall or at least a NAT'd address, with your Windows machines, you will probably find that you are being scanned quite a bit for vulnerabilities.

As to linux. Yes, it is more secure. Yes, for banking it would be a sound idea to use a live CD as there is no permanent storage.
 
Old 06-03-2011, 03:38 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
A physical firewall is always a good idea. However, this is one of the really key differences between Linux and Windows. In Windows, a firewall is all but an absolute requirement to keep "bad" things out and without one you will become compromised in minutes, if not seconds. This won't happen with Linux. Linux keeps all of the ports closed by default and only if you install a server application that listens on the port will they be opened. You can use the firewall built into Linux, called iptables, which as it is a little difficult for beginners, use UFCW or Firestarter which are graphical front ends for it. The thing about a firewall in Linux is that it acts as a secondary, backup, barrier in case something does get opened.
 
Old 06-03-2011, 07:04 PM   #5
animeman
Member
 
Registered: Dec 2009
Location: Bad Axe mi
Distribution: gentoo, Android, bohidI
Posts: 85

Rep: Reputation: 17
Linux is not fully secure though no os is I would suggest a hardware firewall and a av program just incase, not much for securiety more for the possibality of a virus chances are small, but still never can be to careful.
 
Old 06-03-2011, 07:09 PM   #6
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
I believe that the problems with security in on line banking are related to the protocols and are, therefore, platform independent. I would not use any platform to access my personal bank account over the Internet. I have specifically asked my bank to ensure that my account cannot be accessed over the Internet.

A man in the middle attack can happen to anyone.

Every convenience carries a security vulnerability.
 
Old 06-03-2011, 09:09 PM   #7
jefro
Guru
 
Registered: Mar 2008
Posts: 11,549

Rep: Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405Reputation: 1405
Security is a group of tasks. You have to do as many as you can to be somewhat protected. Unfortunately you have to do a lot of your own work to see that your bank account has not been hacked. While it might be said linux is more secure the problem is that applications are the most risk.

Any system is subject to attack. See pawn2own for how short of a time it takes a hacker to run code.
 
Old 06-03-2011, 09:36 PM   #8
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 7,747

Rep: Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461Reputation: 1461
Five basic rules for banking security:

1. Firewall.

2. Don't use public or unencrypted wireless. Someone might sniff your connection.

3. Don't store your banking (or other financial) passwords on your computer and certainly not in a browser password manager, no matter how secure the browser claims to be.

4. Make sure the connection is https.

5. Ignore any emails that claim to come from your bank and request information. Banks don't do that.
 
Old 06-04-2011, 03:09 AM   #9
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,902

Rep: Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775Reputation: 775
Quote:
Originally Posted by rfjohn13 View Post

I had thought about doing banking on my wife's machine(Windows only) rebooting to a

Ubuntu LiveCD. Does this sound like a more secure idea?
Only up to a point; well no one can change the information on the CD/DVD if it isn't writeable. Amongst the people who can't change stuff is you, so that makes it more difficult to keep your software up-to-date. So, if, eg, your browser has a security issue (and a patch becomes available), what are you going to do about it? Wait 'till a new version of Ubuntu is released so that you be secure again? Or will you just carry on and hope?


Quote:
Originally Posted by rfjohn13 View Post
...indicates that no Antivirous/Malware is needed...
Be aware that when people ask about viruses, they may get an answer about viruses. As across all platforms, viruses are a small percentage of the total malware spectrum, and, in particular, are of marginal concern for most Linux users, this is often deceptive to people who make the error of thinking that the terms 'malware' and 'virus' are synonyms.

You can run, eg, ClamAV, but you'll probably never find anything that was going to harm you. The danger is that it might stop you from doing something more worthwhile thinking that an antivirus program is somehow all you need or particularly constructive. If you have a server that could pass files on to a windows box, then you can see the advantage, otherwise Rkhunter, maybe a more constructive use of your time....if you still feel nervous, the belt 'n braces approach of doing both isn't actually a problem.

Quote:
Originally Posted by rfjohn13 View Post
Being new to Linux, I can't tell if ClamAV is working or if is even needed.
Might be a subject for a separate thread, but
  • did you install it?
  • have you seen any sign of it being active in the system monitor/top?

The Frankbell list is quite good, but
Quote:
2. Don't use public or unencrypted wireless. Someone might sniff your connection.
Sniffing your connection is not the only risk with unencrypted wireless, and the encryption should be better than WEP to really count as encryption.

The browser should be up-to-date, at least as far as security patches are concerned. There are people still running ancient versions of Internet Exploder, and asking whether that would be insecure is a bit like asking whether water could get through the holes in a sieve. And with just about as many leaks. Which doesn't let ancient versions of other browsers off the hook, but IE is distinctly worse than average, and average ain't good enough...

@stress_junkie
Quote:
I would not use any platform to access my personal bank account over the Internet.
Me, too. But maybe I'm just paranoid. But, at least if I am paranoid, I'm not the only one...

Last edited by salasi; 06-04-2011 at 03:10 AM. Reason: spellerin, agin
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox and online banking salimshahzad General 12 01-11-2010 04:43 AM
First Direct online banking nuxguy Linux - Software 5 11-12-2009 06:51 AM
Online banking security issues Cogar Linux - Security 1 11-03-2005 12:50 PM
online banking? toolshed Linux - Software 7 03-24-2004 12:10 PM
Online Banking / Online Shopping in Linux? JROCK1980 Linux - General 14 02-27-2004 02:46 PM


All times are GMT -5. The time now is 09:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration