LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-01-2013, 09:10 AM   #1
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 810

Rep: Reputation: 68
Question Online banking security


I have to confess I still use a Windows box for some things that require security of financial data that I wouldn't feel entirely happy about entering using Linux. I would dearly love to free myself from this dependency and ditch 'doze altogether, but I do have the perception that the Win OS is more secure for bank transactions and whatnot, simply because everything's done for me provided I let the auto-updates install as soon as they come available and I run Kaspersky or whatever to keep the machine clear of malware. To harden a Linux distribution to the same extent would require commitment and no small amount of expertise, would it not? Even notwithstanding that there are far more nasties out there looking for chinks in Windows armor than there are for Linux. How often is it that secure data gets compromised from a Linux system? Anyone experienced this?

Last edited by Completely Clueless; 08-01-2013 at 09:13 AM.
 
Old 08-01-2013, 09:30 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Personally I feel the opposite; hate using MS for banking.
General advice either way:

1. use a dedicated (minimal) env (bare metal or vm) only for banking

2. firefox with following add-ons/settings

noscript
https-everwhere
flashblock

turn off auto accept images (allow by exception)
turn off auto accept cookies (allow by exception)

type in website names by hand from a reputable src; then bookmark and stick to those bookmarks

3. never use env for anything else
4. keep updated
5. never save passwds/pins etc on the machine
(if you really want/need to; try keepass/keepassX)



YMMV
 
Old 08-05-2013, 08:31 AM   #3
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 867
Blog Entries: 2

Rep: Reputation: 216Reputation: 216Reputation: 216
Here's another good firefox extension.

https://addons.mozilla.org/en-US/fir...requestpolicy/
 
Old 08-05-2013, 09:31 AM   #4
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,618
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by Completely Clueless View Post
I do have the perception that the Win OS is more secure for bank transactions and whatnot
Define "secure".
by your own admission...
Quote:
there are far more nasties out there looking for chinks in Windows
"Chinks in Windows"...all I have to do is get you to open a specially crafted PDF and you're powned.
Quote:
To harden a Linux distribution to the same extent would require commitment and no small amount of expertise, would it not?
It's the USER you have to harden, Not the OS.

I use LastPass (a FF plugin) and it's a Keeper.

</opinion>
 
Old 08-05-2013, 12:30 PM   #5
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Mint, Xubuntu
Posts: 186

Rep: Reputation: 13
Personally I'd never use a windows box for banking, I strictly stick to linux for that. I don't have flash or java (or any other plugin) installed, and I use a number of firefox addons to protect myself. The list includes:

- Request policy
- NoScript
- Adblock Plus
- Ref control
- Cookie Monster
- GreaseMonkey (+ some scripts)
- FlagFox
- HTTPS Everywhere
- etc.

Be sure to try out RequestPolicy 1.0.0 beta! It has some extra features that the regular one doesn't.
https://www.requestpolicy.com/1.0.html

Then again it's true that you're the one to take caution not to visit malicious websites, accept email attachments from untrusted and/or suspicious sources, etc. A security system is only as strong as its weakest link. And the weakest link is in most cases the user himself.
 
Old 08-05-2013, 10:07 PM   #6
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,230

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
When a banking site says that they "only support Windows," it has nothing to do with security, but it is a pretty good sign they have a lazy and incompetent IT team.

My bank supports only IE and Firefox and are upfront about not wanting to spend the labor to test and support other browsers (I don't like it, but that is a defensible position and I can respect it). Fortunately, their site works quite well in Firefox on Linux.
 
Old 08-05-2013, 10:07 PM   #7
jefro
Guru
 
Registered: Mar 2008
Posts: 12,078

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
There are many reasons for banks being hacked that have more to do with bad practices. If you don't protect your system and update it and change passwords often to the longest offered, you may never be very secure.
 
Old 08-06-2013, 01:31 AM   #8
aus9
Guru
 
Registered: Oct 2003
Posts: 5,060

Rep: Reputation: Disabled
hmmm

MS secure is it?
http://www.theregister.co.uk/2013/07...door_for_feds/

2) How can a user claim they are better protected when they don't seem to understand the concept of patch Tuesday?
http://en.wikipedia.org/wiki/Patch_Tuesday

The millions of the mums and dads market all believe they better "secured" because they tick a box saying get security updates automatically
---when they won't get them except on a monthly basis.

end of rant
 
Old 08-06-2013, 01:49 AM   #9
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 636

Rep: Reputation: 68
"saying of preferring windows over Linux for banking !!"-- I would only say its a very bad idea that can cause you a nightmare anytime.

when you say security for a Bank or a financial institution one would only recommend an operating system that is as robust, customisable and can provide different levels of security and guess what LINUX has it all.
 
Old 08-06-2013, 06:58 PM   #10
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
I have a hardened box I use for critical things, including online banking. Much as I like Linux (and would prefer it for banking over Windows) it runs OpenBSD and nothing is enabled or installed that isn't absolutely needed.

Unfortuantely most banks compromise your security from the start. Some of the ways are as follows:

1) Using TLS 1 instead of at least 1.1
2) Those that require a specific browser or extensions
3) Those that recommend filtering connections through third parties (eg Trusteer - though some may disagree)
4) Low grade password hashing


Ask your bank about these and others if you want to be really informed about the risks.
 
Old 08-06-2013, 11:03 PM   #11
ilesterg
Member
 
Registered: Jul 2012
Location: Philippines
Distribution: CentOS, Oracle Linux, AIX
Posts: 354

Rep: Reputation: 46
From the standpoint of someone with little knowlege on Linux, I would say that maintaining a Windows box dedicated for banking is a very feasible option. Keep the OS updated, antivirus, not install non-banking software, etc. In short, don't use the box for something else.

The other option is to get yourself more familiar with Linux and everything it has to offer, thereby slowly building your confidence on it.
 
Old 08-07-2013, 05:13 AM   #12
thelinuxist
Member
 
Registered: Nov 2012
Location: Munich, Germany
Distribution: CentOS, Debian, Fedora, Ubuntu, DSL (Whatever neccessary)
Posts: 61

Rep: Reputation: Disabled
To be honest, I used Linux for banking ever since, and even though my security wasn't as tight as some on this thread, I never experienced problems.

Most trojans are aimed at Windows Systems, because most Linux users are very experienced professionals (and if not yet, trust me, you will become one. You are interested in it, that's why you will learn it quickly), whilst most Windows users are more like "the general population" - lack of even advanced knowledge, that is, at least in my home country. They don't notice whether a trojan horse is on the system. They don't know how to use tools to check the task manager. They don't care much about outdated systems and software. If it works, it works. If it's insecure - doesn't matter. If it's hacked - not my fault. Or is it?

Most Linux users on the other hand will recognize if something's odd with their computer - and they will react to it. Linux users are very good at resolving problems (When I started out, I spent weeks with only this. But I solved them) And if you gain experience and confidence, either on a VM or a Live-USB, you will get very good at this very quickly.

Still, being concious about security is a rare but highly important virtue, and I hear almost daily about new hacks. Companies and even banks in Germany don't do that much, and I even contacted a CEO of one to inform them about the security problems they had, and they were just like "We know. We will take care of it, if our board agrees and..."

The rest of the sentence actually was ignored by me, because I don't waste time listening to dumb excuses. They don't realize what it costs to be hacked.

Ending: You MUST secure every system you use for critical things like that (Usually, money is critical to everyone. Let's agree that banking is critical, OK?). No matter if it is Linux or Windows! You wouldn't believe how many insecure Linux boxes are around in the world, because they aren't updated, have weak passwords, allow unauthorized use of mail servers or the likes of it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] online banking security rfjohn13 Linux - Newbie 8 06-04-2011 04:09 AM
First Direct online banking nuxguy Linux - Software 5 11-12-2009 07:51 AM
Online banking security issues Cogar Linux - Security 1 11-03-2005 01:50 PM
online banking? toolshed Linux - Software 7 03-24-2004 01:10 PM
Online Banking / Online Shopping in Linux? JROCK1980 Linux - General 14 02-27-2004 03:46 PM


All times are GMT -5. The time now is 09:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration