Most secure distro for online payments to ebay/amazon
 

Currently using linux mint. While it's nice I have the feeling all those bells and whistles must be exposing a large attack surface.

What is the most secure distro known to man, but which is still capable of making payments to amazon and ebay?

BSD is oft-quoted as being the most secure, but any *nix system set up properly should provide plenty of security.

As far as being capable of making payments, that's more of a browser capability, AFAIK. As long as you use the same browser you have been using, it matters not what OS it's on (provided it runs on said OS, of course :)).

EDIT: If you like Mint, it's based on Ubuntu, which is in turn based on Debian. You might look into Debian (it doesn't have as many bells and whistles by default, but you can add them if you wish).

In general, to be more secure, you install ONLY what's needed, and add services/software according to your needs. Debian is ideal for this (though there are MANY others).

I was hoping to find a very simple browser (no flash, no java, no non-essential features). On a simple security-oriented operating system. Making my own would be too troublesome and probably not secure enough, which is the lesson I learnt after:

1. Trying a minimal debian install with LXDE and Firefox and Opera - it was broken out of the box (too slow occasionally), and

2. Trying to remove lots of packages from mint - it got broken - there must be hidden dependencies, you can't just remove whatever you like and trust synaptic that all actual dependencies are satisfied, and this is probably a universal problem in linux.

So it has to be a pre-built distro. One that is security-oriented. But still capable of making payments online to ebay and amazon.

What specific features are you looking for? And what vulnerabilities are you experiencing? It's kinda hard to know what to recommend. You have a vague feeling that there must be vulnerabilities exposed because you use Mint, but you don't say what they are.

CentOS (free RedHat clone) is stable, secure which is what you want for a production server. Mint is more suited for desktop uses. RedHat is what is used for businesses running linux servers.
Install it headless with only the minimum. SElinux is standard which is an added security measure. Make sure the firewall is set up correctly to expose only the absolute necessary.

The "good enough" answer: do a default install of foo distro. Turn off all listening daemons. Keep the packages up to date. Run the noscript plugin for firefox, and allow only ebay and amazon to run scripts. Do not use it for anything but making online payments to ebay and amazon.

Good enough.

Strictly the essentials only for paying amazon and ebay through paypal - if a text-based browser is more secure for this, I'd use it.

A vulnerability has a strict meaning, it's not something you experience but an unknown fault that someone else discovers and someone other exploits - the victim doesn't know which vulnerability was used to hack into and own their computer.

There are sites that give lists of known vulnerabilities in current and previous versions of various pieces of software, for example thunderbird has plenty. So the more internet-facing applications and services you have, the more vulnerabilities available to malicious types.

What does it mean to install it headless?

In Firefox, go to Tools->Start Private Browsing. Firefox will not remember your credit card data from that session.

I think you are underestimating the security of Linux Mint. So long as you use the current release and stay up-to-date with updates, it's as secure as any other distro.

However, if you are truly paranoid about your online transactions, you can do your banking from a Live CD. All data will be lost when you power down the computer. Most distros have a live daily build CD of their development branch. This would give you the latest browser updates and security patches for that day.

@Ulysses_: it seems you've already received plenty of good advice in this parallel thread. (It's not the first time I've replied to one of your posts only to find an identical thread on ubuntuforums.)

---

How To Ask Questions The Smart Way

All said in the other thread is aimed at average Joe Bloggs users and not politically involved people who might become targets for framing, provocateurs. This is no place to discuss politics so I'm stopping here. Just take my word for it, Joe Bloggs security is not for everyone posting here.

As a reference, you might want to read this link: http://www.debian.org/doc/manuals/se...-debian-howto/

It's a good checklist regardless of distro.

I see your other thread at UbuntuForums was closed. ;)

It's funny, you started off by giving the impression you were concerned about having your credit card data stolen when shopping on Amazon or Ebay. A common and valid concern that I feel was adequately addressed in various replies (on both forums).

If, however, your concerns run deeper than that, into the shady realms of state secrets and political enemies, I have bad news... if "they" are out to get you, switching from Mint to Backtrack isn't going to make much difference: http://www.personal.psu.edu/sjs5196/...%20Cartoon.jpg

If you are frustrated with the quality of the answers you've received, then maybe you didn't ask the right question? :)

Snowpine, thanks, I am already using firefox private browsing, and already my shopping VM* is a liveCD without a hard disk, I have written about this here months ago.

* vmware virtual machine

Now look what that mint 9 liveCD produced last week at a legitimate shopping site:

"This Connection is Untrusted
You have asked Firefox to connect securely to www...."

There must be a mismatch of certificates. Forcing you to go back to ubuntu 9.1, where this does not occur. Neither does it occur with windows xp. So it's almost certainly mint's fault.

If things were as simple as you say, there would be no Backtrack, and there would be no linux hardening guides.

It has to be understood that threats are not the same for all people because circumstances and usage are not the same for all people.

Backtrack is what people doing dangerous things need. The end.

Now I've seen this:

Yes, that's what the reference to framing is about. You must have missed the wikileaks v. pentagon story and its implications. Clearly politics is not for everyone.