Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-01-2013, 09:10 AM   #1
Completely Clueless
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 816

Rep: Reputation: 69
Question Online banking security

I have to confess I still use a Windows box for some things that require security of financial data that I wouldn't feel entirely happy about entering using Linux. I would dearly love to free myself from this dependency and ditch 'doze altogether, but I do have the perception that the Win OS is more secure for bank transactions and whatnot, simply because everything's done for me provided I let the auto-updates install as soon as they come available and I run Kaspersky or whatever to keep the machine clear of malware. To harden a Linux distribution to the same extent would require commitment and no small amount of expertise, would it not? Even notwithstanding that there are far more nasties out there looking for chinks in Windows armor than there are for Linux. How often is it that secure data gets compromised from a Linux system? Anyone experienced this?

Last edited by Completely Clueless; 08-01-2013 at 09:13 AM.
Old 08-01-2013, 09:30 AM   #2
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,411

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Personally I feel the opposite; hate using MS for banking.
General advice either way:

1. use a dedicated (minimal) env (bare metal or vm) only for banking

2. firefox with following add-ons/settings


turn off auto accept images (allow by exception)
turn off auto accept cookies (allow by exception)

type in website names by hand from a reputable src; then bookmark and stick to those bookmarks

3. never use env for anything else
4. keep updated
5. never save passwds/pins etc on the machine
(if you really want/need to; try keepass/keepassX)

Old 08-05-2013, 08:31 AM   #3
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
Here's another good firefox extension.
Old 08-05-2013, 09:31 AM   #4
LQ 5k Club
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,573
Blog Entries: 15

Rep: Reputation: Disabled
Originally Posted by Completely Clueless View Post
I do have the perception that the Win OS is more secure for bank transactions and whatnot
Define "secure".
by your own admission...
there are far more nasties out there looking for chinks in Windows
"Chinks in Windows"...all I have to do is get you to open a specially crafted PDF and you're powned.
To harden a Linux distribution to the same extent would require commitment and no small amount of expertise, would it not?
It's the USER you have to harden, Not the OS.

I use LastPass (a FF plugin) and it's a Keeper.

Old 08-05-2013, 12:30 PM   #5
Registered: Jan 2013
Location: EU
Distribution: Mint, Xubuntu
Posts: 249

Rep: Reputation: 24
Personally I'd never use a windows box for banking, I strictly stick to linux for that. I don't have flash or java (or any other plugin) installed, and I use a number of firefox addons to protect myself. The list includes:

- Request policy
- NoScript
- Adblock Plus
- Ref control
- Cookie Monster
- GreaseMonkey (+ some scripts)
- FlagFox
- HTTPS Everywhere
- etc.

Be sure to try out RequestPolicy 1.0.0 beta! It has some extra features that the regular one doesn't.

Then again it's true that you're the one to take caution not to visit malicious websites, accept email attachments from untrusted and/or suspicious sources, etc. A security system is only as strong as its weakest link. And the weakest link is in most cases the user himself.
Old 08-05-2013, 10:07 PM   #6
LQ Guru
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,784
Blog Entries: 17

Rep: Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315Reputation: 3315
When a banking site says that they "only support Windows," it has nothing to do with security, but it is a pretty good sign they have a lazy and incompetent IT team.

My bank supports only IE and Firefox and are upfront about not wanting to spend the labor to test and support other browsers (I don't like it, but that is a defensible position and I can respect it). Fortunately, their site works quite well in Firefox on Linux.
Old 08-05-2013, 10:07 PM   #7
Registered: Mar 2008
Posts: 17,101

Rep: Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552
There are many reasons for banks being hacked that have more to do with bad practices. If you don't protect your system and update it and change passwords often to the longest offered, you may never be very secure.
Old 08-06-2013, 01:31 AM   #8
LQ Addict
Registered: Oct 2003
Location: Australia
Distribution: MX 16
Posts: 5,296

Rep: Reputation: Disabled

MS secure is it?

2) How can a user claim they are better protected when they don't seem to understand the concept of patch Tuesday?

The millions of the mums and dads market all believe they better "secured" because they tick a box saying get security updates automatically
---when they won't get them except on a monthly basis.

end of rant
Old 08-06-2013, 01:49 AM   #9
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 81
"saying of preferring windows over Linux for banking !!"-- I would only say its a very bad idea that can cause you a nightmare anytime.

when you say security for a Bank or a financial institution one would only recommend an operating system that is as robust, customisable and can provide different levels of security and guess what LINUX has it all.
Old 08-06-2013, 06:58 PM   #10
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
I have a hardened box I use for critical things, including online banking. Much as I like Linux (and would prefer it for banking over Windows) it runs OpenBSD and nothing is enabled or installed that isn't absolutely needed.

Unfortuantely most banks compromise your security from the start. Some of the ways are as follows:

1) Using TLS 1 instead of at least 1.1
2) Those that require a specific browser or extensions
3) Those that recommend filtering connections through third parties (eg Trusteer - though some may disagree)
4) Low grade password hashing

Ask your bank about these and others if you want to be really informed about the risks.
Old 08-06-2013, 11:03 PM   #11
Registered: Jul 2012
Distribution: Arch, Debian, and CentOS/RHEL
Posts: 541

Rep: Reputation: 56
From the standpoint of someone with little knowlege on Linux, I would say that maintaining a Windows box dedicated for banking is a very feasible option. Keep the OS updated, antivirus, not install non-banking software, etc. In short, don't use the box for something else.

The other option is to get yourself more familiar with Linux and everything it has to offer, thereby slowly building your confidence on it.
Old 08-07-2013, 05:13 AM   #12
Registered: Nov 2012
Location: Munich, Germany
Distribution: CentOS, Debian, Fedora, Ubuntu, DSL (Whatever neccessary)
Posts: 61

Rep: Reputation: Disabled
To be honest, I used Linux for banking ever since, and even though my security wasn't as tight as some on this thread, I never experienced problems.

Most trojans are aimed at Windows Systems, because most Linux users are very experienced professionals (and if not yet, trust me, you will become one. You are interested in it, that's why you will learn it quickly), whilst most Windows users are more like "the general population" - lack of even advanced knowledge, that is, at least in my home country. They don't notice whether a trojan horse is on the system. They don't know how to use tools to check the task manager. They don't care much about outdated systems and software. If it works, it works. If it's insecure - doesn't matter. If it's hacked - not my fault. Or is it?

Most Linux users on the other hand will recognize if something's odd with their computer - and they will react to it. Linux users are very good at resolving problems (When I started out, I spent weeks with only this. But I solved them) And if you gain experience and confidence, either on a VM or a Live-USB, you will get very good at this very quickly.

Still, being concious about security is a rare but highly important virtue, and I hear almost daily about new hacks. Companies and even banks in Germany don't do that much, and I even contacted a CEO of one to inform them about the security problems they had, and they were just like "We know. We will take care of it, if our board agrees and..."

The rest of the sentence actually was ignored by me, because I don't waste time listening to dumb excuses. They don't realize what it costs to be hacked.

Ending: You MUST secure every system you use for critical things like that (Usually, money is critical to everyone. Let's agree that banking is critical, OK?). No matter if it is Linux or Windows! You wouldn't believe how many insecure Linux boxes are around in the world, because they aren't updated, have weak passwords, allow unauthorized use of mail servers or the likes of it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] online banking security rfjohn13 Linux - Newbie 8 06-04-2011 04:09 AM
First Direct online banking nuxguy Linux - Software 5 11-12-2009 07:51 AM
Online banking security issues Cogar Linux - Security 1 11-03-2005 01:50 PM
online banking? toolshed Linux - Software 7 03-24-2004 01:10 PM
Online Banking / Online Shopping in Linux? JROCK1980 Linux - General 14 02-27-2004 03:46 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration