-   Linux - Security (
-   -   Online banking security issues (

Cogar 11-03-2005 01:05 PM

Online banking security issues
At another forum, we started discussing an article over at MSNBC, where they talk about RATs. As a first guess, I thought that using Linux for online banking and other secure transactions may be better than using Windows, since most of these Trojans and other malware seem targeted to Windows systems. I wanted to ask here as well to learn the opinion of people who are more generally Linux-savvy than others. Here is the article:

kilgoretrout 11-03-2005 01:50 PM

I know of no trojan like those described in the article for linux or *nix . Propogation would be very difficult in a linux environment.
First, things cannot be automatically installed in linux like they can in windows. The article refers to automatc and unknowing installation of this malware - that's windows and MS's security impaired ActiveX technology at work. ActiveX is generally regarded as a security abomination, so much so that Vista has it disabled by default as a new "feature". ActiveX allows an untrusted remote source to download, install and run code on your box without any interaction from the user. Talk about a blueprint for disaster. Ironically, many bank/financial sites rely on ActiveX technology in order to run properly.
Second, while linux users are not immune from social engineering manipulating them to install the malware, writing such malware for linux is much more difficult because there is so much variation within linux. You do not have a uniform environment like you do in windows. It would be very difficult to get a set of malware binaries together that could be successfully installed on a broad spectrum of *nix boxes without someone detecting the true nature of the malware. Even assuming some attack vector in *nix that would allow for installation of malware without the users knowledge, crafting that malware would be a ton of work given the huge variation in linux kernels used, not to mention other software. This software diversity has greatly limited the spread of any such trojans in *nix environments when compared to windows environments. It's just so much easier on windows to do.

All times are GMT -5. The time now is 12:05 AM.