Use a Linux LiveCD to Avoid Windows Malware For Netbanking

by on October 15, 2009 · 6 comments· LAST UPDATED October 15, 2009

in , ,

Internet has revolutionized the way online users can shop and avail banking services like internet Banking from anywhere, anytime without visiting bank. But, how safe is your money with online net-banking which allows to carry out money transfer? Companies and in some case individuals lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. The cyber crooks are targeting innocent MS-Windows user. If you are concerned about how best to protect yourself from this type of fraud, use Linux LiveCD for online banking and avoid Microsoft Windows at all cost.

According to this blog (found via Slashdot) post:

While there are multiple layers that of protection that businesses and banks could put in place, the cheapest and most foolproof solution is to use a read-only, bootable operating system, such as Knoppix, or Ubuntu. Malware that is built to steal data from Windows-based systems won't load or work when the user is booting from LiveCD

Few More Security Tips

Bank and credit card issuer don't care about your money. You need to worry about your own money. Here are a few more tips:

  1. Do not do online banking, period. Go and see your banker personally ;)
  2. Another option is to have a two or three bank accounts. Only use one for netbanking and disable the netbanking for other account.
  3. Use dedicated Laptop or desktop.
  4. Use a Linux LiveCD.
  5. Use licensed Windows software on your computer and avoid pirated version.
  6. Always use latest version of browsers to connect to the Internet
  7. Disable autologin and do not allow unauthorized access to you computer.
  8. Use strong passwords for user account and netbanking.
  9. Apply latest security patches and turn on autoupdate.
  10. All Windows user should use anti-virus, anti spyware and personal firewall.
  11. Turn on your Wifi router firewall.
  12. Always use WPA / WPA2 with TKIP or AES encrypting with a strong paraphrase (wifi router).
  13. Change paraphrase every month and disable UPnP (wifi router).
  14. Use VPN if possible.
  15. Do not click on any links while browsing the Internet. Use Firefox with NoScript addon. Unwanted link can trick your computer and it can download malicious software or key-logger on to your computer.
  16. Only download Free software from trustworthy source. Many freeware software, games and screen-savers may have Trojans installed that would transfer password and other sensitive information to crooks.
  17. Never ever click on the links in emails asking for confidential information. No bank or government department (such as Income tax department) asks your confidential information as they already have all your information.
  18. Never ever open attachments received from unknown sender or email that claims to show you nude pictures of famous females. They may contain virus infected files most of the times.
  19. Protect your email-id against spam and viruses. You can use server side spam filtering software such as Spamassassin, Clam Anti-Virus, Maia-Mailguard, and FuzzyOCR.
  20. Make sure the Web page you are viewing offers encryption of your data while shopping or doing online transactions.
  21. When not in use, disconnect the Internet and system from the router to avoid unwanted access.
  22. Activate a screen saver with password protection to protect your terminal session.
  23. Use two factor authentication. Many banks offer add-on service for the authentication. For example, ICICI bank sends you a one time password for all online banking transactions via SMS. You need to enter the same to complete the transaction. Other banks offer RSA crypto-key chains which change your regular password into a one password+8character unique random number. All our VPN networks and ssh servers logins are also protected using RSA crypto-keys.

How do you protect yourself from this type of frauds?

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 6 comments… read them below or add one }

1 Solaris October 16, 2009 at 11:46 am

It is good to implement strong security but there are hardware tokens now,
most banks already introduced them. Even if an attacker gets your username
and password they can’t move one finger without the authorization code given
by your personal token.

For those who don’t know what a token is: it looks like a small pocket calculator
that implements cryptographic challange codes if you want to perform
authentication or any operation while online banking. If you want to pay a
bill you will get a code that after being typed in the token, he (the token)
will generate you a response code which you need to type into a
checkbox in order to do any online transaction.

What I told you is from the EU, I don’t know for sure about
other methods based on hardware authentication.

Reply

2 Ashwani Kumar October 16, 2009 at 2:52 pm

Thanks for info

another way is use an Linux Vm in yours favorite windows O.S host ;-)

Reply

3 liju October 16, 2009 at 5:43 pm

Great tips….

It should be a notice to all online users……….I don’t know no any Windows users uses a Live CD even they haven’t heard about a bootable Live OS CD before…

I suggest you to add a description about the scope of portable firefox for windows users in some extended….

Keep it up …

Reply

4 Colin October 23, 2009 at 7:38 am

One tip that you do not have. I use one internet browser for internet banking and one browser for everything else. Naturally do not use Internet Explorer as this integrates into the OS. But perhaps firefox for normal browsing and Chrome or Opera for internet banking. I would doubt if a key logger would be able to jump browsers ( I could be wrong and if so please POLITELY point it out)!

Reply

5 Viktor November 27, 2009 at 12:04 am

Colin, I don’t know if I understood you correctly… A key logger running in your system at the appropriate privilege can get access to almost all keystrokes (Winlogon is a bit more tricky to record). However if you meant a JavaScript key logger, or a key logger designed as a Firefox addon then you can of course avoid being monitored by switching browser. Keep in mind though, Javascript runs on most browsers, so a MITM attack using Javascript that targets your new sessions on Chrome or Opera will eventually get your keystrokes in those browsers as well.

Reply

6 Stanley December 2, 2009 at 7:22 am

Here’s how I have my WinXP box setup:

– Everyday use under least privileged Guest Account only. Admin account is used offline when installing softwares.

– Firefox protected with Sandboxie and No-script.

– The usual combo of firewall and anti-virus. Rarely detects any malware at this point.

But my main PC is Linux which gives me greater peace of mind.

I have two bank accounts. One for savings that is not used online. And one for online banking with one or two grand in it at most mainly for paying bills and all.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , , ,

Previous post:

Next post: