LiveCD best way to access banking accounts?

[shinysecure]

I try to be rather secure and am trying to come up with some better options for my whole family by reading a lot on this site however, for the time being I have a question.

What around peoples opinions on using an Ubuntu liveCD for banking and such.
I have an old comp with no hard drive.. basically the plan would be turn it on... load ubuntu off the cd, go about business, restart.

Ideally it could be used for banking and a comp for younger people in the house to mess around on.

What about updates? for booting up and going to 3-4 banking websites only is burning a new ubuntu every 6months sufficient?

Thanks for any opinions on the matter, learning a lot from the forums.

[Fly]

Disclaimer: no expert

There is something to say for a LiveCD, Ubuntu or not.

But you also want to allow people to 'mess around on' the same computer ? How would that work, would they use Ubuntu ?

In a way it would be safe, as long as the computer looks for the CD first (usually set in BIOS). But no harddrive ? What kind of storage medium do you use ? You would have to check for 'exits', or 'gateways', meaning no plugged-in USB sticks, non-networked computer (beware file and printer sharing), noone looking over your shoulder when you do online banking, beware of hardware keyloggers etc.

But maybe you should check first the (legal and other) requirements of your bank, relevant laws. If something goes wrong, who is liable, you or the bank ?
What kind of security measures are used ? Just a login and password ? That's not safe. You'd have to be careful about man-in-the middle attacks and perhaps other issues.

I do online banking, no LiveCD, just a login, password and a 'third token'.
As far as I know I'm not liable as long as I'm careful with those three, and there is no way to bypass those three.
Of course, my computer is always clean, and if I suspect it isn't I just restore an image. And I always do a full reboot before and after online banking.

There are many options.

But if you really have a lot of money you should be careful and study the issue, perhaps refrain from online banking at all.

[Pedro]

I don't see anything wrong with your method. It's simple enough to use imo.

While i don't see any immediate need to update every 6 months, it is also a simple way to ensure compatibility with new websites, or updates in said websites (new flash version needed, javascript, html, and so on).

If it makes life easier for you, i say go for it.

[shinysecure]

Quote:

Originally Posted by Fly

Disclaimer: no expert

There is something to say for a LiveCD, Ubuntu or not.

But you also want to allow people to 'mess around on' the same computer ? How would that work, would they use Ubuntu ?

Yes they would use ubuntu as well, basically in the "mess around" scenario it would be if say I had people over and someone wanted to look up something online.

In a way it would be safe, as long as the computer looks for the CD first (usually set in BIOS). But no harddrive ? What kind of storage medium do you use ?

There would be no long term storage, ram only, therefor it would be a fresh ubuntu every time the comp is turned on.
This is a secondary computer, would use my main computer for most things, this would just be for the really personal stuff.

You would have to check for 'exits', or 'gateways', meaning no plugged-in USB sticks, non-networked computer (beware file and printer sharing), noone looking over your shoulder when you do online banking, beware of hardware keyloggers etc.

In the situation I would not be concerned about hardware keyloggers, I have no personal enemies.. just paranoid. It would however be plugged into a network. It would be through a router with nothing else on the local network.

But maybe you should check first the (legal and other) requirements of your bank, relevant laws. If something goes wrong, who is liable, you or the bank ?
What kind of security measures are used ? Just a login and password ? That's not safe. You'd have to be careful about man-in-the middle attacks and perhaps other issues.

I do online banking, no LiveCD, just a login, password and a 'third token'.
As far as I know I'm not liable as long as I'm careful with those three, and there is no way to bypass those three.
Of course, my computer is always clean, and if I suspect it isn't I just restore an image. And I always do a full reboot before and after online banking.

There are many options.

But if you really have a lot of money you should be careful and study the issue, perhaps refrain from online banking at all.

I am not liable if all the rules are followed but I would still rather avoid the hassle that the situation could cause and the feeling.

Thanks for the responses, just wanted to make sure a livecd was a legitimate option if it was not always 100% up to date but only used during the session for banking. Any other thoughts are welcomed.

[chronomatic]

Using a liveCD is comparable to using a virtual OS, though I would think the liveCD is a bit safer since it can't be "broken" out of. Of course, you have to be cognizant, as the guy above said, of MITM attacks and SSL forgeries, etc. This is something that is beyond local security.