Linux distro with LiveCD for secure online banking?

I want to know if there is a certain Linux distro that is EXTREMELY secured out of the box (LiveCD).
I'm planning to use Linux LiveCD for my banking sessions.

 

Why do you think you need a live CD for banking?
Mrk

 

RAM drive substitute?

 

Not following you.
Mrk

 

Maybe he wants something that won't leave any trace on his PC or even USB stick? Since the LiveCD may work off RAM alone, doing banking and then quitting won't leave any traces Just a guess!

 

I think his focus was security ...
Mrk

 

yes. Isnt forensics part of security?

 

I'd consider installing linux than using a LiveCD, if its more secure and if you could help me set it up.
I'm dumb at linux anyways :>

 

Well, I got tons of step-by-step tutorials for exactly that!
Head on to my site and start reading the software & security section, bottom up.
Mrk

 

LOL, dont be obtuse.
Good insight there.

Perfectly reasonable request if a bit non-specific: in fact right on the "money"
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
http://www.zdnet.com/blog/hardware/...-for-online-banking-and-shopping-updated/5813
http://blogs.computerworld.com/15815/can_ubuntu_save_online_banking
http://radsoft.net/security/20100224,00.shtml
Heh: Even in OZ: http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx
Search: http://www.google.com/search?&q=live cd banking

Even booting from LiveCD image ??
Boot VM from Live Cd ??
VMWare Appliance: ( not tested by me ) http://www.vmware.com/appliances/directory/120

Go for it
Plenty of help here.

 

i dont use linux live cd for online banking because there is alway fear of phishing site on linux more as compare to windows because on windows you always got good security suite like KIS or NIS which has very good anti phishing data base

but if you know the ip of your bank you can go with fedora or ubuntu with some tweaks its pretty rock solid

for surfing i use this distro

cant say about banking but its very secure for surfing on public places

http://spins.fedoraproject.org/kiosk/#home

https://fedoraproject.org/wiki/Fedora_Kiosk

 

Or........... what you looking for is build your own kiosk (a live cd which connect to your bank only and only to ports you want it to connect (ie.site mention in it while making and no other sites or port and root sudo ...etc default blocked)

kiosk-operating-system

here you can build a live cd according to your needs i guss mrk can put more light in that field


http://www.flatcoder.co.uk/how-to-build-a-secure-kiosk-operating-system/

http://my.opera.com/linuxonlinehelp/blog/index.dml/tag/kiosk mode

 

Oh no ! You are making me jumpy, I don't have Windows at all !
I use Firefox with NoScript and the SSL blacklist add-on. Also I always check the security details and certificate by clicking on the padlock. Surely that's all that is needed to satisfy me that it is not a phishing site ? Of course I also have apparmor FF profile enabled, but I don't think that will protect against phishing.

Opera has AVG's web threat real time data feed plus fraud protection from Phishtank and Netcraft, but my banking site doesn't support Opera (I can't even login).

My banking site advocates installing Trusteer Rapport, but no can do, there is no Linux version.

 

LOL: PROVE IT ??
A swing and a miss ??

You must be thinking about all those linux systems affected by The Zeus Trojan, Neh ?

Ocky relax...
Linux intrinsically safer from "bank trojans"
Firefox has antiphish built in.
http://www.mozilla.com/en-US/firefox/phishing-protection/
WOT if you want
https://addons.mozilla.org/en-US/firefox/addon/3456/
+ Other usual measures..you should be fine
Always good to maintain high index of suspicion.


Live CD:
How to Use It:

Just so.
If you want.

 

i said about average user point of view not for geeks

they dont check all that stuff just click and next many virus sites bypassed by linux i know all thou they dont do any harm in linux but you still click and get inside virus/phishing/trojan......etc site form linux without even knowing that where in windows with KIS/NIS....etc average user if click wrong it get blocked atleast 95%

geeks know the ip address of bank sites or atleast they check certificate ..etc ..stuff but many users dont they just click. ........ Specialy windows migrated think if some thing wrong linux will block it which is totaly wrong concept and linux doesn't

i give you 10-20 virus sites click on them they open in linux and average user download and then put it on pen drive to give his/her friend who is working on windows and his/her pc get and then average user blame it on windows where he did it innocently without knowing that fact that linux doesn't block virus/trojan.....etc It just dont let the code execute in it.

geeks have many tricks like noscript site advisors some them convert their linux by setting up squid http scanner..........end up creating it to utm...........etc ......... (ie convert their machine into castle troy)

 

Hi,
Like security, online/banking is a process, and can not be reduced or limited to a distro choice or product.
As secure is the distro/OS, it can't circumscribe all possible attacks that could occur during the process:
-client/server side attacks like XSS (logins capture), the intrusion in bank or merchant database via an SQL injection exploit (credit card number/id theft), keyboard sniffing, social engineering like phishing etc

So there is a few ideas that can help to mitigate the risks

-choose a read only OS, that can be done for instance with a live cd,
- encrypt communication (ssl vpn),
-use virtual keyboard when typing confidential data,
(many banks provide this security feature: https://online.westpac.com.au/esis/Login/SrvPage )
-subscribe to virtual card service, by this way only a number N required for a buy B is typed, and not credit card number.
-take care of the online merchant, that must be PCI DSS certified ( http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard ) or hacked proofed (logo of verisign, McAfee, Comodo
for instance).

An interesting distro is Privatix, that can be used as a live cd: http://www.mandalka.name/privatix/index.html.en
I've promised an article as a guest on Mrk site that will focus on security based OS, so for those interested just check it in a few days.

Rgds.

 

Interesting indeed,nice find.

 

@Kareldjag: thx for expanding.
I think you've got it covered !!

Live CD par excellence ?

I stand to be corrected, but if the bank is compromised any login/details is toast from any OS ??
Any HW logger will make the client a victim ??, but in "own set-up" system that is unlikely ??
( the corollary is to be extremely wary of some-one elses HW/network )

Is keyboard sniffing/keyloggers a real risk from uncompromised HW and Live Cd ( other then MIM attack or network sniffing/compromise which prolly cant be detected by client side ) ??

Phishing defences, ipso facto, require care at any time even with Live CD : Of course.

I'm not trying to mix it up with Kareldjag !! : happy to be corrected at any time: any clarification discussions are valuable.

Many banks are at last taking this seriously: nice to see you've used an Oz bank as example.
If your bank wont respond to concerns ( even something as simple as proper web standards : cf: Firefox capable: ditch them.

Further pointers ?? Heh: just run Linux for starters maybe ?

Waiting
regards

PS: Oh, dont forget card skimmers are out and about too.

 

i agree with you kareldjag there are so many parameters you can limited to specific os or some distro distro or some security feature )

thanks for Privatix i checking it out

Kiosk is another one

also its better to build your own usb incuding all security features and use it for only banking use in this way you get every thing patched and locked

like many users said live cd in unhackeble but what if there is vulnerability of firefox make it compromise for example flash in firefox live cd of mint .....who you blame it for

but if you make your own usb you can patch every thing by updating lock its iptables to connect to only specific bank site and to update distro disable root locked sudo with big password phrase encrypt your usb ....etc

secoundly you use it only for banking porpose so there is no 3rd party repo in it less software more tight security patched or none vulnerability last but not least you use it only when you need it may be once in a day or week so you are not sitting on net with it 24/7 so less prone to cyber attacks because of unavailability on net

 

I was on this forum for an encryption question but noticed some Linux threads and then saw your post. Just want to say thanks for your site! I found it the other day when I was researching which distros I am going to try...the tutorials are great and the reviews are very helpful.

I am about to start with a new laptop and will multiboot with Windows 7 and a few distros using GPT instead of MBR (so looks like I have to learn Grub2). Please keep your site up and running!

 

An interesting device to consider is the S200 IronKey USB flash drive which uses AES 256-bit CBC hardware encryption. There is an unlocker available for a large range of Linux variants. See their website at: https://www.ironkey.com

-- Tom

 

Hi Tom....I didn't see this when you posted. I thought the IronKey's were great, too; until I had two blow out within 60 days of each other. They both went through a quick mount/dismount cycle, not nearly enough time mounted (2-3 seconds) to grab any data. I was only told this was a "known issue" and they replaced the first with an identical IronKey. Just over a month later, the same thing happened to the replacement. Luckily, I had the data on both backed up in a TrueCrypt volume. I sent the second unit back, they agreed I deserved a refund if that's what wanted. It was and I did. I recently went over to their forums and there's still random threads on this very issue.

IF there was a way I could feel safe with the IK after my troubles, I would love it. I'm back to using the new Kingston DataTraveler Vault series.

 

Konata, may I ask why you feel you need to use a Linux live CD so as to bank online safely? I use locked down Windows 7 and have never been compromised. (Hell, I have never been compromised running Windows XP as an admin. for that matter...)

In reviewing your postings, you seem obsessed with tweaking your OS to no end.

Do your means justify your ends?

Can't you just "set it and forget it"?

 

IronKeys, AVs, and other for-pay "security enhancements" are snake oils peddled to the masses. Save your money and educate yourself how to use free tools and you'll be better off and richer. Please!

I speak from self-knowledge... I bought a first-gen. YubiKey that I have never used once. I now use KeePass with a locked-down Firefox that whips the ass of any costly scheme to create, authenticate, and remember passwords...

 

Well, honestly, while IronKey didn't work out for me, it's hardly snake oil. I had the 16GB USB flash drive with hardware encryption. Hardware encryption is far different from some of the things you mentioned. While much of what I use is free, you generally can't find free 16GB flash drives with hardware encryption on the chip.