Internet Banking In A Virtual Machine

TerryWood · #1 November 6th, 2011, 05:20 AM

Hi

There are numerous options being propounded for SAFE Internet Banking, all of them in my view, suffer loss of convenience.

The question is which is the safest with least loss of convenience.

Does running a linux distro in a VM qualify as safe?
If it does should it be installed to the VM or as a Live CD?

What are the disadvantages of running a Linux Distro in a VM?

Which distro is considered to be most appropriate for a VM in banking?

To the Mods: I was not sure whether to put this under Linux or Virtualization. Feel free to move according to your perspective.

Thanks

Terry

Cudni · #2 November 6th, 2011, 05:30 AM

losing money has to be the most inconvenient. Not that I bother but if I did I would run a Livecd or similar

Meriadoc · #3 November 6th, 2011, 05:31 AM

Hello,

Just set up a small vm, any OS that you prefer, that restores the VM to a clean state (nonpersistant mode) and only use it for that one job - BankingVM.

'that one job' to me would also mean locking down vmware, for example and OS so that it only does what is intended. In vmware you may also encrypt a vm.

MrBrian · #4 November 7th, 2011, 08:37 PM

If you do online banking in a VM, you could run into these two issues:
1. Malware on host intercepts or changes data in VM.
2. Malware encountered in VM infects host.

If you use a bootable CD/DVD (not in a VM), you can eliminate issue #1 (unless you have malware in BIOS, graphics card, etc). You can eliminate issue #2 (except for infection of BIOS, graphics card, etc.) if you use a specialized bootable CD/DVD (not in a VM) such as Lightweight Portable Security that cannot access your hard disk.

#5 November 7th, 2011, 10:33 PM

Quote:

Originally Posted by TerryWood

Hi

Does running a linux distro in a VM qualify as safe?

I don't see why not, especially if the Linux vm is running in a Windows Standard account on the host machine. Just ensure shared folders are disabled and use bridged networking. I'd reckon someone would be really hard pressed to come up with a method that host malware could use to intercept data off the Linux vm in this scenario.

MrBrian · #6 November 7th, 2011, 11:19 PM

The Safest Way to Bank Online

Windows and Online Banking: A Dangerous Mix

MrBrian · #7 November 8th, 2011, 09:07 PM

Do a web search for "virtual machine introspection" if you think that software on a host cannot see what's going on in a virtual machine.

Meriadoc · #8 November 9th, 2011, 05:01 AM

How vms work, it has to, although that's a simplification. VMI's work on this to log and interact vms, there are some forensic tools that work this way, we use the same approach in monitoring vms.

Green Giant · #9 November 9th, 2011, 03:10 PM

I use an ordinary IE9 browser with Trusteer Rapport (provided free by my Bank) to ensure that I really am communicationg with my Bank rather than a fraudster.

Green Giant

Meriadoc · #10 November 10th, 2011, 02:26 AM

Quote:

Originally Posted by Green Giant

I use an ordinary IE9 browser with Trusteer Rapport (provided free by my Bank) to ensure that I really am communicationg with my Bank rather than a fraudster.

Green Giant

As long as Trusteer keeps up with attacks, 'continuous' update is needed.

Dogbiscuit · #11 November 10th, 2011, 05:47 PM

From Krebs on Security:

Quote:

Trusteer’s product certainly raises the bar for malware writers, and forces them to deploy Rapport-specific attacks to plant malicious software on a user’s PC. Spanish security firm S21sec said recently it had confirmed in lab tests “that ZeuS cannot grab any data in a machine where this software is installed. Unfortunately, the ZeuS guys haven’t just been lazing around; in one of the latest samples of of the Trojan, we have seen how ZeuS, right after infecting a computer, downloads and executes a second file whose purpose is to render useless this software.”

Nevertheless, I think Rapport would be a decent, low-impact addition to the security of any PC user banking online with Windows. But I’m a bit on the fence about recommending this for businesses, mainly because companies that lose money due to stolen online banking credentials are almost always on the hook for those losses.

Quote:

Small to mid-sized businesses probably would do better to rely on a Live CD approach on PCs used for online banking.

http://krebsonsecurity.com/2010/04/a...from-trusteer/

(I found Trusteer Rapport to have a noticeable impact on browser performance when used with a single core processor like a 2.8GHz Pentium 4.)

farmerlee · #12 November 10th, 2011, 08:19 PM

I just run linux on an old laptop for the sole purpose of internet banking. Its the safest and most convenient option for me.

MrBrian · #13 November 10th, 2011, 08:25 PM

Some threads about keyloggers on host vs. virtual machines:
http://www.wilderssecurity.com/showthread.php?t=303738
http://www.dslreports.com/forum/r162...om-keyloggers-
http://forums.whirlpool.net.au/archive/1644324
http://communities.vmware.com/message/202253

m00nbl00d · #14 November 10th, 2011, 08:31 PM

I went through an intensive scientific research

, and have come to the conclusion that the safest method to fight Internet Banking Malware is... walking to the bank itself, and do things face to face. It works like a charm...

#15 November 10th, 2011, 11:26 PM

Say, does anyone know how effective the Zemana keylogger test program is

*EDIT*

Anyways, fwiw... (I couldn't resist since so many members in those linked forums were decreeing that keystrokes in the vm would be captured by a keylogger running on the guest)

Here’s a keylogger test I ran a short while ago this evening:

Host machine:

Windows 7 Ultimate x64
UAC set to off (slider to very bottom)
AppLocker policy cleared (disabled)

VMWare 8.0 guest

Windows 7 Ultimate x64
Running in Host’s Standard User account

Antikeylogger test program Zemana keyboard.exe: Ran several tests on the host machine enabling and disabling the option to capture from physical hardware only

Results: Absolutely nothing captured when keystrokes were directed to the VM guest, including:

account login
keystrokes entered in both secured and non-secured web pages
Notepad

Maybe I need a better keylogger to test. Does anyone know where I can get one that runs on x64 Win7?

MrBrian · #16 November 11th, 2011, 07:37 PM

Quote:

Originally Posted by wat0114

Maybe I need a better keylogger to test. Does anyone know where I can get one that runs on x64 Win7?

How about Elite Keylogger?

#17 November 11th, 2011, 08:05 PM

Quote:

Originally Posted by MrBrian

How about Elite Keylogger?

Thanks MrBrian. Unfortunately, they don't offer a free demo on it.

Quote:

There's officially no free demo for Elite Keylogger any more

There's also mention on their webpage that it works in low kernel mode, which to me suggests ring 0, or loaded when in a non-UAC protected Administrator level account.

MrBrian · #18 November 11th, 2011, 08:11 PM

Quote:

Originally Posted by wat0114

Thanks MrBrian. Unfortunately, they don't offer a free demo on it.

Probably not the latest, but check http://www.softpedia.com/get/Securit...eylogger.shtml or http://www.x64bitdownload.com/downlo...-yfgonmig.html.

#19 November 11th, 2011, 08:45 PM

Quote:

Originally Posted by MrBrian

Probably not the latest, but check http://www.softpedia.com/get/Securit...eylogger.shtml or http://www.x64bitdownload.com/downlo...-yfgonmig.html.

Very good, thank you! I'll probably get around to it later, maybe tomorrow (on an XP machine now).

m00nbl00d · #20 November 11th, 2011, 08:48 PM

Did you try Spyshelter's tests?

#21 November 11th, 2011, 09:08 PM

Quote:

Originally Posted by m00nbl00d

Did you try Spyshelter's tests?

You guys are pressuring me

I had not but just completed some testing moments ago on spyshelter's test program with same results as my previous test platform using Zemana's test program with same configuration as that one; nothing logged when typing in the vm.

*EDIT*

sorry MrBrian,

the Elite keylogger trial does not support x64 yet.

MrBrian · #22 November 12th, 2011, 12:06 AM

Quote:

Originally Posted by wat0114

the Elite keylogger trial does not support x64 yet.

Thank you for the tests

.

m00nbl00d · #23 November 12th, 2011, 09:30 AM

Anyway, I'd suspect that if such keylogger exists, it would be used on specific targets and not widely distributed. Virtual machines aren't something the average Joe and Jane uses.

#24 November 12th, 2011, 09:56 AM

Quote:

Originally Posted by MrBrian

Thank you for the tests

.

You're welcome!

MrBrian · #25 November 12th, 2011, 03:57 PM

I agree with this comment from http://voices.washingtonpost.com/sec...e_bank_on.html:

Quote:

@The virtual machine comments: Virtual machines are still running on top of the Host OS. VM's don't have direct access to the hardware, instead the Host kernel talks to the hardware and passes messages to the Virtual machines. If the keylogger hooks into the keyboard drivers on the Host system it will still record keystrokes which are being sent to the Virtual Machine.

Without worrying about virtual machine introspection, besides keylogging you also have to think about screen sraping and network sniffers.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search