A good setup for secure online banking and shopping

Discussion in 'other anti-malware software' started by Doraemon, Oct 28, 2011.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    I really wonder if there is that good a set up for banking. i may be paranoid, but I see very few options (and many don't work together)

    Linux - Protects at system end, but what about hijack, redirection, malware at bank's end, MITM attacks?

    Same with Sandboxie. Isolates system from being affected, but not the browser side. And most programs like DNS check etc (PrevX, Trusteer rapport, OA Web Shield) do not work inside SB.

    PrevX and TR have been reportedly compromised (read on Wilders)

    As per a very reputed member here on some thread (I think its Sully) browser extensions cannot be trusted, so its best to use browsers without extensions. Now without extensions like NoScript how to prevent cross site scripting (if banking sites are compromised)?

    So whats the best implementable solution?
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    the best setup for online banking is an informed user:

    - check out your bank and credit card policies in case a theft or loss should happen.
    - verify with your bank/CC what security they provide: email alerts for transactions, 2 factors identification, etc...
    - when doing online shopping use Paypal instead of leaving your credit card number everywhere.
    - in the physical world, be careful how you use debit and credit cards.

    this is a lot more important than whatever security apps/plugins/addons you use on your computer.

    when using your computer, make sure you have deleted you private data before doing online shopping.
    use Private/Incognito mode.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    First of all, user moontan gave some very sound advises, IMHO. Besides those, I'd use no credit cards, at all. Minimal coins in the pocket as well. :D Who do I know and that does this... :rolleyes:

    Without extensions, I'd follow two approaches, depending on what you feel most comfortable with.

    1. Have a dedicated browser to access your bank account and restrict communications in your firewall to port 443 (protocol https) and to your bank's servers IPs only;

    My bank used to have part of the submission process in http. I alerted them for that and they did nothing. I actually waited a few weeks for a change. After seeing the careless approach, I brought this situation to the attention of some of the most established forums and technology blogs here.

    After a while, the bank implemented full https session. So, if your bank doesn't have full https session, complain and literally make noise about it.

    2. If you don't like the firewall approach, I'd use either Google Chrome or Chromium web browsers, and make use of the command-line switch --host-rules.

    Imagine that you want to restrict communications to Wilders Security Forums. I'll give an example with Chromium being in Program Files directory.

    "C:\Program Files\Chromium\Chromium - Wilders Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE www.wilderssecurity.com"

    What the above command does is map every communication to the loopback (127.0.0.1, which is your own system), except www.wilderssecurity.com. So, only communication to Wilders Security Forum is allowed. If there were any other sub-domains, then you could either add the following:

    "C:\Program Files\Chromium\Chromium - Wilders Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE www.wilderssecurity.com","MAP * 127.0.0.1, EXCLUDE domain.wilderssecurity.com"

    or

    "C:\Program Files\Chromium\Chromium - Wilders Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE *.wilderssecurity.com"

    This last example would allow communication to wilderssecurity.com and any of its sub-domains.

    I'd always follow the firewall approach, though. To force communication to port 443/protocol https only.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    I do believe you can map www.wilderssecurity.com (in my example) to its respective IP address, by the way.

    So, you'd have something like:

    "C:\Program Files\Chromium\Chromium - Wilders Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE www.wilderssecurity.com","MAP www.wilderssecurity.com 66.227.46.190"

    I'm actually going to check it out and see if it works. I know it works by mapping to the loopback, including IPv6. I never checked any other IP addresses. :oops: I'm going to test it.

    -edit-

    Yep, it works. :D

    You could also bind it to a specific port.

    "C:\Program Files\Chromium\Chromium - Wilders Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE www.wilderssecurity.com","MAP www.wilderssecurity.com 66.227.46.190:80"

    In this example, it would force to port 80 (protocol http).
     
    Last edited: Feb 24, 2012
  5. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    I'm glad you asked this question avboy. My wife is starting to do a lot of online work (business) and some banking-we just had this conversation about security concerns. Appreciate the tips of everyone. I have a couple of licenses, some of which claim to protect online banking, keyloggers, etc. One being WSA Complete and another Avast IS (SafeZone) and Emsisoft AM. I have used these with no problems. I honestly do not visit sites that are typically dangerous...mainly Wilders and similar forums, plus occasional news and sports (espn). I'm not asking if A is better than B...just curious to the effectiveness of these and again, the "mouse operator" is key! Thanks:)
     
    Last edited: Feb 24, 2012
  6. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    211
    I am also interested about Avast SafeZone. has anyone used it or knows how it works (under the hood? like DNS checker/Trusted DNS? IP restriction?)



    Thanks a lot m00nbl00d for your detailed description. Will follow this. Just hope that like many other sites some banks won't be flippant enough to share servers with others and share IPs too!
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    see post #3
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I hope you can take something useful out of it. :) It would be extremely bad if banks shared IPs! :eek:
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    yeap very true:thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.