Best Online Banking set-up with the Security Programs I have

Hi, I am looking to set-up my PC so that I have a decent level of security when logging on and using my online bank account.

From the programs I have installed, I am generally just using Sandboxie when doing online banking but I also have Comodo Virtual Kiosk and Shadow Defender installed too. One or more configurations may be safer. I do sometimes use SBIE in Shadow Defender but this is a pain as I am then in Shadow mode until I reboot.

Any guidance for a simple configuration would be most helpful.

Thanks

Andy

 

I'd just use SBIE and with a seperate browser or seperate profile for your main browser. I wouldn't use any add ons apart from maybe NoScript if you're using Firefox. I'd also have SBIE configured with rights dropped and not allowing anything to run apart from your browser.

 

I store all my passwords in Keepass 2X and I use Firefox browser with the keefox plugin and for online Banking I use Sandboxie

 

For me it's also KeePass and separate browser (only for online banking) with IP restriction set in LnS.
Additionally of course in realtime is DefenseWall.

 

wouldn't just a random Linux Live CD be better than all of those?

and then maybe KeePass or some other password program from a USB key.

 

Either that or BitDefender's new Safepay browser for online banking and shopping activities.

 

Hi

I would be interested in knowing how BitDefender Safepay stacks up against Trusteer Rapport in terms of security.

Trusteer has the advantage of being backed by the banks. Not only that but the banks in the UK are strongly pushing the TR software AND providing it free. So is Safepay a viable and less problematic solution?

Terry

 

Agreed.

I like this thread and I am very close to what Merisi describes. I really like a separate instance of FF & SBIE. My addition and to address Peter2150 is Cert Patrol. I have found it will look for a match in site cert fingerprints taking out the MITM. Such an attack is a major risk for banking and this handles it well. My bank along with many employ pretty little site pic's to confirm its their site, but I don't trust that as much as an exact fingerpint match.

Now if the bad guys actually get inside the server of the bank they have Admin and you can't control that.

 

Actually you can mitigate that with technologies like NoScript and EMET (Certificate Trust Pinning). If they have full access to the datacenter (not what happens in most compromises), then it'll be for nought.

 

Hi AMD,

Your security is only as good as the bank's security features that keep you safe.

The #1 feature is to use two-step authentication login. Query your bank to see if it has this feature, and if so, use it.

If not, then recommend to them to make it happen to protect your security or else you will take your banking business elsewhere that is more security conscious.

-- Tom

 

My thought is that if you use some type of browser virtualization (SBIE for instance), start with a empty (cleared) profile and then do your financial/personal surfing in its own session. Then exit before doing general stuff. Being virtualized doesn't mean that you can't be infected, tracked, etc. It just means the host isn't. Starting clean isolates you from anything general surfing could bring in.

I also like the idea of booting from a Linux build and only banking from it...

 

Write the kiosk Webconverger to a USB flash drive - its a version of Firefox browser than runs in kiosk mode with no insecure extensions, flash or java to compromise Internet security.

And its a portable security browsing solution!

 

Just use a dedicated browser for banking only. Nothing else. Disable all extensions/plugins, disable javascripting allowing bank's site as exception, and even go so far as to restrict it to the bank's IP address range only. Done deal Booting into linux environment or other visualization is unnecessary.

 

Many thanks for your suggestions much appreciated.

 

also, i don't have enough money to worry about it but if i did.... say i had $100k total funds, i would make sure that i had a separate acct that stayed offline/no web access (savings acct, Cert of deposits, etc) with most of my money, and then had another acct that was limited to maybe $5k or less for everyday transactions.