What is online banking protection ?

If you go through the MRG test archive reports, they did test SpyShelter 3.7 in 2010. It passed.

I guess Spyshelter did not wish to particpate in the 2012 test. Or, it might have something to do with their current viability. I recall a few threads in the Wilders forum about if they are activitly supporting the product anymore?

 

Financial malware concerns man in the middle, man in the browser and boy in the browser attacks, the list below shows how one can reduce the risk of those attacks.

Risk of financial malware can be reduced by your firewall when you apply a different browser for different purpose approach.
1. In this case allow Firefox (in Comodo) only to connect with https (port 443 over TCP) and only allow to connect to the specific IP-addresses of your banks. Just choose to apply your custom rules in Comodo, set the frequency of messages to very high (most granular control) and delete the existing firewall rule for Firefox in Comodo. This trick works for any firewall which allows control over protocols, remote ports and destination adresses. Basic idea is to use a different browser for different purposes (in my case GPO/FW locked down IE10 for on-line banking and GPO hardened Chrome for browsing).

Intrusion risk of Financial malware can be reduced by hardening your browser
Look for options which make HTTP/HTTPS safer
2. HTTP authentification (do not use anonymous or basic)
3. Check for server site certificate errors
4. Prevent ignoring certificate errors
5. Check whether IP-addres is in range of SSL certificate
6. Whitelist/blacklist URL's

Look for options which make your browser less vulnarable to unwanted changes
7. Blacklist/White list add-ons and plug-ins or
8. Allow/deny third party add-ons, allow only admin approved plug-ins
9. Allow only signed/trusted add-ons/extensions
10. Allow only add-ons/extensions from trusted places

Select a bank which uses at least two-way authentification
Two way authentification can be tricked by financial malware also, but in conjunction with other measurements it should do the trick (off course three way authentification is better, has not jet been compromised until now to my knowledge)

Use a HIPS or a default deny policy
Obvious reason (needs to be combined with FW countermeasure) to reduce the risk of unwanted system changes

Use a dedicated counter measure for your browser
E.g. Trusteer Rapport free


Regards Kees

 

Thanks for your great advice. Especially implement firewall to direct browser, i have never though about it.

 

I thought you were talking about Emsisoft Anti-Malware.
Emsisoft Online Armor does have a banking mode.

 

http://www.mrg-effitas.com/current-...-banking-and-endpoint-security-report-2012-7/

Emsisoft Anti-Malware is impressed me very well.

 

Yeah, it did quite well on that test.

 

Banking protection is marketing spin, pure bullsh#t put out by AV companies to sell their lame ass product. Fact is they can't protect you and your banking details.

 

Fact is that you keep saying this without posting any proof/details/more information about it

 

There is some truth in this statement. Anyone "in the know" security wise will state that the only way to do secure Internet financial activity is using a dedicated PC that is only used for that activity. It has a fully security patched OS. It preferably uses a stub "armored" browser such as that provided by the Protect on Q product that is configured to connect only your desired financial activity sites. Nothing else is installed. No other PC activity is allowed.

 

I was looking around the MRG test site and discovered a video where webroot is bypassed by a financial malware.(keylogger.)..It seems comodo 5.10 was bypassed also although i dont know how legitimate these tests were or the background of the company.

 

Yeah, i think about that before. However, buy another computer and security software just for online financial activity is not so affordable for me.

Thank you.

Regards

 

Guys, let's not contribute to the Hope, Hype, Help and Horror (marketing) myth's of security products. Anyone with some inside knowledge can take appropriate counter measures, as described in my post. Zero risk is a hypothetical concept.

 

Sure, if by "in the know" you mean "suffering from extreme paranoia."
Someone actually in the know might use something like SafeOnline, DefenseWall, or keystroke encryption software in addition to their brain.

 

Well i dont do any online purchasing or banking so this is a non issue with me..you cant get more secure than that.

 

By your signature, i think you are covered pretty well, even you go to do online banking, shopping.

 

I must apologise for my apparent paranoia but i dont 100% trust online banking as of yet.
I dont know how secure or strong kaspersky is with this as i have not used it long.

 

Of course we shouldn't totally relied on the intelligence of security software, actually a good internet surfing habit and a good mind set can prevent most of the trouble and trap already.

The content in your previous post, i had saved it into my security article collection already, it is a good guide.

 

I also don't 100% trust online banking, my paranoia can be discovered by my signature.

I have two bank account, the one i use it for online banking only keep small amount of money, the rest of my money is in the account i would never access it online.

Regards.

 

Have you tried Zemana Antilogger Free?
It encrypts keystrokes...

 

Is that just for browsers or is it system wide protection.?
Does kaspersky not have antilogging features?

 

Webroot has fixed the Identity Shield and now it passes since Version 8.0.2.79: http://community.webroot.com/t5/Web...y-shield-fails-MitB-simulators/m-p/18830#M737

TH

 

It offers system wide protection.

 

The only Safe Internet Banking is the one where you don't let other people watch you log in, like at Internet Cafe's and places like that, and also keeping your password secure by changing it once in a while. Avoid sites that ask for your 3 digit secure code, They don't need this, and should be avoided at all costs. If they do request it, telephone the Company at hand and complete the transaction over the phone. Beter still register your Credit Card with MasterCard Secure Code, The Bank in question will then check all Information supplied, and ask you to enter a secure code to confirm your purchase. The transaction will be declined if you enter an invalid code, or If someone tries to Illegally use your details, Without this code, any other information they may have, Account Numbers/ Names/ Password ect will be useless to them

 

another one service:
SurfPatrol:
http://www.surfpatrol.ru/en/report it works faster