Internet Banking In A Virtual Machine

Hi

There are numerous options being propounded for SAFE Internet Banking, all of them in my view, suffer loss of convenience.

The question is which is the safest with least loss of convenience.

Does running a linux distro in a VM qualify as safe?
If it does should it be installed to the VM or as a Live CD?

What are the disadvantages of running a Linux Distro in a VM?

Which distro is considered to be most appropriate for a VM in banking?

To the Mods: I was not sure whether to put this under Linux or Virtualization. Feel free to move according to your perspective.

Thanks

Terry

 

Hello,

Just set up a small vm, any OS that you prefer, that restores the VM to a clean state (nonpersistant mode) and only use it for that one job - BankingVM.

'that one job' to me would also mean locking down vmware, for example and OS so that it only does what is intended. In vmware you may also encrypt a vm.

 

If you do online banking in a VM, you could run into these two issues:
1. Malware on host intercepts or changes data in VM.
2. Malware encountered in VM infects host.

If you use a bootable CD/DVD (not in a VM), you can eliminate issue #1 (unless you have malware in BIOS, graphics card, etc). You can eliminate issue #2 (except for infection of BIOS, graphics card, etc.) if you use a specialized bootable CD/DVD (not in a VM) such as Lightweight Portable Security that cannot access your hard disk.

 

I don't see why not, especially if the Linux vm is running in a Windows Standard account on the host machine. Just ensure shared folders are disabled and use bridged networking. I'd reckon someone would be really hard pressed to come up with a method that host malware could use to intercept data off the Linux vm in this scenario.

 

The Safest Way to Bank Online

Windows and Online Banking: A Dangerous Mix

 

Do a web search for "virtual machine introspection" if you think that software on a host cannot see what's going on in a virtual machine.

 

How vms work, it has to, although that's a simplification. VMI's work on this to log and interact vms, there are some forensic tools that work this way, we use the same approach in monitoring vms.

 

I use an ordinary IE9 browser with Trusteer Rapport (provided free by my Bank) to ensure that I really am communicationg with my Bank rather than a fraudster.

Green Giant

 

As long as Trusteer keeps up with attacks, 'continuous' update is needed.

 

From Krebs on Security:

http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/

(I found Trusteer Rapport to have a noticeable impact on browser performance when used with a single core processor like a 2.8GHz Pentium 4.)

 

I just run linux on an old laptop for the sole purpose of internet banking. Its the safest and most convenient option for me.

 

Some threads about keyloggers on host vs. virtual machines:
https://www.wilderssecurity.com/showthread.php?t=303738
http://www.dslreports.com/forum/r16244992-Are-virtual-machines-safe-from-keyloggers-
http://forums.whirlpool.net.au/archive/1644324
http://communities.vmware.com/message/202253

 

I went through an intensive scientific research , and have come to the conclusion that the safest method to fight Internet Banking Malware is... walking to the bank itself, and do things face to face. It works like a charm...

 

Say, does anyone know how effective the Zemana keylogger test program is

*EDIT*

Anyways, fwiw... (I couldn't resist since so many members in those linked forums were decreeing that keystrokes in the vm would be captured by a keylogger running on the guest)

Here’s a keylogger test I ran a short while ago this evening:

Host machine:

• Windows 7 Ultimate x64
• UAC set to off (slider to very bottom)
• AppLocker policy cleared (disabled)

VMWare 8.0 guest

• Windows 7 Ultimate x64
• Running in Host’s Standard User account

Antikeylogger test program Zemana keyboard.exe: Ran several tests on the host machine enabling and disabling the option to capture from physical hardware only

Results: Absolutely nothing captured when keystrokes were directed to the VM guest, including:

• account login
• keystrokes entered in both secured and non-secured web pages
• Notepad

Maybe I need a better keylogger to test. Does anyone know where I can get one that runs on x64 Win7?

 

How about Elite Keylogger?

 

Thanks MrBrian. Unfortunately, they don't offer a free demo on it.

There's also mention on their webpage that it works in low kernel mode, which to me suggests ring 0, or loaded when in a non-UAC protected Administrator level account.

 

Probably not the latest, but check http://www.softpedia.com/get/Security/Keylogger-Monitoring/Elite-Keylogger.shtml or http://www.x64bitdownload.com/downloads/t-64-bit-elite-keylogger-download-yfgonmig.html.

 

Very good, thank you! I'll probably get around to it later, maybe tomorrow (on an XP machine now).

 

Did you try Spyshelter's tests?

 

You guys are pressuring me I had not but just completed some testing moments ago on spyshelter's test program with same results as my previous test platform using Zemana's test program with same configuration as that one; nothing logged when typing in the vm.

*EDIT*

sorry MrBrian,

the Elite keylogger trial does not support x64 yet.

 

Thank you for the tests .

 

Anyway, I'd suspect that if such keylogger exists, it would be used on specific targets and not widely distributed. Virtual machines aren't something the average Joe and Jane uses.

 

You're welcome!

 

I agree with this comment from http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html:

Without worrying about virtual machine introspection, besides keylogging you also have to think about screen sraping and network sniffers.