Internet Banking In A Virtual Machine

Discussion in 'sandboxing & virtualization' started by TerryWood, Nov 6, 2011.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    There are numerous options being propounded for SAFE Internet Banking, all of them in my view, suffer loss of convenience.

    The question is which is the safest with least loss of convenience.

    Does running a linux distro in a VM qualify as safe?
    If it does should it be installed to the VM or as a Live CD?

    What are the disadvantages of running a Linux Distro in a VM?

    Which distro is considered to be most appropriate for a VM in banking?

    To the Mods: I was not sure whether to put this under Linux or Virtualization. Feel free to move according to your perspective.

    Thanks

    Terry
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    losing money has to be the most inconvenient. Not that I bother but if I did I would run a Livecd or similar
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hello,

    Just set up a small vm, any OS that you prefer, that restores the VM to a clean state (nonpersistant mode) and only use it for that one job - BankingVM.

    'that one job' to me would also mean locking down vmware, for example and OS so that it only does what is intended. In vmware you may also encrypt a vm.
     
    Last edited: Nov 6, 2011
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you do online banking in a VM, you could run into these two issues:
    1. Malware on host intercepts or changes data in VM.
    2. Malware encountered in VM infects host.

    If you use a bootable CD/DVD (not in a VM), you can eliminate issue #1 (unless you have malware in BIOS, graphics card, etc). You can eliminate issue #2 (except for infection of BIOS, graphics card, etc.) if you use a specialized bootable CD/DVD (not in a VM) such as Lightweight Portable Security that cannot access your hard disk.
     
    Last edited: Nov 7, 2011
  5. wat0114

    wat0114 Guest

    I don't see why not, especially if the Linux vm is running in a Windows Standard account on the host machine. Just ensure shared folders are disabled and use bridged networking. I'd reckon someone would be really hard pressed to come up with a method that host malware could use to intercept data off the Linux vm in this scenario.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Do a web search for "virtual machine introspection" if you think that software on a host cannot see what's going on in a virtual machine.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    How vms work, it has to, although that's a simplification. VMI's work on this to log and interact vms, there are some forensic tools that work this way, we use the same approach in monitoring vms.
     
  9. Green Giant

    Green Giant Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    252
    I use an ordinary IE9 browser with Trusteer Rapport (provided free by my Bank) to ensure that I really am communicationg with my Bank rather than a fraudster.

    Green Giant
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    As long as Trusteer keeps up with attacks, 'continuous' update is needed.
     
  11. Dogbiscuit

    Dogbiscuit Guest

    From Krebs on Security:
    http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/

    (I found Trusteer Rapport to have a noticeable impact on browser performance when used with a single core processor like a 2.8GHz Pentium 4.)
     
    Last edited by a moderator: Nov 10, 2011
  12. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I just run linux on an old laptop for the sole purpose of internet banking. Its the safest and most convenient option for me.
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I went through an intensive scientific research :rolleyes:, and have come to the conclusion that the safest method to fight Internet Banking Malware is... walking to the bank itself, and do things face to face. It works like a charm... :argh:
     
  15. wat0114

    wat0114 Guest

    Say, does anyone know how effective the Zemana keylogger test program is :)

    *EDIT*

    Anyways, fwiw... (I couldn't resist since so many members in those linked forums were decreeing that keystrokes in the vm would be captured by a keylogger running on the guest)

    Here’s a keylogger test I ran a short while ago this evening:

    Host machine:
    • Windows 7 Ultimate x64
    • UAC set to off (slider to very bottom)
    • AppLocker policy cleared (disabled)

    VMWare 8.0 guest
    • Windows 7 Ultimate x64
    • Running in Host’s Standard User account

    Antikeylogger test program Zemana keyboard.exe: Ran several tests on the host machine enabling and disabling the option to capture from physical hardware only

    Results: Absolutely nothing captured when keystrokes were directed to the VM guest, including:
    • account login
    • keystrokes entered in both secured and non-secured web pages
    • Notepad

    Maybe I need a better keylogger to test. Does anyone know where I can get one that runs on x64 Win7?
     
    Last edited by a moderator: Nov 11, 2011
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    How about Elite Keylogger?
     
  17. wat0114

    wat0114 Guest

    Thanks MrBrian. Unfortunately, they don't offer a free demo on it. There's also mention on their webpage that it works in low kernel mode, which to me suggests ring 0, or loaded when in a non-UAC protected Administrator level account.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  19. wat0114

    wat0114 Guest

  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Did you try Spyshelter's tests?
     
  21. wat0114

    wat0114 Guest

    You guys are pressuring me :D I had not but just completed some testing moments ago on spyshelter's test program with same results as my previous test platform using Zemana's test program with same configuration as that one; nothing logged when typing in the vm.

    *EDIT*

    sorry MrBrian,

    the Elite keylogger trial does not support x64 yet.
     
    Last edited by a moderator: Nov 11, 2011
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thank you for the tests :).
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Anyway, I'd suspect that if such keylogger exists, it would be used on specific targets and not widely distributed. Virtual machines aren't something the average Joe and Jane uses.
     
  24. wat0114

    wat0114 Guest

    You're welcome!
     
  25. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I agree with this comment from http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html:
    Without worrying about virtual machine introspection, besides keylogging you also have to think about screen sraping and network sniffers.
     
Loading...
Thread Status:
Not open for further replies.