returnil and internet banking

Discussion in 'sandboxing & virtualization' started by yst, Oct 2, 2008.

Thread Status:
Not open for further replies.
  1. yst

    yst Registered Member

    Joined:
    Jul 9, 2007
    Posts:
    25
    Hi:

    I have some question about secure banking .
    if using returnil to log in banking site,and if my computer already have keylogger,screenlogger ,clipboardlogger malware installed,(by malware),or some malicious site virus stealing my bank password when during the returnil protection time,will my passwords still can be sent out to the hackers ?

    I have read some posts said returnil can be able to protect password and made it virtual and unreachable to the outside hacker when surfing internet,is it true?

    how security weakness or goodness of returnil when using internet banking to protect private and ensure safety?

    as I know it can make window partition as read only,but will it also make any keyboard stroke unreadable and unreachable when logging in bank and surfing the site ,prevent any information reaching the hand of hacker through internet connection?will it have this kind of protections against sending messages or password from outside invader,any suggestions?

    another problem is:if using keyscrambler in firefox ,then will keyscrambler function will also lost ,therefore all sensitive password cannot be encrypted because it is only virtual ,not real world?or will both can protect me when using at the same time?keyscrambler will not decrease its advantage?
    thanks
     
    Last edited: Oct 2, 2008
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Returnil protects your computer by allowing you to control changes to your system. Only after its installed and active does its protection work.
    Any malware on your computer before returnil is installed will remain there and be able to do their dirty work. Any malware installed after returnil is installed will still be able to do their dirty work but will be erased upon reboot.
    Returnil is good in that it guarantees your system will be restored to normal after every reboot but between reboots it offers no protection against anything that would try to steal your private data.
    The latest beta version of returnil offers extra protection, it allows you to control file execution and driver installation which certainly helps to protect against malware.

    Keyscrambler works fine alongside returnil and is a good additional security layer.
     
  3. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Do what I do... install Virtualbox. Then install something like Ubuntu or Fedora Linux. And whenever you want to do netbanking, load Virtualbox and Linux and use Linux for all your netbanking. And even if your windows host was infected with a keylogger etc, it won't be picked up in your Virtualbox linux session.
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Or boot from a live cd ?
     
  5. yst

    yst Registered Member

    Joined:
    Jul 9, 2007
    Posts:
    25
    thanks all of the replies,

    Have burned live cd like ubuntu,knoppix ,but both have error boot,in ubuntu even I tried all possible boot parameters (found from internet),still stuck at the busybox situation.

    Knoppix cd boot okay but then a blue screen(black screen flowing a box have message:"video mode not supported"),maybe my video card not supported by the iso(cd).

    then now I will try fedora linux as a last chance to try!

    How about Bartpe ,pebuilder, ultimate boot disk,because all these can be booted in my computer without any problem.

    but it seems that they are not linux,will this compromise bank secure?
    as they may not have firewall built in,nor keyscrambler ,etc.
     
    Last edited: Oct 3, 2008
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Not true. If there is something in your host, it can read keystrokes. We have had this discussion before. While you have the right to believe what you want about this approach, many of us here don't see this method as being watertight.

    Yes bartpe etc will be effective. The principle behind this approach is not that Linux is secure, but rather that you are booting into a clean environment.
     
  7. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977

    Wrong! If host windows is infected with a keylogger, it WON'T be picked up in the guest virtualbox linux session. We have had this discussion before, and many others have confirmed it as well. It's a shame you haven't installed virtualbox for yourself and then done a keylogger test for yourself, then you would learn that you are dead wrong.

    I personally tested this.. using keylogger test programs and none of them picked up any keystrokes that were written in virtualbox linux. And if you go to #vbox and ask everyone in there who use it, they will also confirm that I am right and you are wrong. And search the virtualbox forums and many other forums, and you will learn you are dead wrong. Whatever is typed in virtualbox is not picked up by any windows keyloggers, simple as that.
     
    Last edited: Oct 3, 2008
  8. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Yep, that's one good way that is very very secure :thumb:

    However, I prefer to use virtualbox with ubuntu linux because:

    1. I am too lazy to reboot the liveCD

    2. All tests done by myself and others have revealed that no spyware or keylogger malware that has infected the host windows will be able to pick up and log anything typed into the guest virtualbox linux.
     
  9. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Doesn't the Ubuntu LiveCD load for you?

    If not, then go to IRC server irc.freenode.net and into #ubuntu and ask the developers for a solution.
     
  10. yst

    yst Registered Member

    Joined:
    Jul 9, 2007
    Posts:
    25
    thanks all of you.

    if it prevent already existed keylogger from execution,but how about being infected during the time of live-cd surfing?then it execute after returning back to window?

    first,if using bartpe or ultimate boot disc,will there a possible virus come to window xp folder while connecting internet in the live cd(only through surfing internet without downloading any files, some websites are able to do this?)

    because from the live-cd it can write and read NTFS partition,therefore if there is no firewall behind live cd,there will a chance when rebooting back to window ,the virus(malware) will stay there ,and wait for a chance to send the already stolen password out.( I forgot bank have https secure !)

    or more simple way,when surfing the malicous websites together with bank site,they watch on the fly the login process,and send it out immediately.

    maybe just open one browser tab or one window each time will be helpful .Although a firewall is necessary to prevent this from happen.(but all live-cd I have do not have firewall)

    compared with linux live-cd,if the above disadvantages do not exist in real life,I think bartpe may be the choice.
     
    Last edited: Oct 3, 2008
  11. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    A Ubuntu LiveCD cannot get infected with anything.
     
  12. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I use a virtual machine daily and yes I have done this test and yes what you claim about the specific key loggers is correct however that does not mean that your approach works. Here are some other sources that make my exact point.

    Source: GRC.com

    Source: Dekart Blog

    I don't usually get personal but I've really had it this time. You want to be ignorant, fine. Just stop pushing incorrect information on to other people.

    Theoretically, if in your livecd session, the original harddrive can be seen, a virus can copy itself across. It is a possibility but the risk is small. Using a linux livecd with out the right drivers to see the windows partitions can mitigate this problem.

    With livecds, because the cd itself can't be re-written, any malware that run will be flushed out on reboot. However, if a key logger executes before you do your banking, it will be able to capture keystrokes.
     
  13. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    How exactly do you expect the virus to "copy itself across"? Hiding in RAM when rebooting and waiting for Linux to be booted, or what exactly? :rolleyes:
     
  14. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Not visiting possible malware sites while doing online banking seems like an excellent idea to me, even when surfing using a live-cd.
    About the live-cd's you've got, your average linux distro has iptables already.
    Just add a GUI frontend like Firestarter or Guarddog and there's your firewall.
     
  15. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    No reason to go mental truthseeker...

    I agree with huangker on this issue. Everything that passes between the keyboard/mouse and the VM, has to get through the host. A keylogger that have been specifically designed to hook on the VM drivers will succeed in its purpose of doing this.

    Personally I´m satisfied using Sandboxie in conjuction with Opera since the above reasoning applies to this situation as well. Therefore securing the host by preventing keyloggers is critical. Using a *nix live CD would be my paranoid advice as well.

    /C.
     
  16. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Your post is irrelevant as your quoted source refers to wmware, but I use Sun's Virtualbox which when run as Linux as a guest defeats all keyloggers that may have infected a windows host.

    There doesn't exist even a single keylogger malware that has successfully logged and detected a keystroke typed in a Virtualbox linux guest. And if such a keylogger exists, then please point us to it.

    And for your comment regarding the Ubuntu LiveCD, that is also in err. There cannot be a keylogger that loads on the LiveCD Ubuntu Linux before someone does their netbanking using firefox. You are hinting that a keylogger can load from a ubuntu LiveCD, which is not possible at all.
     
  17. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    If the windows partition is ntfs and the livecd is windows based, then I assume that the windows partition is visible to the livecd. In that case if a virus executes during the livecd session, it can be copied on to that partition during the same session.

    This is a comment on livecds in general. A key logger doesn't load onto the actual cd. It loads in the ramdisk when the livecd is running. So if you are hit with a key logger while running a livecd, it can actually pick up key strokes because it has loaded. Rebooting the livecd will flush out the ramdisk and thus the key logger.

    Regarding windows based livecds and linux based livecds, certainly your risk is much lower using linux because most key loggers are using windows. Thus if a key logger tries load in a linux livecd session, it just wont run.

    I've posted enough on this issue and wont be saying anymore.
     
  18. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Well it doesn't work that way, as many keylogger tests have proven, that whatever is typed in a virtualbox guest session is not picked up in host windows.
     
  19. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Yes that is true, you have posted a lot about this, however, as yet you have been unable to prove your comments by providing a single keylogger that defeats a virtualbox guest session.:thumbd:
     
  20. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    The Linux live CD is not Windows-based at all of course, I really don't get what you mean here... It's a Linux distro running from CD and/or ramdisk (depends on the amount of available RAM). The issue with NTFS being mounted read-only left aside, what kind of multi-OS virus are you talking about? And you still didn't answer my question about how does the virus execute.

    o_O o_O o_O
     
  21. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I'm responding to yst's question

    Before I go through the scenario I've described in my previous thread, I want to clarify a few issues.

    1) I'm talking about a windows livecd (or at least a livecd that has binary compatibility with windows).
    2) On the issue of file systems, the livecd must have read and write support for the file system in the harddrive partition. So in the scenario I've described, it is a windows based livecd (with ntfs support obviously) that can read and write to the windows based ntfs partition

    3) On whether a virus that has been copied onto the harddrive during a livecd session can actually execute when the system boots from the harddrive, I have not made claims about whether it is possible or not.

    4) And no I'm not talking about any multi-os ramdisk persistent uber virus, that is conjecture on your part :p

    So back to the scenario, if you have a windows livecd (using bartpe and the like) and a windows partition on the harddrive, a windows virus that executes during the windows livecd session can copy itself into the windows partition on the harddrive.

    This simple scenario is all I've said on yst's original question and that is all that should be read into it.

    The discussion on the windows based livecd and linux based livecd centers on the execution of a key logger during the same livecd session and is a separate issue/scenario altogether.
     
  22. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Windows virus cannot infect linux, and especially not a linux LiveCD
     
  23. yst

    yst Registered Member

    Joined:
    Jul 9, 2007
    Posts:
    25
    thanks all of you!

    now I am posting from fedora linux live cd after about one weeks trial and error.
    (all other linux cds I cannot configure the internet connection ,fedora seems to me as the most easiest to use!)

    The reason of some confusion may be due my poor english descriptions .But very surprised to see some understandings of what I mean and replies exactly what I want to know! very thanks !:-*
     
  24. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    True. But that is not my point. I was referring to a windows virus that is copied onto a windows partition.
     
  25. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Excellent, well done :thumb:

    I use ubuntu Linux myself, yet fedora is also a great Linux distribution.
     
Loading...
Thread Status:
Not open for further replies.