safer banking?

Discussion in 'Software' started by watchntv, Apr 30, 2009.

  1. watchntv

    watchntv Private E-2

    I use 2 different banks, I access my account online,
    Bank 1- has a username and a passcode that you type in. and if the site doesn't recognize your computer, it asks you other security questions.

    Bank 2-
    has a username and a passcode that you type in. and if the site doesn't recognize your computer, it asks you other security questions.

    IT ALSO has a numerical code you must enter with your mouse

    my question is
    does having to use the mouse to enter a numerical code negate a trojan if there is one on your computer?

    -I assume a trojan shows a "hacker" your screen and keystrokes, I am asking this because I saw this on the news about trojans stealing people's money, etc.
    thanks
     
  2. Recycle Bin

    Recycle Bin Private First Class

    It would all depend on the type of trojan.
    I know of a program that will monitor and mimic your mouse clicks and movement and repeats them multiple times. If that was made into a virus along with the keyloger then yes. I suppose it can happen.
    But again it really depends on the type of trojan you have. I am sure very few of that type exist.
     
  3. Bold Eagle

    Bold Eagle MajorGeek

    For the best online baking security have a look here at post #9 by plodr:

    http://forums.majorgeeks.com/showthread.php?t=201942

    It looks like you can almost make yourself "bullet proof", with very low outlay and quite simply as well.

    *Hint: Only use a read only Live Boot CD of a decent linux OS (most are free), and turn of the HDD in BIOS.
     
  4. Bold Eagle

    Bold Eagle MajorGeek

    LOL and buying a Mac is "practical"?!? Mac's aren't as "secure" as many of their users think and lot of them have a "false" sense of elevated security. A read only CD can never be written to after the OS is installed and thus NO malicious code can ever affect it, costs $1-2 and it is "very easy" to boot from CD (temporarily disabling the HDD), restart the system and then boot from your HDD to Windows. Read the article it links some very convincing academic papers.

    More practical than your "suggestion"!
     
  5. plodr

    plodr Major Geek Super Extraordinaire

    Running a live CD on a desktop computer is not rocket science, as it was in the past.

    I'll be the first to admit that I'm not a linux geek and if I can run a live CD, 99% of the people out there can do it without breaking a sweat.
    Note: I specified desktop. Laptop is another story.
     
  6. Bold Eagle

    Bold Eagle MajorGeek

    Well it actually based on a "lot of careful consideration" and makes a lot of sense if you think about it.

    "Virtually all of the data-stealing malware in circulation today is built to attack Windows systems, and will simply fail to run on non-Windows computers."

    http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html

    A LiveCD by many standards cannot ever have anything else further written to it so therefore no Malicious Software can ever compromise it. Moreover as the article implies most "malware" will simply not function in a non-windows environment.

    No matter how "secure" you make Windows there will always be exploitations found and utilised. Windows will never be "completely" secure.
     
  7. Bold Eagle

    Bold Eagle MajorGeek

    Look I agree 100% the only reason that Windows is vulnerable is because it is the most "commonly" used OS in society. Moreover, if Apple or Linux ever became as widely used (or even just a larger proportion of users than current) they would become just as a greater a target and thus just as vulnerable.

    People keep talking about making a secure "Windows" environment, frankly that is an incredibly subjective and ambiguous paradigm/term at best.

    What is a secure "Windows" system and or environment? What methodology do I follow to meet what is being implied as a "standard/benchmark" that is easy to do? Is it just a matter of following Windows "security advice" and using their Firewall, Defender and tweaking IE to their specs?

    http://www.microsoft.com/protect/

    No offence but you and I both know that just is not good enough for a robust system and you do need 3rd party apps to become more effectively secure. We had someone staying from Japan and they plugged in a "brand new" Netbook into the net and within 5 mins they had AntiVirus Pro 2010. I spent the next hour or 2 removing that nasty crap from her PC with "3rd party appsand then locking her system up a bit more securely with more 3rd party apps. She now uses FF.

    As far as effectively securing to the best of my current knowledge I follow the guides from this site and install a lot of 3rd party software. Personally apart from the occasional "tracking" cookie picked up by Spybot S&D my system has not had any significant security breaches in 4-5 years and neither has the missus, I have recently cleaned up the neighbours systems after he suffered AntiVirus Pro 2009 but I am "not" confident that we are all running this apparently easy "secure" Windows environments and would sincerely appreciate a clear and concise guide.
     
  8. alan12345

    alan12345 Private E-2

    It is easy to know when Windows is secure.

    The final Patch Tuesday Security Update will tell you the system is secure,
    and the final MRT.exe will purge all the redundant code that was only used for security updates just to prove that Windows cannot go wrong again go wrong again go wrong again go wrong again go wrong again go wrong again.

    I for one will not be holding my breath.

    Alan
     
  9. sikvik

    sikvik Corporal Karma

    Very valid points by BE, Dom, plodr & Dls.

    Ok, the live CD way is most secure. Period.

    It takes a tad of know how. And can be a bit of a pain.

    I know plodr is being modest about her abilities with a live Cd and distro's :) in respect to the general public.

    I have banked on-line on Windows. No issues. touch-wood ;)

    But for the technically inclined, who want addition security- go with the live CD.

    Cheers.
     
  10. usafveteran

    usafveteran MajorGeek

    Personally, I have no qualms about banking online - been doing it for many years - from my Windows computer and surely millions of other people feel fairly confident about it. Now, granted, I'm probably more security-savvy than the average user.

    Anyway, just thought I'd suggest another option for safer online banking. While visiting portableapps.com, I read this about Mozilla Firefox, Portable Edition 3.5.4 Released:

    "Privacy Controls. Firefox 3.5 includes features designed to protect your privacy online and provide greater control over your personal data."

    "While using the new Private Browsing mode in Firefox 3.5, nothing you encounter on the Web will be stored from that moment on during your browsing session. Unique to Firefox 3.5, the new Forget this Site feature can remove every trace of a site from your browser. If you want to remove all private data or activity from the past few hours, Clear Recent History, another Firefox-only feature, gives you full control over what stays and what goes.
    "
     
  11. Oldphil

    Oldphil Sergeant

    IMO banking using Windows for any banking transactions even buying merchandise is no matter what extremely foolish! Think twice this has gotten far more then serious, keep your Windows machine for searching and games. Buy a Mac or go to the bank and stores your choice!

    Take a moment to read some of the Con info!

    http://www.downloadsquad.com/2009/1...for-online-banking-says-washington-post-blog/
    http://www.e-thepeople.org/article/9976201/view?viewtype=best
    http://www.theinquirer.net/inquirer/news/1558597/avoid-windows-online-banking
    http://techblips.dailyradar.com/story/brian-krebs-on-safe-online-banking/
    http://www.9to5mac.com/mac_safe_as_banks_windows_isnt
    http://blogs.zdnet.com/hardware/?p=5813
     
  12. Bold Eagle

    Bold Eagle MajorGeek

    No offence taken at all as I was scratching my head thinking wtf did you do? But that AntiVirus Pro 2009 or 2010 is one very nasty piece of crap and I don't think my neighbour is that gullible. Personally I believe both had been "redirected" (ClickJacked) while using IE.

    Frankly from the article I'm left with the impression that all they are implying is to change the boot sequence, i.e. Make CD First, HDD 2d etc. and just by being in the linux environment the majority of malware will be halted?

    http://www.sans.edu/resources/student_projects/200910_05.pdf
    page 41 onwards.

    Neither imply actually disabling the HDD which I can't in my BIOS (HDD is still noted in the linux environment even if not defined a boot order) and to disable I would have to unplug the sata.
     
    Last edited: Nov 3, 2009
  13. Bold Eagle

    Bold Eagle MajorGeek

    Add NoScript to FF and really take it to the next level. It takes a bit of getting used to but it "stops" redirecting (ClickJacking) and you define the amount of "scripts" allowed to run on each page (sometimes the amount of crap embedded in a webpage is boggling). Basically it will remember your choices but each time you goto a new site you will have to define what scripts you want to run.

    Even running that with FF on XP64bit, AVG link scanner, SpywareBlaster, etc, etc, etc, I still do not feel 100% confident that I have a safe Windows environment even though I have taken the bar 2-3 levels higher than everyone I personally know and are always trying to educate them.

    IMHO the Linux "LiveCD" takes another level higher again and plodr needs a big pat on the back.
     
  14. Bold Eagle

    Bold Eagle MajorGeek

    Well that's my biggest dilemma what is a "properly" protected Windows Environment? I would love a clearly defined methodology that is "not to complex" for the average user but increases my confidence in their security so I can put it on others systems. They get frustrated with what I put on there because it becomes a "little complicated".

    Personally I don't feel 100% confident that I have it at this moment and tomorrow, I'm sure another vulnerability will be found and attempts made to exploit it.
     
  15. Bugballou

    Bugballou MajorGeek

    Sounds like bank two is trying to thwart a key logger. Personally use a single Windows XP Pro machine for banking, and those rare on line purchases, and use Linux and 7 on another machine for everything else, (as in posting on MG, Pogo games, email, rip or burn CD/DVD, etcetera.) Guess there is no perfect mouse trap, but an encrypted connection, and hardware and software protection go a long way if you keep your system updated. I still pay my bills via snail mail, and hope a check washer doesn't get a hold of the check.:p
     
  16. Oldphil

    Oldphil Sergeant

    Uniball Signo can not be washed!
     
  17. utgeek

    utgeek Private E-2

    the only real way to be safe is to get one of the pre pay cards (topup before u buy then through away when your done)and use live disk , i always look for main stream company's never buy any where else or use links sponsored results etc try open DNS if ur paranoid lol
     
  18. alan12345

    alan12345 Private E-2

    Almost, but I suspect not completely.

    I think a bank may protect against losses from your account if your on-line transactions have been intercepted and then the hacker is able to take from that account.

    I suspect that if the interception enables the hacker to perform identity theft the consequent losses with other financial institutions may be un-protected, and the victim may have difficulty proving that he was not responsible.

    Some victims are likely to have the credit rating damaged.

    Regards
    Alan
     
  19. Earthling

    Earthling Interplanetary Geek

    If those who use their PC for banking etc really want to wind themselves up, try searching for your passwords etc with Disk Investigator ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds