Keyboard Encryption for online Banking Security any advice?

As the title suggests I was wondering if anyone can suggest a Keyboard Encryption app to provide added security when and if doing online banking?

I realise there are many discussions and white papers highlighting that some of these software apps can be circumvented and or hacked and thus be useless. But I was wondering if anyone could suggest a decent program that will do this, preferably free!

It is for a neighbour as I personally don't use one as I mainly pay bills over the phone via my bank and feel this is a bit more secure which I am suggesting he does as well.

 

Thank you for the response and I do believe most "major" banks will offer full coverage if the user has taken all reasonable steps.

My phone banking is undertaken purely across a landline which I think is a lot less vulnerable than online banking and I think would take a lot greater effort to compromise.

 

Hello fellow Aussie, Westpac as well.

There is a "white paper" implying that there are rootkits that will actually take screenshots of "virtual keyboards". Sadly most of the "online security" is reactive and only responding to events after it has occurred.

I still prefer my landline and only ever use online "when I have to" as to the best of my knowledge the landline can only be hacked "from a very localised source" at best.

I love the way Westpac changed their virtual keyboard page recently but I didn't know until I was there, was thinking wtf but felt slightly reassured by the URL bar on the page.

 

I should add I use FF with NoScript which does stop an amazing amount of crap from ever becoming active during normal activity, frankly way better than basic AdBlocking apps. But still I rarely put any personal detail online and only because I have to.

 

Forget running windows. The solution to secure online banking
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html

 

Excellent read there plodr so I need to make a read only bootable linux CD/DVD, I assume most of these OS would have a Browser within them and that will offer the most "cost effective" (many Linux Distro's are free) and secure method for online banking

 

Anyone have any experience with Live Linux OS's and could recommend a good one?

 

Any live CD will include FF (some may call it IceWeasel but under the hood, it is the same).
Go here, http://www.livecdlist.com/
IMHO, the easiest are: Ubuntu, Debian, MEPIS, PCLinuxOS, and perhaps Knoppix or Linux Mint. If the live CD doesn't run, then move on to another.

On a laptop, wireless can be a chore setting up and sometimes you get no display. In the case of it appearing to hang, I always boot a laptop with safe mode (VESA) so I don't have a problem with the vid chip and I turn off scsi and acpi. Some say noscsi and noacpi while others say scsi=off and acpi=off. When you boot up, on a laptop (desktops usually don't have problems) click whatever it says for other options. It might be something like press F3 for more options.

 

Well the most robust method I can determine from these articles so far would be to:

- Have a dedicated "stand alone" system that has no HDD (so no where for any Malicious Software to be written/stored),
- Uses a read only "Live CD" of linux to access Online Banking (and only ever goes to that site and possibly a browser email account),
- Records could be written in a "paper" account ledger (which any small business should be doing anyway) and or into Open Office and sent via a browser email account to another system,
- This email account would only ever be used to "send" and never receive.

The only "potential" vulnerability I can see with this system is that eventually malware is able to actually store itself in the RAM via a "drive by hack" and access the password information during that session. I'm not even sure if an attack on RAM is currently possible?

I assume that any and all OS have the potential to be "preyed" upon and the greatest weakness with any system is the HDD and or writeable permanent (non-volatile) storage device (e.g. SSD, R/W DVD, USB Drive, etc).

Education is indeed the key but no matter how much you lock Windows down (which is pretty complicated) weaknesses will always be found and exploited.

 

IMHO, anyone that is that inept, probably should not be doing online banking in the first place. Stick to phone banking. I use this option more than online banking. I have and will always have a hard wired phone.
If you are using FF in windows then FF in linux is the same. Because the distro is live, you have no cookies, no passwords and no favorites.
If you type your bank site in the address bar incorrectly, usually you get some sort of Open DNS page or a google page asking if you meant with a suggestion for an alternate site.

 

I've noticed that my regular bank and Paypal too have removed the automatic fill feature for logins and passwords. The only way to enter the information is to tap it in.

 

I have to agree we will probably never achieve impregnable on-line security but I sincerely believe that this is a very "viable" and cost effective measure that would significantly raise the security bar for the "average user" at this current point in time.

Arguably one of the most crucial comments presented by the author:

"Virtually all of the data-stealing malware in circulation today is built to attack Windows systems, and will simply fail to run on non-Windows computers."

http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html

This implies to me that at this current point in time the malware just will not be able to run in a linux environment.

Excellent discussion we are having on this and here I am in linux at MG and I have to say I am very impressed with Ubuntu for this short test spin.