Banking on Linux, Revisited

July 15, 2012

Back in October, 2009, I posted a couple of notes here about the idea of using a PC booted from a Linux Live CD for online banking (or other sensitive functions) to improve security.    A Live CD is a bootable CD-ROM that contains a complete Linux distribution  (the OS itself plus applications); the system is booted and run entirely from the CD, and the PC’s hard disk is not touched,  Since everything runs from the CD, any malware on the PC’s hard disk will not have a chance to run.   The topic had been discussed by Brian Krebs in a post on his “Security Fix” blog at the Washington Post. following a series of investigative reports on online banking fraud against small- and medium-sized businesses (SMBs).  I was glad to see and endorse his recommendation,

Krebs is now writing an independent blog, Krebs on Security (there’s always a link in the sidebar), and has continued to investigate banking fraud.   He has once again published a post suggesting the Live CD approach, and I still think it is a very sensible way to go for SMBs.  My ideal solution, as I’ve written before, would be a dedicated machine with a hardened OS and no applications software except what is required for the banking function.  But economics matter, and the Live CD solution gives many of the same benefits at significantly lower cost — and it costs almost nothing to try.  The article includes a step-by-step guide to getting and using a Live CD, using the Puppy Linux distribution; it is a “light weight” distro, which should run well on any PC that can run a reasonably current version of Windows.

As Krebs points out in his article, the point is not that malware does not exist for other systems, but that the vast majority of it is targeted at Windows PCs.

All of the malware used in the attacks I’ve written about is built for Windows. That’s not to say bad guys behind these online heists won’t get around to targeting Mac OS X, or users of other operating systems.  Right now, there are no indications that they are doing this.

If you are going for a swim, and you can choose between two beaches, one of which is infested with sharks and the other is not, does it really matter that much why the sharks prefer the first beach?

%d bloggers like this: