Slashdot Mirror

← Back to Stories (view on slashdot.org)

LiveCD for Secure Web Browsing?

Posted by Cliff on from the minimizing-the-risks dept.

An anonymous reader asks: "Say you want to do your online Internet banking on your home PC, with a bank that lets you send actual money to complete strangers online, and you want to be really, really sure that some hacker isn't stealing your password or your money or both. You don't fully trust Windows, despite your best efforts to keep it secure, and you know that no OS installed on a hard disk is guaranteed secure or immune to root-kits and the like. You know enough about computer security to know that you are always just one careless mouse click or one security hole away from being screwed. You've read the advice from your bank, which says 'turn up' your security settings (whatever that means), and don't click on 'unknown' links (ever). So what you really need is a bootable CD with software so simple and stripped down that it lets you browse the web and nothing else. The nearest I can think of is one of the Linux mini-LiveCD's with Mozilla or some other browser included, such as Damn Small Linux, or ByzantineOS. Such a system shouldn't even know how to speak to your hard drives. Do Slashdot readers know of anything like this?"

5 of 40 comments (clear)

  1. Well... by ReverendRyan · · Score: 3, Insightful

    If you're really that worried about it, why not just drive to the nearest branch? Even then its not 100% secure, because the teller is still using a comptuer connected to the bank's network, which is in turn connected to the internet (even of not directly).

    Knoppix should be enough for what you're talking about, tho.

  2. Re:Hardware insecurity by Asgard · · Score: 2, Insightful

    True, but it is a lot harder to install a $89 hardware dongle on a lot of machines than it is to infect them with malware.

  3. I considered this a while ago... by WoTG · · Score: 4, Insightful

    Personally, I could get by with a standard Knoppix CD if I really felt I needed the extra security for web browsing. So could the majority of slashdotters. But Knoppix would be a little tricky for the non-Linux user. So, I thought that a totally automated LiveCD for secure web browsing would be great for the average computer user - the very users who most frequently have spyware on their systems.

    As I thought about the idea, I came up with a few major complications:

    Many people are still on dialup or have weird login processes to get internet access - not the simple DHCP that I have at home and work. Most modems are of the "winmodem" variety, PPOE is often a mystery even in Windows, and let's not forget AOL's proprietaryness.

    Then I thought about printers. Invariably, you'll want a hard copy of some sort of banking transaction. That should prove to be lots of fun to get working. Unfortunately, most folks don't have Postscript printers at home, and text mode won't cut it. So printer drivers and settings will be an issue.

    Assuming you could step the average user through the two biggest troublespots above (and assuming there are NO other problems, yeah right) using a LiveCD without saving the configuration somewhere would become tiresome very quickly. So, some local storage would be required, i.e. hard drive, USB drive, or perhaps a floppy. So, saving configuration information somewhere should prove to be even more fun for Linux newbies.

    Some other things to consider: access to email (if you're not using webmail), the time to cycle between Linux and Windows (LiveCD's are "fast" when you're in a jam, but I wouldn't want to boot one everyday just to spend 10 minutes on my Bank's website!), web browser compatibility (depends on the bank), Personal Finance Software (what's the point in all this if Quicken or MS Money is going to connect through a suspect Windows installation anyways?).

    In the end, I just didn't see any easy way for the average computer user to have access to something like this - at least not until internet connection technologies get a lot more standardized or someone is willing to do a LOT of work on the Linux distribution side. I became disenchanted with the idea and forgot about it... until this Ask Slashdot. Well, that's my CAD 0.02 - it's a good question/idea, and I hope that someone else has a more positive answer.

  4. Check the hardware by Isao · · Score: 2, Insightful
    No matter the distro you choose for performing your transaction, check the hardware before you do anything on it.

    A keystroke logger could easily be wired in, or simply plugged in the back... waiting for you to enter your credentials.

    If you can't trust the computing platform, all bets are off.

  5. But what if you bank's stupid? by Teraiten · · Score: 3, Insightful

    So you've got yourself a secure solution for online banking with the liveCD, and then your banking website tells you you need IE otherwise you can't continue. (And you really can't)

    Interesting as some banks and companies want their clients to connect insecurely, no other options available.