Knoppix Used in Internet Banking Solution

renai42 writes "Australian company Cybersource says it's currently talking to two domestic banks about providing Knoppix-based bootable CDs to consumers to ensure Internet banking security. The company says at least one bank will probably use the CDs in at least one sector of its operations. Cybersource envisages that banks will re-brand its product and provide the CDs alongside other marketing material."

Great, but with some caveats

[CdBee]

To surf with knoppix you have to be using a cable/DSL ethernet modem or router, or have a supported dial-up modem and the ability to configure it.

I suppose this is geared to internet cafe use? In which case you have to hope the network's set up in a way that doesnt require password authentication...

Nevertheless, a great idea and I hope it works

Re:Great, but with some caveats

[nametaken]

Ahh... how nice. Getting paid to customize knoppix cds. There's a bunch of folks that have their act together. :)

Re:Great, but with some caveats

[houghi]

To surf with knoppix you have to be using a cable/DSL ethernet modem or router, or have a supported dial-up modem and the ability to configure it.


So what you are saying is that you need an internetconnection, just like you would need that with any other OS?

Umm.. why?

[onion2k]

Sounds like an interesting challenge certainly, but let me guess the bank's thinking behind this move..

If you use their traditional online banking service from a PC not booted using their CD, and subsequently get defrauded somehow, this will enable them to say "Ahhh.. but you weren't using our special software!", and ignore your complaint.

How.. nice.

Re:Umm.. why?

Wrong. They will reject any claims in either case.

Re:Umm.. why?

[metricmusic]

On the other hand they are forcing you to use Linux. Makes a nice change to today where so many bank websites do not work on anything but IE.

Re:Umm.. why?

[Rick.C]

If you use their traditional online banking service from a PC not booted using their CD, and subsequently get defrauded somehow, this will enable them to say "Ahhh.. but you weren't using our special software!", and ignore your complaint.

Perhaps, but here's another idea:
Having customers use internet banking is less costly for banks, but potential internet banking customers are hesitant to rely on online transactions because they fear (or know) that their PC is "owned". They think that someone might be logging their passwords. For Joe User, that's a valid concern. He doesn't really know how to tell, for sure, whether he's been hacked.

So the bank offers Joe a CD that can't be hacked, that won't trash his existing system and that has any special software already installed. The bank says. "Here, Joe, boot this CD, do your banking securely, then reboot your PC for normal use."

What's not to like about it?

Re:Umm.. why?

[RoLi]

I would agree if there was no alternative to using Knoppix.

However, Knoppix would come in handy for not-so-savy but still paranoid types.

It's guaranteed that:

• Bank use doesn't affect their installation. For example if they have a super-paranoid firewall in place, they don't have to pull it down.
• Possibly installed spyware can't grab passwords, PINs, TANs, etc.
• Phishing is impossible
• And it's even easier than normal banking. No worries about security settings, no worries about cookies, no worries about Java-applets. - Just boot the CD and a browser window will popup with the bank's site already loaded.

To put a long story short: It's an almost 100% secure solution AND it can be used even if you haven't got a clue about computers.

This will be viewd as a great idea..

[nfs3hp]

until the network administrators find a serious vulnerability and have to burn/press about 35602638023862 new cds to patch it.

Re:This will be viewd as a great idea..

The main threat to remote banking is installed spyware/keyloggers NOT privilage escalation vulnerabilities that hackers _might_ be able to take advantage of if the user wasn't,
a) likely behind a firewall
b) running off of read only media
c) doing the equivalent of a fresh install with every use.

There are very few vulnerabilities which could conceivably compromise a well customised bootable Linux CD. It's about as secure as you can get.

Re:This will be viewd as a great idea..

[nosfucious]

Never stopped AOL.

How many CD's do you think they've burnt over the last 10 years (or so)?

UBS Switzerland give you a little calculator with a removable card that hashes a challenge code. You type in the response for a one time password. Seems to work quite well as neither my card not the calculator have my account number on it. It does have a card number, which doesn't have a visual link to my account (which would stop casual theft).

National Australia Bank used to have accounts tied to a specific SSL key in the browser's cache. Too bad if you used multiple PC's to access your account (home PC, work PC, work laptop, etc, etc).

Re:This will be viewd as a great idea..

[Ed+Avis]

Actually I think mailing out new CDs is far more likely to work than persuading users to keep their own systems (especially Windows boxes) up to date.

(You could in principle install a Linux system on each user's own hard disk and push out updates to it, but giving them a new CD has far less to go wrong.)

I rather miss the days when performing an operating system upgrade was as simple as opening the computer and putting in some new ROM chips; putting in a new CD and rebooting is getting back towards that level of friendliness.

Re:This will be viewd as a great idea..

[frankthechicken]

The problem will come if mailing out new CD's becomes a habit for the bank.

It would be quite easy for someone to slip in a cracked and hacked version, for which the customers (out of habit and routine) will happily treat as the new version, then pass on their banking details to whoever is listening.

Re:This will be viewd as a great idea..

[Sven+The+Space+Monke]

How about this - with the inclusion of UnionFS (gawdDAMN is that cool), have it so that, on boot-up, apt-get update & upgrade from a trusted source (possibly one the bank has provided). Display a message saying "Please wait, we're just getting any security updates needed to keep your account safe" with a progress bar during the process.

That should solve that problem, I would imagine (unless the trusted apt repository gets compromised).

Re:This will be viewd as a great idea..

[L.Bob.Rife]

So how exactly would you hack this bankOS that sends all its communications to a hardcoded bank server using strong encryption.

It comes with zero open ports, and refuses to communicate to any computer except the bank.

Plus, its only used for relatively short time spans giving you a very small window to attack, and an active user on the machine at the time of your attack.

And, you can send a specific version number tagged on the browser, so if a customer has an old version with a security threat, the server can tell them and deny them.

A liveCD is the best solution I can think of for providing a secure communication line.

Re:This will be viewd as a great idea..

[advocate_one]

well considering if you'd actually RTFA... the browser and networking stuff on the CD is setup to only point to the Banks own systems and nowhere else... ie it gets its DNS info only from the Banks secured servers and so only web addresses for the Banks own secure website will be given back... it will NOT be possible for the user to type in a web address URL into the browser bar and go there unless it corresponds to one of the Banks own sites.

So unless you type in an IP the hard way, tough...

note for Pedents... It gets it's own IP from whatever DHCP service is running on the customers NAT router or ISP service provider, but doesn't use the NAT or service provider for DNS queries.

Re:This will be viewd as a great idea..

[FLEB]

That still doesn't help, though, if someone's sent out a fake CD. The fake CD would just... well... fake it.

Re:This will be viewd as a great idea..

[swv3752]

A man in the middle attack can get it and doesn't even involve compromising the CD. Any router between the customer and the bank could be compromised and reroute all packets to a different destination. The most vulnerable will be the customer's router in thier home.

Even that poses non-trivial problems. Without setting up dedicated links, I don't see a better solution.

Um, what?

I can hardly keep track of an ATM card, now you're expecting me to carry around a big honking CD all the time?

Pass

Re:Um, what?

[Gumph]

The parent is modded insightful???? WTF, OMG etc etc
surely funny is the more appropriate response, anyone who can't keep track of a bankcard is either a stark staring genius who shouldn't really be allowed outside without supervision or a complete dunderhead (how long has it been since you heard that word?) who again, should not be allowed outside without supervision!

OEM & WinModems

[FudRucker]

when the bank customer takes this CD home and boots it on their OEM with the WInModem they wont ba able to get online (atleast it will be secure that way)...

It is at least a start

[guyverix]

There wont be key-loggers, virus infested OS's Active X, IE, blah, blah, blah. At least this is a step in the right direction.

news?

[mnbjhguyt]

...says... it's talking... one bank will probably use... envisages...

and from TFA: Banks eye bootable Linux CDs

wake me up when something happens, ok?

And BSD is chopped liver?

[putko]

A step in the right direction.

But it seems odd to me that if someone wants a one-trick secure browser solution, he'd use anything other than OpenBSD.

If you sit down and do the analysis (without regard to "religion" or fashion), and say, "I only need a secure browser," you'll likely pick a BSD and it will likely be either NetBSD (hw support) or OpenBSD (security).

I did a similar analysis, and came to this conclusion, after attempting to dispassionately evaluate the options.

Re:And BSD is chopped liver?

[I+confirm+I'm+not+a]

and say, "I only need a secure browser," you'll likely pick a BSD

I agree... but... the banks are really saying "I only need a secure browser that'll run automatically on a very wide range of hardware". I don't run Knoppix (except as a get-out-of-jail-free card ;-) but it is extremely comfortable with most hardware. Moreso than FreeSBIE, for example.

Credit Card CDs would be better

[LiquidCoooled]

Boot from a tiny partition of Linux on a CC sized cd. Give it duel use and let all customers have it available.

The other security features on the credit card could be put onto the CD to ensure authenticity.

Interesting idea for a very tough problem

[brendano]

This sounds like a great idea, provided that the Knoppix can be user-friendly enough to figure out how to boot up.

There's really no surefire way to ensure that a user's harddrive-installed OS is secure for banking. Considering the staggering variety of adware/spyware/viruses on machines today, it must be quite easy for a malicious malware creator to make a program that hijacks name resolution (change DNS servers, or the HOSTS file) for perfect phishing, or they could install a keystroke logger, or whatever else. If they got their bank-website-hijacking malware on machines in whatever way all today's adware stuff gets on, they could easily phish thousands of bank transactions every day.

The prevalence of malware seems to indicate that people can't control or trust the programs on their own hard drives. If that's the case, they can't trust any of their online interactions. Since Knoppix kills your harddrive and all its flexibility, it's much more secure.

What would be funny is if more and more institutions started demanding the use of bootable OS's. Our PC's would be reduced to a BIOS, monitor, and keyboard ... reminds you of the Apple II days, where you had to boot half of the operating system off a floppy every time you turned on the computer.

Great Idea but...

[shashark]

Cds can be as small as your credit card, besides being much more secure.

But wait, how will one patch the CDs in case any security holes are found ? Rewritable CDs wont help either...

Re:Great Idea but...

[Trurl's+Machine]

Cds can be as small as your credit card, besides being much more secure.

Great. So first we have locked out all "not-the-latest-Pentium" computer users - and now we are locking out all slot-loading drive users? My bank uses a nice security device which is also credit card size. It's a, well, card with unique security codes. I can use any Web browser of my choice on any platform to access all the features. I prefer it this way, thank you.

Using knoppix in a bank.....

[cheezemonkhai]

Public Service announcement:

All ATM's will now dispense Kash the new qt improved version of cash.

Could be good, probably will be bad

[2ksilver]

If implemented properly, this would be a great thing. Assuming they can get around the wide range of hardware people use, without requiring much technological knowledge from the user, this is a much more secure way than windows. Keep in mind that the same people who are infected with 1000x spyware programs and don't seem to care are the same kind of people who have little idea how a computer works. This would have to be as user-friendly as possible to not scare off users or prevent people from using it. I bet this fails, but someone else takes the idea and makes a better version of it and it will take off. Does the average user know how to boot from a CD?

Re:Could be good, probably will be bad

[Flendon]

Does the average user know how to boot from a CD?

Sure you just go into your bios and set your...I said your bios...You reboot and hit the...reboot...you know that thing Windows makes you do everyday...
Um, that would be a no.

"Managing Online Security Risks"

[DavidNWelton]

Even if this article is a bit dated, it's very relevant. I find it interesting because he talks some about the economics behind managing risks like those cited.

http://www.sims.berkeley.edu/~hal/people/hal/NYTim es/2000-06-01.html

Dr. Varian's writings are in general quite interesting. He is quite able in his discussions of economics for people without a background in the field, like myself.

Dutch Banks

Hi, I'm not informed much about American and other foreign banks, but here in The Netherlands it works the following:

(Almost all) The banks over here use a kind of calculator device. You insert your pass into it. Your normal pass you use for withdrawal from ATM's....

You type in your PIN code and hit 'OK'. On the website of the bank you have to type 2 things. Your account number and the key generated after you hit 'OK' on the device. This key is different every X seconds (I don't know the interval).

This matches with the interval the bank has running. This combination of pass ID, PIN code, account number and the interval is key to have access. You need all of them to get in.

The websites session times out after about 2 minutes when there is no action anymore.

If you want to transfer money, you get another screen. You have to insert the number shown on the screen into the device. After you hit 'OK', another number is shown on the device, you type this in the inputbox of the website. After it is verified, the transfer will be processed.

If the amount to fransfer is higher than X, you have to process 2 numbers on the device and submit the generated numbers on the website.

This is all done on HTTPS and works with most browsers.

I believe this is one of the most secure methods I can imagine. It is not flawless maybe, but it works and there is much needed to hijack information from the sessions. Without the device, the pass and the account number one can do nothing. Without the PIN you still go nowhere....

The device is small, portable and lightweight. Internet cafe's, at the office, at HotSpots, anywhere you can use 'safe' banking this way. As long as the banks website is online and within reach (no stupid proxies or whatever).

Just my view on banking online....

Dear CitiKnoppix Customer

[DingerX]

Dear CitiKnoppix Customer,

For security reasons, we need to verify your personal information and update your CitiKnoppix(tm) software. Please send us your mailing address and we will send you a new CitiKnoppix(tm) CD-Rom. As an added bonus for taking part in this experimental customer service program, we will credit your account with $1000.

Sincerely,
CitiPhishing.

No, read it again...

[CdBee]

No, I'm saying you need either a supported modem, or an ethernet-connected modem/router.

There are tens if not hundreds of millions of users in the world who use USB DSL modems, Windows-only winmodems, unsupported Broadcom wifi connections or password-protected proxies for whom this CD will be of absolutely no use whatsoever, except as a coffee mat.

Re:No, read it again...

[advocate_one]

problems, problems... that's all they come to me with these days... problems... never solutions...

that's my fate... to be nibbled to death by nitpickers, pedents and Jeremiahs...

Re:No, read it again...

[danharan]

that's my fate... to be nibbled to death by nitpickers, pedents and Jeremiahs...

Ahem... That's pedants ;)

you don't understand security...

...to ensure Internet banking security

if you can make comments like that.

"Security is a process, not a product". Its a social problem as much as a technical one and I have doubt that whilst this could help, the scammers will get around it once it becomes commonplace.

-dgr

Banking 3.0!!!!

[2ksilver]

Great. IF this catches on, not only will I get tons of AOL CD's, but I will get tons of banking CD's.

50 free transactions if you bank with us! ...or one free coaster

I liked the days of the floppy better; I could copy Commander Keen on to them.

Stop the complaning

[CastrTroy]

Stop the complaining about how it won't work if you have a certain hardware configuration, or if you don't have a certain type of internet connection.

I think the power here comes in that the bank can offer it as an option. If it boots in your computer, then great, use it. Maybe they could even throw something like GnuCash so that people can keep better track of their money. I say, don't make it mandatory, but offer it as an option to help at least some users feel more secure.

Luxembourgish banks

[BlueUnderwear]

Hi, I'm not informed much about American and other foreign banks, but here in The Netherlands it works the following:

(Almost all) The banks over here use a kind of calculator device. You insert your pass into it. Your normal pass you use for withdrawal from ATM's....

Here is Luxembourg, banks are too cheap for handing out these calculator thingies. Instead they use a scratch-off plastic card with 16 alphanumeric digits on it. When logging in to their service, the site choses 2 (or some 3) positions out of the 16 possible, and you have to enter the corresponding digits.

This key is different every X seconds (I don't know the interval).

Well, here in Luxembourg, the "good" banks do it the same: the key (in our case: choice of scratch card numbers) is valid a set amount of time. However, some of the (less technically savy banks) propose you a different choice of digits each time you hit reload... so a thief who has sniffed some numbers (but not all) can just keep on hitting reload until the bank asks for numbers that he has... not good!

If you want to transfer money, you get another screen. You have to insert the number shown on the screen into the device. After you hit 'OK', another number is shown on the device, you type this in the inputbox of the website. After it is verified, the transfer will be processed.

Our banks do not have this additional security yet... (Apart from maybe Cortal-Consors. I know their German operation has such a system).

This is all done on HTTPS...

In Luxembourg too. No bank is foolish enough to use plain http. and works with most browsers.

Unfortunately, this is not the case in Luxembourg (although some progress was made over the course of last year).

The currently worst offenders have a gateway page which features a Rube-Goldberg like chain of Java Applets, Java Script code, and VB code which only works on Internet Explorer (the Java Applet is MS proprietary java (using the proprietary com.ms.util.SystemVersionManager class...). The output of this is fed, via the VB script, and then the Javascript (!) into a second URL, which gives you access to the Web application itself. Interestingly enough, once that gate is passed, there is no further dependancy on MS-ware, and you can cheat yourself access to the contents (graphs of their mutual funds) by entering that second URL manually.

For their homebanking they have the same "proprietary applet" hack, and in addition a server-implemented browser check. Manually enter the JVM=1 bit into the URL, and fake an Internet Exploder User Agent and you are in! What the hell are they thinking?

I believe this is one of the most secure methods I can imagine. It is not flawless maybe, but it works and there is much needed to hijack information from the sessions. Without the device, the pass and the account number one can do nothing. Without the PIN you still go nowhere....

Indeed, the number generated by the device makes it secure even against keystroke loggers that may be installed (but don't challenge your luck either...)

Re:Great, but with some SERIOUS caveats

[caluml]

Even worse is when add/spyware gets between the boot process on such a PC.

How will it do that? The bank can just instruct people to turn off their PCs at the plug, put in the CD, and switch it back on.

It's still 100 times better than the current state.

Convenience vs. Security

[MadCow42]

Online banking is successful / useful because it's convenient... that could be outweighed by security risks as malware gets worse.

However consider how it'd work with a bootable CD:
- shut down everything on my computer, save open documents, and all that crap
- find a CD
- boot to that CD (assuming it likes my hardware to start with)
- wait for it to boot... (ho hum...)
- do my banking
- NOT be able to save any info to my local computer (for checkbook reconcilliation, or any other local use) - I guess I'll now have to find a paper and pen to copy the info I need down...
- shut down again...
- reboot again to get back to normal operation... (la-dee-da.... ho hummm...)
- find the stuff I was working on before, and get back into the groove...

Does THAT sound convenient any more? I don't know about you guys, but my computer doesn't boot very quickly. We're talking a total of 15 minutes minimum just to go check your balance.

I can stop by the REAL bank on my way home from work easier than that. I don't see this as a good thing overall - even if it does provide the best security. There must be better alternatives (as mentioned in other threads).

MadCow.

Re:Convenience vs. Security

[natrius]

Didn't someone mention a live CD that could autorun itself in QEMU when inserted in a Windows computer? That seems like it would be the perfect solution to me. No need to worry about hardware variability, and you'd be able to do all your banking in a virus-free virtual machine.

Re:Convenience vs. Security

[mallumax]

But if there is a keylogger on your machine it will still be able to capture all your passwords and credit card info.

Re:Convenience vs. Security

[aristofanes]

"NOT be able to save any info to my local compute..."

Use PUPPY linux 1.0.0 (live cd)
Can save to a track on the cd that it boots from.

Re:Banking Knoppix

[Flendon]

It will be really cool if the bank provides Knoppix CDs for download from their web site. Complete with full source code and build instructions.

This isn't aimed at people who understand source code. This is for people who can't even spell ISO. For this to work right everything has to be streamlined and dumbed down.

Cracked distributions

[Sinbit]

How can we be sure the distributed CD is not cracked in some way?

Re:Cracked distributions

[Jussi+K.+Kojootti]

How can we be sure the banks servers are not cracked in some way?

Re:Great, but with some SERIOUS caveats

[sebster]

Well, one way to do this is to turn of the "boot from CD" option in the BIOS (which in many cases the spyware could easily do). Or in many cases (especially internet cafe's etc), this is already the case. Then the hard disk is booted (which is infected with spyware/malware) which then sees that the Knoppix (or other CD) is in the CD drive, and then boots it instead of booting the operating system on the hard drive.

I'm not saying this is easy, and I'm not saying the CD solution is not 100 times better than the current state. What I'm saying is that when your computer is compromised, you should be REALLY REALLY careful.

Not just for banks, but for everyone

[usurper_ii]

I have posted about this before...but I think bootable CDs w/ a Read Only HD while you are online is going to be what everyone will have to be doing to bypass the virus problems we are facing now.

Having used Ubuntu Live and mostly loving it, I agree with this post about problems with the modem, though. Even though it is possible to get the right drivers and get a winmodem going, bootable CDs are not really going to take off until all modems are picked up and configured correctly on the first try. When that happens, people will see that they can surf safely and Linux Live CDs will breakthrough to the general public.

Again, modem support should be the number one focus of Linux Live CDs. When people boot up, they should enter the phone number to their ISP and logon. It should be that simple.

Usurper_ii

The love/hate relationship with Knoppix...

[EmagGeek]

At my company, they recently fired someone one the spot for possessing a Knoppix CD. My company views Knoppix as a hacker toolkit and nothing else. Anyone caught possessing or downloading Knoppix is fired immediately, complete with security escort to the door.

Other places LOVE it... it's handy, useful, and easy to transport.

I think one thing that would help this idea a lot would be if the CD booted into a VM. That way users would not have to do a hard restart.. just load the bootable CD into a VM and kill the VM when they're done...

Re:The love/hate relationship with Knoppix...

[Sven+The+Space+Monke]

Sweet merciful Zeus, what company do you work for that is so paranoid that it will fire employees for posessing a KNOPPIX disk?!? LiveCDs are by far the handiest trouble-shooting tools I've got for fixing borked XP installs. I'd hate to be in an IT dept that told me I wasn't allowed to use Knoppix simply because "hackers also use it".

If you don't wanna say, you could always post it as Anonymous and say something like "Well, I dunno who the GP works for, but MY company [company name] is like that" :)

Slightly OT, any ./'ers out there work for companies that have similar buttheaded rules? I don't want to work for or do any business with such companies. That level of paranoia makes corp cultures unbearable for employees, and I don't want to support that kind of behaviour.

Re:The love/hate relationship with Knoppix...

[Tethys_was_taken]

If a user has physical access to a regular PC, there is very little you can do to stop her from getting data off it.

Steps like blocking LiveCDs and USB ports may help a bit, but a clueful user/dedicated blackhat-type would get that data through some other means anyway. (assuming it is valuable enough)

I suppose the security measures in a place like that have to be of MUCH, MUCH higher caliber to be of any use. I don't think kicking out people who carry LiveCDs is the solution...

For example, in the situation you have given, she can just boot of a thumbdrive... USB ports aren't usually blocked at BIOS level. If necessary, getting through the BIOS password is just a matter of pulling out the CMOS battery for a minute.

PS: I'm neither a clueful user nor a dedicated blackhat-type. So I'm probably wrong, with that last part.

Re:The love/hate relationship with Knoppix...

[Sven+The+Space+Monke]

Oh, I agree completely - if a non-IT employee is using Knoppix (and isn't authorized), give 'em the boot. Keyword being "non-IT". Call me some sort of elitist if you must, but I feel that the average user shouldn't be allowed to change their screen-saver (changing mice and keyboards should be okay, since that's a comfort thing*). Seriously, a user that's allowed to install anything is a dangerous user. I wouldn't trust most users with anything more dangerous than nail clippers.
I'm talking about IT people using Knoppix. If a sysadmin is trying to recover data that a user stupidly didn't back up, a LiveCD is the best way to do that. The OP made it sound like ANY employee that used Knoppix got the boot, IT staff included.
Incidentally, if any company allows users to save sensitive data to their own hard drive, they're asking for problems. Sensitive files should be on a secure server, locked-down and access-restiricted. Disabling the USB ports treats the symptom, not the problem. And before anyone says boo about it, there ARE ways to prevent users from saving anything to their hard drive, even in XP.

* - I once worked for a company that, for some reason, let employees have admin rights on their NT machines. This led to massive problems (the usual stuff). But heaven forbid I want to change my mouse! I've got very large hands, and I couldn't comfortably use the standard-issue mouse. I asked if I could bring in my own, since the Employee Health Dept couldn't provide a mouse that I liked (the only alternatives were either the same size or those stupid-ass joystick style ones). IT said I wasn't allowed to use a non-standard mouse because it might cause the computers to crash.

Mini CD/DVD dude... businsss card size

[cheekyboy]

They can use a mini-cd, the ones shaped like a business card, if thats not enough room for knoppix, then use a mini-dvd in businesscard shaped size.

Fatally flawed

[nmg196]

I don't see how this improves security at all.

If the whole OS is supplied on a CD, that means that when you boot from it, there will be NOTHING on the PC to validate that the CD doesn't contain a virus or trojan. While this won't be a problem for the bank's real CDs, it will be a matter of days before people start being spammed AOL style with fake CDs though their doors which look exactly like the ones their bank sent out and some with a covering later saying that it's an upgrade or something.

Because you're BOOTING from the CD rather than using it to install something, you'll be bypassing your antivirus software and software firewall and there's no way that anything can warn you that the CD you're using is a trojan. It can litterally slip in right though your letterbox and into your CD-ROM drive without any checks whereas downloaded or web based applications have to go through your firewall and be scanned by your virus scanner in order to get onto your machine.

The CD could be set up to transfer your money into some else's account and because it was done by your machine on your IP with your user/pass it will be very difficult to pursuade your bank that you didn't do it.

This is an absolutely crap idea and most of the posts above seem to miss this point entirely. These CDs better have some pretty cunning holograms on them or something and the users need to know EXACTLY what they're going to look like before they get them.

Re:Fatally flawed

[CastrTroy]

Phishing only works because sending out an email costs $0.00001 and can be done rather anonymously. It costs quite a lot, $0.50 CDN, Or $0.37 US (i think) to send a letter. Add on the cost of actually producing the CD, and the problems in mailing out 1,000,000 pieces of mail anonymously. You can't just put 1,000,000 CDs in a street corner mail box. This kind of attack will be much harder than regular phishing. Unless you can figure out who the people are who are stupid enough to use a fake cd, and just mail copies to them, then this kind of thing won't work.

Re:Fatally flawed

[nmg196]

If you hear that your bank will be sending out CDs and then you receive one, I think pretty much anyone might be fooled into trying it - even most techys. After all it's not like it's a common way to distribute a trojan, so you won't be expecting one. I mean, would you scan a Knoppix CD that you got from the front cover of a Linux magazine? Probably not. But who's to say that someone hasn't replaced the cover CD for one of their own? After all - the magazine's just been sitting there in a public place for a few days with no "firewall" on it - anything could be on that disc.

You can't validate the CD even if you want to unless the bank has the bank has put the MD5 sum on their homepage. Add to that, the fact that no users will receive any kind of virus/trojan warnings and you're going to get a far higher "return on investment" that would by just spamming. For that very reason, you don't NEED to send out 1,000,000 CDs - just a few dozen to some people who have got some money. Even if only 5% of them fall for it (unrealisiticly low I think) it's still way more than the 0.01% of people that fall for phishing scams (or whatever the latest figure is).

Great Idea

I have been using Knoppix for all our banking since AVG found a Keystroke logger on my Wife's PC. KNOPPIX ROCKS. I also use it at Hotels where they have Business Center PC's.
Knoppix is not just a good start, it is a GREAT start to solving the problems of infected Client PC's. Every boot is a clean install, and user settings CAN be saved to the HD if you really want.

Boot from CD?

[olddotter]

Are their any machines sold where the default isn't to automaticly boot from CD? I mean how would those damn "windows restore" CD's work then?

With windose you could probably set the auto run to automaticly reboot into Linux.

Re:Great, but with some SERIOUS caveats

[malkavian]

Ok, but this assumes that the malware has access to a complete database of all CMOS maps for all motherboards. And that the ability to access the CMOS is built into the live CD (should be reasonably easy not to compile it in at all! No compiler, no real scripting, should make it hard for malware to get at the CMOS).
So, in theory, the machine is compromisable if someone can get the user to run a piece of software that runs to correctly identify the CMOS map, gets permissions to install a kernel module and then gets the correct software to enable it to write the CMOS bit..

Re:Great, but with some SERIOUS caveats

[malkavian]

I was just mentioning that the sheer effort to write an application (and yes, it would require a sizable application) to compromise in the first place would be hideous. Yes, CMOS can be written in the first place, to boot the regular drive. But as you can't write to the drive in the first place when it's not mounted for write, you can't have a boot sector code section in place to handle booting the CD. You'll just boot the regular HDD (or whatever).
The complexity you're trying to say can be done is to actuall rewrite the flash ram comprising the BIOS, which is the level you'd have to work this at.
The 'software' you're mentioning would be cleared from memory at the point you reboot the machine otherwise.
So, now you're at the level of not just having an application that's gathered all the CMOS maps for all the bios revisions of all the motherboards out there, you also have to have a working, patched bios that you can upload after inserting a kernel module by dint of a security hole in a browser from a non-priveliged user for each and every board out there. And has code to run a virtual machine from this area of flash ram.
Now, I'm not saying 'impossible', but having worked with embedded systems (building from chips up, building bootstrap code and trivial operating systems), I'd say you were in for a real struggle.
If you've got the nonce to do that, you'd make FAR more using the brain to do something legitimate and raking in millions.