Can Ubuntu Save Online Banking?

CWmike writes with a pointer to this ComputerWorld mention of an interesting application of Live CDs, courtesy of Florida-based regional bank CNL: "Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu bootable 'live CD' discs in its branches and by mail. The discs would boot up Linux, run Firefox and be configured to go directly to CNL's Web site. 'Everything you need to do will be sandboxed within that CD,' [CNL CIO Jay McLaughlin] says. That should protect customers from increasingly common drive-by downloads and other vectors for malicious code that may infect and lurk on PCs, waiting to steal the user account names, passwords and challenge questions normally required to access online banking." (But what if someone slips in a stack of doctored disks?)

Reply

[Pharmboy]

(But what if someone slips in a stack of doctored disks?)

What do you mean, like a disk that would boot Microsoft Windows instead?

Re:Reply

[GIL_Dude]

I guess for those people who shut down their computers more than once a day it would be fine. For those of us who reboot about once a month and use sleep / resume the rest of the time it is a terrible idea to be rebooting all the time to do banking (maybe twice a day sometimes, but at least a couple of times a week). Why would anyone want to put up with that? Even for folks willing to accept it, the bank would inevitably get a smattering of "the wireless doesn't work on my netbook" or something (even though Ubuntu live CD's are pretty good about support they can't manage to support every device). I would be more accepting of a VM or something though than a live CD for my own use.

Re:Reply

[Khyber]

"Gives the user something physical to insert"

Except the netbook owners, whom have no optical drive.

Re:Reply

[flyneye]

(But what if someone slips in a stack of doctored disks?)

Well don't leave 'em layin' around on the floor and no one will slip on them.

Convenience?

[rschuetzler]

Isn't the point of online banking that it is convenient? And easy? For me, booting from a Live CD may be a piece of cake, but for a lot of people, it's far from that.

Even if it is a great idea, 98% of the population won't latch on to something like this, and the 2% who might are probably already running linux

Re:Convenience?

[tpstigers]

Actually, 98% of the population will only shy away from something like this is they're told what the process actually is. If they are told rather that it's their "Personal Online Banking Disc", and are then given instructions to walk them through the process, most people will happily buy into it. Most people wouldn't hesitate to install an app for this purpose, so the Live CD just needs to be marketed properly.

Re:BIOS

They could ship you a free NetBook w/ CD.

Don't mod me funny, I'm serious. Like maybe a $100 little book running Linux, automatically set to keep itself up to date to eliminate hundreds of millions of dollars in cybercrime. The banks would own it, maybe even lease it to you for a $2 banking fee for having an online account with them. When you don't need it anymore or switch banks, you give it back to them and they would wipe the BIOS and system and reuse it.

In fact, they could probably even make the netbook cheaper by not including a hard drive. Just boot from USB or CD, maybe even a small USB traveldrive installed internally inside the case itself. The USB ports could be removed or completely disabled, no CDROM drive included, no HDD, etc. It becomes more or less a dumb terminal whose only purpose is to connect to the bank on boot. And, in addition, sandboxed to not allow any other applications to run besides the required startup items.

Just checked and it looks like Gateway sells a $49 netbook, found it on CNETs list of netbooks when I sorted by lowest price. And, that's *consumer* price, if the banks bought in bulk they'd even be cheaper than that. If they banks told them they didn't want USB ports (except the internal one), no harddrives, etc. then it would even be cheaper. I bet they could get them for $25 or so apiece in bulk for say 1000 units. That's not much cost to essentially eliminate the wholesale highway robbery of people's accounts that's been going on. The savings would be pretty enormous. Offset that with a small lease fee like I suggested above and its a win/win for everyone involved. Not to mention it would help Gateway out of its slump.

Gateway LT2016u (Verizon Wireless) Specs: Intel Atom N270 / 1.6 GHz, 1 GB, 160 GB, Microsoft Windows XP Home Edition, 10.1 in TFT active matrix, 3 lbs

Re:Unpatched Firefox for online banking? No thanks

[caluml]

Unless they plan on sending you a new Live CD every time a new Firefox or Linux kernel security bug is patched, many users would be vulnerable to attacks within a few months of this CD being released.

Er, no. If you've got a distro with no open ports, firewalled as well, that can only get to a single IP address on port 443, which doesn't let you connect unless the remote server's SSL cert is signed by the bank's CA which is the only one in your browser's CA list - where does the vulnerability come from?