kirkswig
Jul 8, 2004, 2:36 PM
Post #1 of 3
(464 views)
Shortcut
|
Hi guys. I got a private message about computer security and as I was replying I realized that the answer got kind of long so I'm posting it to the general forum. Maybe it helps someone else (or maybe I don't know what I'm talking about in which case somebody else can chime in and save you all from great grief and misery.)
The question was about whether it's a good idea to use Linux for financial transactions, while using Windows for your everyday sort of stuff. My answer:
Yes, this makes a lot of sense. It's not 100% however, but really, it's very close. And don't simply use Linux for your financial transactions... only keep your critical financial info (passwords and the like) on your Linux system.
Ideally it would be a separate machine, but setting up your machine to dual-boot should be satisfactory as well... just be aware however that if you do this and if Windows becomes infected that it is conceivable the worm/virus could read and even change data on your Linux partition.
Going overboard with security may seem unnecessary, paranoid, or even foolish, but in a way it makes it a much easier task than going with halfway or add-on solutions. The closer you can get to 100% now, the less time you will spend managing and/or worrying about your system down the road.
A word of warning however... I've been using Linux for many years now, and am sufficiently familiar with the OS to be able to judge what the risks are. If you are new to Linux or Unix, you need to pick a distribution wisely. It's not just a matter of keeping it up-to-date, which is important too, but the distro should be geared towards security conscious novice users of Linux. I use Gentoo, which lets me be security conscious, but it also requires some understanding of what is going on. I'm loathe to recommend a distro to you as I'm not very well versed on the other distros, and it isn't always the case that the bigger the name the safer you are (because hackers will focus on the bigger, more popular distros of course.) So you should probably make this decision on your own (and spend the necessary time researching it which should hopefully breed some familiarity with Linux in the process.)
Another possibility you might want to consider is sticking with Windows, but going with a two machine approach nonetheless. Set up one Windows machine/partition as your financial system, be sure to keep it up-to-date, and above all else, be sure to install something like Firefox as your browser and NOT Internet Explorer. Boot into that only when doing financial stuff, and when you're done, shutdown immediately. Again, a separate machine is still preferable here, but the added security gains would likely be incremental.
At one point in time I considered using software called Virtual PC to accomplish much the same thing. It lets you run Windows within Windows so to speak, and is a way of isolating one system from the other in a fashion that you may find more convenient (you could also run Linux within Windows using this application and achieve possibly even more security.) The hard drive of the "virtual PC" is really nothing more than a file (albeit a rather large file) on your real PC. One very nice feature of Virtual PC is that when you run an operating system under it, any changes made by you (or conceivably, a virus) can be discarded when you log off... they call the feature Undo drives. Might be worth looking into.
I just realized there's another option... LiveCD's. A LiveCD is a CD that you can boot that runs Linux. The most used LiveCD out there is something called Knoppix, which is basically Debian Linux on a CD. The beauty here is that you keep your Windows system as is, and when you want to do financial stuff, you put the CD in the system and reboot (you'll of course need to setup your BIOS so that it will boot from the CD drive.) Then up comes Linux running a nice desktop environment (KDE I think) and you have your browser and any other tools you're likely to need. There's a very small chance that you'd be infected with anything during the five or ten minutes you spend online dealing with your financial stuff, but even if you were, when you shutdown nothing gets saved to the disk because it's a CD! And if you need to save data for any reason, you can still have access to a floppy disk or a USB key or even your Windows partition (risky though if you're using NTFS for your Windows file system and you want to write data.)
Now that I think about it a little more, I'd try this last approach first. It doesn't muck up your existing system, and it lets you get a feel for Linux at the same time. If you decide it's right for you, you'll want to remember to create a new LiveCD from time to time to take advantage of the new security features available in subsequent releases.
I would also point out that this might be a good idea to consider when using an Internet cafe to access your data. Though I am not really wild about the idea of doing this, I have done it myself, and you would reduce your risks somewhat booting off of a LiveCD. Of course, you are still potentially prey to those who install hardware key loggers, or for the very advanced attacked who would seek to exploit his control over your Internet connection and possibly spoof/hijack your session with your financial institution (though this is a very difficult attack.)
And you'd have to find a machine in the cafe that is set to boot from CD, or alternatively, someone running the cafe who is capable/willing to make that change for you, or (horrors) would let you do it yourself.
Donald
To boldly go where no wig has gone before.
(This post was edited by kirkswig on Jul 8, 2004, 2:45 PM)
|
Forums Index
Search Posts
Who's Online
Log In or Sign Up
