By Leo Notenboom
I am wary of using online banking and brokerage services, but I would like to use them for the convenience. With basic notebook computers now costing $300 and less, I am thinking of getting one to be used solely for financial transactions. No emailing, browsing, Facebooking, etc. Ideally, I want it to connect only to a short list of financial websites and have no contact in or out with any others. What would be the best way to do this? What other safety measures should I use? After all, it is one thing to have an email account hacked, but my retirement account is something else again.
There are a number of approaches that you can take – getting a dedicated machine is certainly one.
There are a variety of thoughts on how best to do this. Most add at least a
layer of inconvenience and some become downright impractical, at least to me.
Much, of course, depends on your own level of concern and realistic
confidence in your own abilities.
Boot from a live Linux CD
This is the solution that I hear thrown about most often.
The approach is very, very simple: download a “live” Linux boot CD – I would
recommend Ubuntu Linux as being
very capable and popular. Then, simply reboot your existing machine from that
CD. (“Live” refers to the fact that it is bootable, and boots into a working or
“live” copy of the operating system without any install required.)
you’re starting with a completely clean slate.”
Once booted, you’ll be running in Linux, not Windows; you’ll find common
tools, like the Firefox web browser, that you can then use to go online and do
whatever you wish to do securely, without fear of Windows malware.
The appeal is simply this: it’s not Windows and nothing is stored on your
machine. While the live CD technically does have access to your hard drive,
it’s typically not mounted by default and not used at all by the running
operating system.
So nothing that any potential malware might try to leave behind on your
machine will stick – reboot and it’s gone. Each time that you boot from the CD,
you’re starting with a completely clean slate.
While I do know of at least one person who operates this way, I personally
find this exceptionally impractical.
Starting with a clean slate on each reboot means that you can save nothing –
nothing at all – to your own computer. While that’s kinda the point when it
comes to malware, it also prevents even the simplest of operations of your
own.
You can’t even save a bookmark without resorting to additional online
services. You can’t save a PDF that you’ve downloaded without once again using
some kind of additional online service, emailing it to yourself, or saving it to a USB
thumbdrive.
To my way of thinking, pulling in additional services or using a USB drive
defeats much of the purpose of having this sterile environment – it breaks the
isolation.
And if you’re going to do that, then there’s a much more practical and usable
approach.
A machine running Linux
A more practical approach, in my opinion, is a separate machine on which
something other than Windows (i.e. Linux) is actually installed.
If you restrict your activity on this machine to only your high-security
activities, such as your online banking needs, then you get most of the benefit
of the live CD approach, while being able to save downloaded documents,
bookmarks, and other customizations without needing to repeat them each time that you
restart the system.
In fact, it’s very reasonable to include file-sharing access to other
machines on your local network so as to transfer documents to this secure
system. You might even set up an email client so that you can act on email
requests, click links, and/or use that as a way to transfer files without setting up
machine-to-machine networking.
Purists will argue that each of these “convenience-enabling” actions reduces
the absolute security of the solution … and they’re right. The live CD is in
an absolute sense more secure.
The question boils down to this: is the amount of additional security you
gain from using only a live CD worth the inconvenience? My take, naturally, is
not. In fact, I’d predict that most folks who intend to use the live CD
approach will soon abandon it. It takes a certain amount of rigor to stick with
it. If you can, great.
But for the rest of us … we’re human, and I know I’m lazy. I’d rather walk
over to the Linux machine that’s all ready to go and with which I can easily
transfer files as needed.
Article Continued Here: A machine doesn’t have to be a new machine, or a machine at all
This post is excerpted with Leo’s permission from his blog.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo
