At my workplace we use Microsoft Windows (mostly XP), this wasn’t a concious decision made by my employer, it’s just that, as we have accumulated them over the years our computers have come with Windows pre installed. At home I use Linux, and have done since the late nineties.
I was asked a question at work last week about an offer that the bank is providing it’s customers, to download and install additional free security software called Rapport from Trusteer. I did some research and concluded that as we have anti-virus on all machines which has anti-spyware, anti-rootkit, linkscanner, firewall, etcetera etcetera included, and given some speculation that Rapport it’self has become a target for malware, and also given that there is some speculation Rapport has caused problems on older computers (which ours are), I have advised that we don’t install it for the time being.
I saw some recommendations that small businesses could use a Linux liveCD to boot into an environment and conduct their banking activities. I thought this might be a good idea, however there are some hurdles that I will need to overcome before I can put this to the powers that be.
How can we be sure that the site we access is the one we type into the address bar. Rapport purports a feature that will “lockdown” communication with the banks website, and prevent users from giving their data to phishing sites. Is there an equivalent application that can be included on a Linux LiveCD?
Browser updates. Is it possible to create a Linux LiveCD that will automatically download and install browser updates from a trusted repository, before a user can access the browser? Also can a link to our bank login page be placed on the desktop or as homepage?
I burned a copy of OpenSuse 11.4 KDE for the purpose but there is a problem; With these older machines I need to turn off desktop effects before the GUI is properly usable.
Thanks in advance for all your thoughts and suggestions with this.
using SUSE Studio <http://susestudio.com/> you can cook up your own
custom live CD image that will do all you wish, and more…
yes, it can automatically have desktop effects off and have your bank
address “hard wired” into the browser…and, i wouldn’t worry a lot
about a need for rapport’s “lockdown”…just use google’s or OpenDNS’
DNS servers and you should be good to go…
then, just download it and make all the disks you want…you can add
your bank logo, other languages, whatever you want…
there is a learning curve involved, of course…
–
dd CAVEAT: http://is.gd/bpoMD
[NNTP via openSUSE 11.4 [2.6.37.6-0.5] + KDE 4.6.0 + Thunderbird 3.1.10]
Dual booting with Sluggish Loser7 on Acer Aspire One D255
Banks tend to lean with the masses. Rapport is not any guarantee at all. Problem is that any user has the ability to set/use bookmarks, click links, and use the address-bar. Trustworthy browser download should not be an issue. Stick with openSUSE repositories for your updates to the browser will do the trick. Teaching employee’s to enter the bank page address into the address-bar rather than using bookmarks and one-clicks is a more difficult issue. I would never use Windows to do on-line banking in the first place, even most of the clearing centers I worked with a few years back used a Unix/BSD/Linux system at the server and stations for security reasons.
On 05/23/2011 08:06 AM, miclac wrote:
> How can we be sure that the site we access is the one we type into the
> address bar. Rapport purports a feature that will “lockdown”
> communication with the banks website, and prevent users from giving
> their data to phishing sites. Is there an equivalent application that
> can be included on a Linux LiveCD?
When going to any site that needs any kind of credentials or does anything
sensitive SSL should be used which should guarantee your destination is
who you think it is. This is functionality included with every browser
out there. I’m skeptical that anything could do this more-securely and so
the value of Rapport (based on your description) is less than zero unless
it does something else really neat to make up for its wasted processing
time, space, bandwidth, etc.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Thank you everyone for your feedback. I will use SUSE Studio create a liveCD as suggested.
A learning curve… Sounds like an adventure
Kindest Regards
Michael
The only problem with traditional Live CDs is that they are a snapshot and aren’t upgradeable. Maybe a different solution would be better in terms of ease of applying patches etc. like dual booting, virtual machine or even one or two dedicated Linux machines. Draw up a few best practices like not adding any applications from outside of the distribution’s repositories and browsing habit suggestions as already mentioned and you should be a lot more secure than your existing setup.
