To this day, I still remember a user asking me a very simple question and got an answer that totally swept him off the ground. “How do I know that performing online banking on my computer is safe?” My answer was simple, “You can’t!” The user immediately gave me the deer-in-the-headlight look, expecting me to say that I was only joking around. Well, I didn’t because I was being totally serious. I don’t joke around when it comes to computer security. Of course, I explained to that user why it is I came to that conclusion and so that’s what I’ll be doing here, although that user got a much shorter version of it!
Back to Basics
So how does this relate to online banking on your computer? Well, it goes back to what I just said. If your computer is compromised in any way, no matter how small or big you think the problem is, how can you be sure beyond a shadow of a doubt that it wouldn’t affect your online banking experience? The answer is you can’t. Once your computer boots up and you log in into Windows, all of the malware on that computer gets loaded as well. God forbid if you have some sort of malicious keylogger software installed and you log in to your banking website. It will then be game over. Or what if your computer is a victim of a man-in-the-middle attack? Now, all of your web connections will pass through a middleman before reaching it’s true destination. What’s the big deal? Well, that malicious middleman now has the opportunity to impersonate you or inject other type of bogus data back to you.
Let’s Think for a Moment..
If some random person off the streets offered you their laptop or computer to use, would you honestly trust that computer enough to log in to your banking website or personal email? Well, you’re probably thinking I’m crazy even for asking but of course the correct answer is “No way!” Well, sad to say it but people are doing this everyday, even at this very moment you are reading this blog post. Huh? What do you mean?
Once again, let’s go back to what I said earlier. Now obviously you’ll already realize that the computer that random person is offering you to use is technically “not yours” because it doesn’t belong to you. You don’t know what is installed, how it is setup or what kind of services it is running. Well, guess what happens when a user goes into a public cafe shop or library to use the computers provided there for their customers? Exactly. The computers are technically random computers, similar to the scenario I just described with the stranger off the streets. Because the computers are allowed to be used by all of the cafe and library customers, whose to say that a malicious user didn’t plant the computer with some sort of malware to steal log on credentials and whatnot?
OK, so you say to yourself no big deal, I don’t use public computers and that it will never happen to me. Well, let’s take a look at the computers that *you* do use, your PC. What I dislike is how many people, once they see or hear the word “PC”, they immediately categorize it as a desktop computer. For the sake of this article, let’s put that thought aside for a moment. A PC is a PC, a personal computer. Whether it is a desktop, laptop or netbook and whether it is loaded with the Mac, Windows or Linux operating system, it is at its core a computer that you use personally, hence the acronym *PC*. The keyword here is “personal”. When you purchase a computer for yourself, that’s what exactly it is for! A computer for “yourself”! You don’t want to share it with other people, especially with strangers. Guess what happens when you host a piece of malware on that personal computer? Yups, it’s not so personal anymore because someone else may or could have access to it! Rather than calling it a personal computer, it’s more appropriate to name it “our computer” or “OC” because you’re technically sharing it with another stranger! That computer can no longer be trusted. Would you still dare to do online banking on it? I certainly hope not! Point is, your computer now belongs to the same category as the computers in the public kiosks and cafe shops. Doesn’t look too good does it?
How Using a Live CD Will Help Us
So now that you have a general picture of how important it is to keep your computer clean of malware of any type, sometimes, it’s still not enough. Sometimes, even the most hardcore of computer security guru’s will let certain bad stuff in to their computers. When you perform online transactions or pay bills online, you’ll want to be sure that your computing environment is as clean as it can be. This is where booting from a Live CD will help us. Booting from a Live CD is exactly that. You have a CD/DVD that has with some type of Linux operating system (usually, that’s the case) in which you pop into your CD/DVD drive and then boot from it. Because the data is loaded into your computer’s RAM modules, the entire session (data, cookies, history, settings, etc) will be erased as soon as your restart the system. Ever wonder why whenever you restart or power up a computer that you had to open back all of your applications from the last session? This is a perfect example of how RAM (random access memory) works. They are considered non-volatile and so nothing will be saved as soon as power is cut from it. Since the Linux operating system on the Live CD loads into RAM, it bypasses your Windows installed hard drive. Therefore, malware will not be able to load. You can then use the live operating system to perform online transactions with a piece of mind that your computing environment is as clean as can be. Once you are done, simply restart your computer and Windows will never be the wiser of what you did earlier. Even if your home computer is shared among other family members who don’t know the first thing when it comes to computer security, you can still boot to a Live CD and still be confident when performing online transactions.
Alright, so you’re convinced about using a Live CD. Now what? Well, good news is that it doesn’t take a whole lot to get started. All you basically need to do is find a version of a Live CD that you want to use, download the .ISO file, burn it to a CD/DVD and that’s it. Whenever you want to perform online transactions, pop the disc in your computer, boot from it and let it load. There are many, many different Linux Live CD distributions out there. A simple search landed me on a website called The LiveCD List, which as the name implies, maintains a list of the many Linux Live CD distributions available. There are certainly many on that list. Popular one’s that I know of personally includes PuppyLinux (my recommendation), Ubuntu, Xubuntu, Knoppix, and Fedora.
Additional Points of Interest
Here are some additional points to consider:
- Alternatives. Don’t want to use a Live CD but still want to have a safe environment to do your online banking? Then consider installing a Linux virtual machine. If you are using Windows 7 Professional or higher, than you can freely utilize Windows XP Mode. Obviously, you’ll want to keep these virtual machines as clean as possible. In fact, don’t use them for anything else other then performing online transactions. I personally wouldn’t recommend using a virtual machine when compared to a Live CD in this scenario because in order to use the virtual machine, you have to actually boot into your Windows (and possible malware infected) operating system. I know, a virtual machine is suppose to separate itself from the host operating system but hey, you never know. A bug here and a glitch there might allow some specially crafted malware to infect your virtual machines as well.
Dual-booting with a Linux operating system solely dedicated for your online financial transactions may work as well. However, what makes the Live CD method so unique is that it bypasses your hard drive completely. There is a slight chance you might get your Linux partition corrupted but it does eliminate the need to always use a Live CD.
- Make it a Ritual. Yes, yes, I know that using a Live CD every time to perform online banking can be a bit hassle but you know what, the only thing you got to lose is your bank account or identity. I mean, that’s totally not worth protecting, right? You need to make it a habit to continually use your Live CD and *only* to bank online if you have that CD on hand. Resist the temptation to bank online at work, public kiosk computers, on your friend’s computer, etc. All it takes is one wrong move to lose everything. How can you put a value on your data and information? Take the classic file backup scenario as an example. If you lose all of your precious family photos due to a hard drive malfunction and you didn’t have a backup of it, would you give $70 to $80 (typical prices for a portable external hard drive) to get it all back if you could? If your banking credentials were compromised due to you logging on the site on a malware infected computer at your friend’s house, would you have waited until you got home to be able to use your Live CD if you new it could have been prevented? Sadly, many users don’t think of the aftermath until it happens to them. Don’t be a victim of this!
- Live CD Maintenance. Technically, once you have created a Live CD of your choice, you really don’t have to do much to maintain it. Remember, once you restart the computer, the session is deleted (some Live CD’s give you the opportunity to save your session but in our scenario, please don’t). You really don’t have to re-download the latest distribution of your Live CD every time it comes out but if you feel the need to, then use a re-writable CD/DVD so you don’t constantly waste CD’s.
- Configuration. After successfully booting into your Live CD environment, it might not automatically configure your network card(s). If this happens, then you will not be able to connect to the Internet until you have done so. The process of doing so is pretty much straight-forward in the many distributions of Linux so what I suggest you do is read over the documentation for whatever Linux distribution you have chosen and see how to configure/activate your network cards. Once you get the procedure down, it will be the same every time thereafter.
- Be Creative. Your Live CD isn’t meant to be used for online banking only! Want to visit some mysterious website that you’re unsure of? Boot up the CD! It can also be used for other online purchases you make throughout the Internet. Although most online transactions utilize some sort of communication encryption, using your Live CD adds another layer of protection. In computer security, you’ll often hear the term “defense-in-depth” and utilizing a Live CD is exactly demonstrating that fact here.
- Caution. If your banking or other type of credentials is already stolen, then using a Live CD won’t help you much. I highly doubt the bad guys will give you a call or email apologizing or giving your credentials back so this is something you’ll have to figure out yourselves. Also, a Live CD is not a one-stop “cure all” type of ordeal. When you boot into a Live CD, you will still have access to your Windows hard drive (although it doesn’t rely on it to operate). This is why many technicians use a Live CD to recover files from a crashed or un-bootable Windows hard drive. If you visit a site in Live CD that happens to perform a drive-by-download, it can technically drop a nasty malware into a start-up location on your Windows hard drive. The next time you boot back into Windows, that malware will become active. This scenario is highly unlikely but I definitely wouldn’t use the term “impossible”.
- Linux. Remember folks, you’re using a Linux operating system, not Windows, when you boot into a Live CD. Don’t worry too much though as the whole point of this article is for you to safely bank online. Therefore, all you need to learn is how to open up Firefox (after you configure your network settings, of course)!
In the End…
I highly recommend users use this Live CD boot method to perform all of their online banking transactions. As of right now, I really can’t think of a more better and efficient way to do online banking than with a Live CD. It’s easy and fast to download/install (most distributions are very small in size, especially PuppyLinux), boots pretty quickly and works as expected. Give it a try!
Loading ...
Listen to my latest posts! 
A Bing Wallpaper a Day!
Google Drive Overview
Microsoft SkyDrive Overview
Kindle 4 Review!
Windows 8 Metro UI on the PC
Or use sandboxie … provide safe environment ,,, though cant be 100% secure too, so linux live cd would still be better option.
also iy is always good if people read some basic guidelines of web security and are not stupid enough to install any app ans especially crack, patch etc
Good mention. I have learned and used Sandboxie in the past but have stopped using it personally. However, I still recommend it from time to time to certain individuals. It’s offers strong protection without adding too much complexity, although that certainly depends on the application in use within Sandboxie. I remember having a very difficult time getting Outlook to run within Sandboxie. Also, I don’t think Sandboxie protects you against software keyloggers that is already installed on your system.
I have to admit that many users I know of are more educated about online security and whatnot but you will always have that big bunch that couldn’t care less about their computer if they can only install that that “thing” to help them crack that professional software that would have cost them money.