Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Online Banking Paranoia


  • Please log in to reply
27 replies to this topic

#1 cyclist-fred

cyclist-fred

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 01 November 2016 - 06:11 AM

Windows 7, IE 11, Norton Internet Security

 

Would like to start doing online banking.   I do weekly on-demand scans using 9 different programs from site.  Always have come back clean, but I still have a deep paranoia. 

 

If needed, the scans I use are:  Norton Internet Security, ADW, TDS, JRT, Rogue Killer, Hitman Pro, RKill, ESET Online Scanner, Malwarebytes, and SuperAntispware.

 

Everything should be ok for Me, correct?

 

Thanks in advance

Fred



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:14 AM

Posted 01 November 2016 - 08:26 AM

No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed.

The user is the first and last line of defense and security is a constant effort to stay one step ahead of the bad guys. The end user needs to stay informed, constantly educate themselves about the latest malware threats as well as those recommendations by security experts on how to protect themselves and practice safe computing. Security begins with personal responsibility and includes a comprehensive approach. Common sense, good security habits, safe surfing, understanding security and safe computing are essential to protecting yourself from malware infection. If the user is an employee of an organization, that also means following policy and procedures for the use of computer equipment and related resources implemented by the agency IT Department. Knowledge and the ability to use it is the best defensive tool anyone can have.

Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JohnC_21

JohnC_21

  • Members
  • 22,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 01 November 2016 - 10:12 AM

If you are worried about Windows malware when banking online consider a Chromebook with Chrome OS.

 

https://productforums.google.com/forum/#!topic/chromebook-central/tsxvB4uKhuA


Edited by JohnC_21, 01 November 2016 - 10:12 AM.


#4 Viper_Security

Viper_Security

  • Members
  • 816 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:14 PM

Posted 01 November 2016 - 03:36 PM

First, if you're wanting to do online banking do not use IE, it's just not as safe as FF, Chrome, Etc. and imo more vulnerable. 

 

Second, those scanners together should find any infections but, before you type in your password you should always look at the URL, look for the HTTPS:// (Hyper-text-transfer-protocol- Secure) if it has a red slash through it, do not type in your password until it's (green on most browsers).

 

All-in-all just double check everything first. 

 

and as quietman7 had said, it's all about layers. 

 

and i agree with JohnC_21 on this one, a chrome book would be EXCELLENT for online banking. 


    IT Auditor & Security Professional

hQBT2G3.png


#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:14 PM

Posted 01 November 2016 - 03:47 PM

You could always try something like Puppy Linux  burned to a CD, There is NO way that can be infected with anything.

 

If you are interested pop over to our  Linux & Unix section and we can guide you.

 

Regards

Nick.



#6 cyclist-fred

cyclist-fred
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 01 November 2016 - 11:00 PM

Thank you for replies.  I did read about the post you made Quietman7.  I also understand about the HTTPS.

 

Again, thanks

Fred



#7 SafetySteve

SafetySteve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:09:14 PM

Posted 02 November 2016 - 01:26 AM

This is an area where I have relevant expertise to comment.

 

The suggestions to use a Chromebook or to use a Non Persistent Live Bootable Linux Distro for online banking and other sensitive tasks are excellent.  I believe that Krebs has stated that he believes that the non persistent Live Bootable Linux Distros are the way to go for online banking.

 

For online banking we use either our Chromebook in Guest Mode or A live bootable non-persistent Linux Distribution that has been hardened.  My favorite versions to use are:  Lightweight Portable Security (TENS) which is a project by The USAF Research Labratory, TAILS, Linux Mint.  These are also good to use when visiting risky sites.  My procedure is to cold boot the machine to say TENS, do my banking tasks.  Then power down the machine.  TENS is designed to not allow any reading or writing to your installed hard drive.  Malware on your hard drive cannot affect your session. Your session cannot affect your hard drive.  

 

I no longer use Windows computers for any sensitive tasks.  



#8 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:14 PM

Posted 02 November 2016 - 01:36 AM

This topic is also being discussed in the Linux section. Come to the dark side we have cookies.

 

Banking Online



#9 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 02 November 2016 - 03:36 AM

Hi:

 


 

If needed, the scans I use are:  Norton Internet Security, ADW, TDS, JRT, Rogue Killer, Hitman Pro, RKill, ESET Online Scanner, Malwarebytes, and SuperAntispware.

 

 

I am just a home user and far less expert than those who have already replied with excellent advice.

 

But, just to add: running all those manual scans after-the-fact only provides second-opinion scanning to pick up cooties that already made it past your AV onto the system.

By then, it can be very much too late -- the damage will be done.

(And some of the tools you list, such as Kaspersky TDSSKiller, are probably best used with expert guidance from a trained malware expert.)

 

My personal, humble suggestion (especially if you plan to stick with Windows, not Linux, for online banking) would be to enhance your real-time, proactive defense by adding complementary layers of protection alongside Norton to help PREVENT infection in the first place.

Examples include real-time anti-malware protection (e.g. with MBAM Premium or Emsisoft Anti-Malware), and real-time anti-exploit protection (e.g. with MBAE or HitmanPro Alert).

The links that @quietman7 provided will get you started in that direction.

Another of his excellent pinned topics on the subject: Supplementing your Anti-Virus Program with Anti-Malware Tools

As @quietman7 also mentioned, no security software or collection of such programs can protect 100% of computers 100% of the time from 100% of malware -- the first and last line of defense is the user.

 

Cheers,

MM



#10 RolandJS

RolandJS

  • Members
  • 4,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:14 AM

Posted 02 November 2016 - 03:46 AM

Adding one more at-home idea to the excellent pool of ideas:

-- using only the ethernet cable ["hard-wire"]

-- not using wifi

for online banking.


Edited by RolandJS, 02 November 2016 - 03:49 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#11 cyclist-fred

cyclist-fred
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 02 November 2016 - 05:14 AM

running all those manual scans after-the-fact only provides second-opinion scanning to pick up cooties that already made it past your AV onto the system.

By then, it can be very much too late -- the damage will be done

 

I suppose, but going to forum section "am I infected" and getting help for such, it seems "cooties" :lol: are going to be eliminated.  Also, that many such security programs are not always compatible at same time.

 

 

Adding one more at-home idea to the excellent pool of ideas:

-- using only the ethernet cable ["hard-wire"]

-- not using wifi

for online banking.

Yes, not expert on wi-fi, but my computer is only connected by Ethernet.

 

Thanks All



#12 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 02 November 2016 - 07:00 AM

Hi:
 

 

running all those manual scans after-the-fact only provides second-opinion scanning to pick up cooties that already made it past your AV onto the system.
By then, it can be very much too late -- the damage will be done

 
I suppose, but going to forum section "am I infected" and getting help for such, it seems "cooties" :lol: are going to be eliminated.

 

 

I mean no disrespect, but that's an unwise and unsafe approach, especially with today's threat landscape, especially things like ransomware.

PREVENTION is always preferable to after-the-fact CLEANUP. :exclame:

In many cases, the malware and the removal thereof will have seriously damaged the system and/or caused irretrievable data loss.

The nominal sum for robust real-time protection works out to pennies a day.

It's much cheaper than the time, effort, aggravation and cost trying to recover from a serious infection, identity theft or other catastrophe.

 

Also, that many such security programs are not always compatible at same time.

 

You are correct in that one should never have overlapping applications, such as two realtime anti-virus programs.

However, as the article for which I provided the link explains, an AV alone is not sufficient these days.

A layered approach with an AV + anti-malware + anti-exploit protection (and sometimes other measures) is the recommended "best practice" for most home users.

The Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit (and other, similar products) are specifically designed to run alongside all of the popular AVs, to protect against the sort of threats the AVs often miss.

I suggest reading that article and other pinned topics in that section to learn more.

 

>>The most critical aspects of computer safety are a user who practices "safe hex" AND making frequent data backups & system images to help expedite a recovery, should disaster occur.

 

Cheers,

 

MM

 



#13 JohnC_21

JohnC_21

  • Members
  • 22,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 02 November 2016 - 09:01 AM

The domain for TENS, a domain for the Department of Defense, is using a invalid security certificate. How ironic is that.

 

https://www.spi.dod.mil/lipose.htm



#14 SafetySteve

SafetySteve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:09:14 PM

Posted 02 November 2016 - 09:56 AM

The domain for TENS, a domain for the Department of Defense, is using a invalid security certificate. How ironic is that.

 

https://www.spi.dod.mil/lipose.htm

 

You just have to make a decision as to whether or not you trust their root certificate.  If you do, add it.  No Problem.

 

I have personally spoken with two of the developers of LPS (Lightweight Portable Security).  I trust the intent of the project.  Unfortunately the project is under funded and under staffed.  I do not have the technical expertise to audit the source code of the distribution.  And sometimes their updates are slow in coming out due to the lack of staff and funding.  But when used as I do:  Boot into TENS.  Do one sensitive task.  Turn off machine.  Boot into TENS.  Do one sensitive task.  Turn off machine.  The risk of infection is greatly minimized.  And if an exploit does get control of the machine, it can only affect that one transaction.  

 

If you don't trust the US Government for the above, use TAILS, or MINT, or Puppy Live Bootable Media.  You will probably find that one or two of these distributions will work better with your hardware than others.  



#15 JohnC_21

JohnC_21

  • Members
  • 22,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 02 November 2016 - 10:53 AM

Sorry, I didn't mean to imply that the site was not to be trusted, just that it seems odd that the government doesn't update their certificate. TENS looks like a very nice distro for banking.


Edited by JohnC_21, 02 November 2016 - 07:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users