D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] How safe is online banking from a general-use (surfing, email, work etc) linux computer?

 

On 15/02/11 20:53, Philip Hudson wrote:
>
> Consider using a different browser for banking etc (on any OS, not just
> linux) with all the security settings dialed up to the max and
> especially with all caches etc. disabled or set to be cleared on exit.

Re: my comments in reply to Gordon, if the bank is not the biggest
security threat, do I use a different browser for each site that is such
a risk? Ebay, Paypal, Broker, Facebook, Google...

If the threat to banking is sufficient then the logical answer is yes.

I'd suggest skipping browsers with bad, or poor security. So basically
not IE, Webkit was slow to fix issues for a while (has it got any better
recently?) which largely leaves Firefox/Gecko as the best of a bad bunch.

I use to expire cookies as part of ending every browser session, but it
is simply too tedious.

Similarly I use to use NoScript extensively but it is too intrusive, and
produces too many "false positives" (or rather reveals too many badly
engineered websites).

Be interesting what folks experience of malware is like. I've seen it
steal FTP credentials from Windows to try and spread malware via
websites. But most of the stuff I've seen hasn't actually succeeded in
going beyond credentials into the world of money (unless one counts
sending spam, or pay per click advertising fraud). As such the biggest
issue is they make the machines (Windows boxes), slow and unreliable.
Where email credentials have been stolen it was almost exclusively for
the purposes of spam (or 419 emails).

I presume more people are scammed than admit it, since it is presumably
profitable. The only person who recently admitted to being "conned", was
over domain renewal that looks like an invoice, and that was sent via
snail mail.



-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq