5

Which is the safest way to do home banking, given that I do use Windows on a tablet, I do connect to both private and public networks and I cannot use a Linux live distro right now?

I've been thinking about these methods so far:

  1. using a safe environment provided by an Antivirus Company (i.e. Avast Safe Zone, Kaspersky Safe Browser etc.);

  2. running Linux on a Virtual Machine.

My questions are:

  1. Which is the safest method between the two?
  2. Could you give me any additional advice I should take in mind?
schroeder
  • 123,438
  • 55
  • 284
  • 319
franz1
  • 481
  • 1
  • 6
  • 13
  • 4
    what threats are you most concerned about? – schroeder Jan 11 '16 at 21:26
  • I don't use a pc for home banking only, so it could be infected and this is the primary threat I'm concerned about. Secondly, I do mainly connect to a private network but I'd like to be aware of the risks related to leak of sensitive data within live sessions too (I don't have experience enough about this subject actually, so these are the only threats I've been worried about so far) – franz1 Jan 11 '16 at 21:46
  • 3
    Have you considered instead running Linux and putting Windows in a VM? – Michael Hampton Jan 12 '16 at 06:09
  • Yes, but an additional problem, while running Linux as the main operative system, would be the hardware incompatibilities. Firstly, my integrated network adapter is not recognized by Linux (I already did many researches). Secondly, even in the case I found the drivers, Linux distros which do recognize the touchscreen are build for non-arm processor -if I am correct- but my tablet comes with an Intel core i5... – franz1 Jan 12 '16 at 09:36
  • 1
    It all depends on the integrity levels of your apps with which you do dangerous things and of the VM app. If your user session is compromised and the attacker controls medium or high integrity level processes then there's no point in running a VM host in the same context. Use a different user account or a different machine. I don't know about the safe environments' implementations so won't post an answer, it'd be incomplete. But as a rule of thumb no point in sandboxing a process if the sandbox itself is accessible to your attacker. Sandboxes should be used the other way around. – Steve Dodier-Lazaro Jan 12 '16 at 10:17
  • By the way, I do use Sandboxie for normal internet usage to prevent having Windows infected while I'm on the desktop interface, but I did not find a way to "sandboxe" IE on the metro interface, is it maybe possible as well? – franz1 Jan 12 '16 at 10:29

5 Answers5

4

A virtual machine can't protect the guest OS from the host (without specialized hardware features to support it). You will not gain any security from running Linux in a VM if Windows gets infected, and if your VM gets infected then that's still the environment you intended to use for security sensitive things that's new insecure.

Have you tried live USB solutions? Unetbootin?

Natanael
  • 821
  • 7
  • 10
  • 1
    I think it depends how the Windows host gets infected. For example, the VM will be protected from browser plugins/addins on the guest OS. – Neil Smithline Jan 11 '16 at 23:16
  • @Natanael: yes, actually my first solution was doing home banking within a live distro booting from an usb stick, but as I wrote I cannot (because of a hardware incompatibility with my wireless adapter, moreover an additional problem is the impossibility to install the drivers I need without an internet connection, and/or to install them permanently on the system. Actually I'm also looking for external adapters to solve the problem, meanwhile I need a temporary solution) – franz1 Jan 12 '16 at 09:56
4

If you want to do home banking on a public network I would always recommend using a VPN. This should protect you against MITM attacks and other funny things that can happen on a public network.

There is nothing wrong with using a Windows tablet to connect to your bank. Be sure to install a decent antivirus/malware and install your Windows security updates.

And like Natanael pointed out "a virtual machine can't protect the guest OS from the host". You should reverse that logic: if you want to visit some kind of website you're uncertain about if it doesn't contain any malware, do this kind of things in a virtualized/sandboxed mode. Also if your kids use the tablet to play games, make sure they do it in a sandboxed mode so your tablet doesn't get infected if they end up installing a malicious app/game.

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55
  • 1
    Where should the vpn be terminated? – Rolf Rander Jan 12 '16 at 04:58
  • Ok, tank you. So isn't https encryption sufficient to prevent the attacks you mentioned? – franz1 Jan 12 '16 at 10:34
  • 1
    @RolfRander You could terminate the VPN at your own VPN server at home or use a VPN provider like https://openvpn.net. – Jonathan Kortleven Jan 12 '16 at 11:45
  • 1
    So data would be transmitted through a VPN to a VPN-provider and from the VPN-provider to my bank over internet (hopefully using https). How does that make me safer than communicating with the bank directly? – Rolf Rander Jan 12 '16 at 11:47
  • 1
    Https should be sufficient if and only if it's the only protocol your bank is using which is not always the case. Also you should be using DNSSec for resolving your bank hostnames. If you don't use a VPN you're trusting your bank to handle the encryption well. Generally it's best practice to use a VPN when connected to a public network. Once your VPN is established DNS spoofing isn’t possible anymore and if an attacker would use ARP spoofing to become the default gateway, they couldn't read the traffic passing through them. – Jonathan Kortleven Jan 12 '16 at 12:12
3

Strictly speaking, both are insecure compared to USB boot etc. However, every layer of security drops the probability of generic attacks succeeding. Using a VM with incoming network connections disabled should be immune to the vast majority of malware on the host. You could disconnect the USB keyboard from the host and attach it exclusively to the VM to avoid keyloggers on the host.

However there is always the possibility of sophisticated malware or a directed attack that can compromise the VM.

Either way I presume a VM with the above precautions is more secure than any sandboxing / safe environment trick on the host where the attacker has root access. Even with root access, the probability of an automated attack on the VM is low - it would need to use the specific virtualization software's APIs to infect the VM since regular channels would be blocked.

Monstieur
  • 253
  • 1
  • 7
  • Thanks for your reply. - What does "disabling incoming networks" mean in this case? I should connect to one of them at least for doing home banking.. - I'm running Whonix (Linux) on VM and it recognizes both the physical keyboard and the virtual one "on screen" (I mean that one provided by windows on tablet and phones): is the latter safer than the physical keyboard? In other terms, if I use the keyboard on screen only when I'm on VM could I avoid to run the risk of being intercepted by a keylogger? – franz1 Jan 12 '16 at 10:19
  • @Locutus: "regular channels will be blocked" you can't be any more false. If you run your virtual machine hypervisor as your own user, which means your user account have a write access to the entire virtual disk, a virus could insert itself into the virtual disk image without being admin/root in either the host nor the guest VM. – Lie Ryan Jan 12 '16 at 13:15
  • @LieRyan what about using Whonix instead than a generic operative system running on VM? Could a virus be dangerous that way? (quoted from Whonix documentation: "DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. ") – franz1 Jan 12 '16 at 15:21
  • 1
    @robertalrp: VM-based solutions like Whonix protects you in the scenario where you don't want personal data/metadata in your host operating system to be stolen by applications running in the secured guest environment. Whonix does not have any magic that will allow it to run securely when the host operating system is compromised. Running the banking website inside the secured environment isn't the right approach for your use case; if your bank is trying to illicitly steal your personal data, you probably shouldn't put your money with them. – Lie Ryan Jan 12 '16 at 15:33
  • 1
    @robertalrp: what you want is to secure your trusted banking applications from the potentially malicious daily browser. What this means is that you want to move your daily browser into the secured environment, not your trusted banking application. You can either run the trusted banking application in the host or in its own separate environment and use the VM host as dedicated hypervisor. – Lie Ryan Jan 12 '16 at 15:37
  • Ok, does it mean I should use the VM / secure environment as if it was a sandbox, if I understood correctly? (What does "using the VM host as hypervisor" mean?) – franz1 Jan 12 '16 at 15:51
  • @LieRyan Actually Hyper-V (and I think VMware too) create the VMs as the Administrators group by default, so root access is required. Attacking the virtual HDD is up there in the same league as a directed attack and other sophisticated malware. There is no real protection against those apart from strict operational security beyond the scope of explanation here. – Monstieur Jan 12 '16 at 16:42
2

If you have very sensitive data, you should keep it somewhere, where there's no direct internet access. In that case, Linux on a virtual machine will do the job(but still, it's not 100% safe in this case). If you need an internet access, I suggest installing plugins like HTTPS Everywhere and uBlock/uMatrix/NoScript in your web browser, to keep the connection safe and block any unwanted scripts from execution.

Artur Rajski
  • 121
  • 3
  • 1
    I'm not really sure that you answer the question. The OP states that they need internet connection via the "e-commerce" tag. They are worried about malware installed on their computer, something that none of your plugins will help with. – Neil Smithline Jan 11 '16 at 23:14
  • I agree, it won't help much if the computer is infected, but will increase security during everyday web access. – Artur Rajski Jan 12 '16 at 08:20
1

Setting up a Linux VM dedicated for Internet Banking is a good idea, but if the VM is used for other purposes have a browser dedicated for Internet Banking only where everything that is not required is turned off (i.e. scripts, flash, etc...). As mentioned by Jonathan a VPN is a good idea too.

  • I don't VPN would add anything but latency in this particular use case. As long as your bank use HTTPS encryption, and most banks would use EV certificate, and you verify their certificate, a VPN would add nothing much. VPN is good for keeping privacy of who you are visiting, and keeping the website operator from knowing who you are; the bank already hold much personal information from you, and you already advertises who you bank with every time you make card purchases. – Lie Ryan Jan 12 '16 at 00:05
  • 1
    @LieRyan - I think mk444 is referencing [this answer](http://security.stackexchange.com/a/110314/10885) which says to use VPNs when using public (ie: insecure) networks. A VPN will add security in that specific situation. Though if you are specifically accessing your bank over HTTPS and you confirm that the browser approves the cert, you should be OK accessing your bank via a public network. – Neil Smithline Jan 12 '16 at 03:47
  • Do banks and sites like Paypal let users connecting through VPN? Many of them do not let access within Tor because of security measures, isn't the same while using VPN? – franz1 Jan 12 '16 at 09:25
  • 1
    @robertalrp Yes and I doubt they'd have any idea that you're connecting via a VPN. I'm not sure how they would detect it. – 16b7195abb140a3929bbc322d1c6f1 Jan 12 '16 at 09:29
  • Ok. By the way, I read that even using VPN could imply some risks, i.e. selling personal information (see the incident involving Hola vpn), should I opt for any kind of more-secure vpn specifically designed for my purpose? – franz1 Jan 12 '16 at 09:45
  • 1
    @robertalrp This is a difficult area. It's always best to read the "Terms of Service" very carefully before choosing a VPN provider and ensure the provider does not keep any logs. – 16b7195abb140a3929bbc322d1c6f1 Jan 12 '16 at 09:59