Soon I'll doing some purchases online using my mother's credit card. She's pretty sceptical about online shopping but I convinced her. She's not so sure about how secure it is and since I'm not so sure if I have some malware running on my PC, I want to be on the safe side and don't want to risk it. I already ran scans with Avast and Malware Bytes.
My question is, is there any easy and fast way I can isolate a part of my PC so I can purchase from there? Would a VM work in this case?
Running in a virtual machine will generally provide a good amount of isolation. You can also use a sandbox tool which is included with many anti-malware packages or an independent one such as Sandboxie. Other alternatives include using a live cd that you boot fresh each time you want to have a known system state.
However, the reality is that malware on your local PC is not the only or most likely threat you face with online shopping. If the website from which you are purchasing has poor security, then the attacker may be able to intercept messages or to hack the company and steal your data from the company without compromising your machine.
Every day in life you need to take measured risks. If you are using a well known or generally trusted website (reseeller ratings, web of trust ratings, etc ) you have less risk. You also have a risk of using a credit card in a store like Target (which had a credit card breach last year), which then gets breached. The best thing to do is to check your credit report at least once a year (free for all in the US per law once per year from each credit bureau) and to always check your credit card bills; card issuers are generally responsible for reversing fraudulent charges if reported by the card holder. You could also purchase identity theft monitoring services for peace of mind.
The almost bulletproof solution would be to download a Linux Live-CD, burn it or put it on an USB stick, boot from it (which won't even touch your hard drive and has no way to load any malware from it, even though a Linux system won't be able to execute them even if you asked it to) and do your purchases from there.
That would be more secure than VMs running on a compromised host, as keyloggers will work even with VMs (they don't care whether you type it in your browser on the host or in a VM software), where as malware that can tamper with a Linux ISO while it's downloading are pretty rare (I haven't heard of any) and it's quite hard to successfully embed malware (that will work successfully I mean) into an arbitrary Linux image given the thousands of different flavors and versions of them, where each of them uses a different compression algorithm/bootloader/init process.
Yes, a VM with a fresh, fully-updated OS from a known clean source can protect you from some types of malware on the host. If you have no other way to work from a known clean system, then this can be a 2nd best alternative, but some types of malware can still cause problems for you.
The other thing is that I'm not sure how "quick" this will be for you.
On the other hand, you have to define your risks. If you keep tabs on your credit card activity, you can spot and report suspicious activity right away and get your credit card company's help in resolving problems. If you are really concerned, you can also use a secondary card with an arbitrarily low credit limit, or even a pre-paid card.
