Recommended Linux Distros for Online Banking

mihawk90 · August 23, 2018, 1:11pm

Just on a side note. If you have a bank that takes online banking seriously then you are insured against damages anyway unless you were careless and the damages were your own doing.

Is that not required by law in the US? (If nit then… WTF?).

Adubs · August 23, 2018, 1:41pm

I do not need 2FA for my bank. Nor would I want it either.

catsay · August 23, 2018, 2:10pm

Whenever I come across this kind of question on thread, I sigh a little and make the cyber cat dance.
Security is not a hardware or software solution. You cannot buy or install security.

Developers try their best to keep you safe, but when the chocolate pudding hits the oscillating ventilator the rest of security is primarily up to you, the user.

The same I wrote before for iOS, applies here to the PC:

Is iOS really more secure? Phones & Tablets

Define secure, what is an acceptable degree of increased security and how secure do you want to be? What do you want to protect yourself from? Automated drive-by exploit malware, automated phishing, scammers, script kiddies, Purse & wallet thieves, carders & gangs, blanket surveillance, targeted surveillance & malware, private investigators, skilled hackers, gangs, the mafia, nation state agents? Any OS and the services you use are only as secure as the user and/or the person that set it up and use it. Doesn’t matter how locked down it is, If I get you to click the phishing link it’s owned. You can be phished via signal or PGP encrypted e-mail if preferred. If I convince a salesperson at your telco to give me access to your phone account. Bingo. *Shockingly easy with most telco's* If I get to someone at the company hosting any of the services you use (e-mail, messaging etc), you’re owned. If I get a copy of your emails from the email provider… Guess what. If I co-opt the baseband chip or the simcard on your phone to run malicious code. Same as before. Run cellular surveillance at city scale. If someone steals your phone at gunpoint forcing you to remove all locks, you could be hurt and owned or worse. If I get to your workstation where you plug in your phone and install a script that modifies your phone? If I get the active directory server in a company it doesn’t matter how secure the individual workstations are. If I can target someone else close to you or in your family I can use them to get to you. In person or otherwise. Their device can also be used to pivot into your network to your device. Think like a blackhat, actually no, be an absolute psychopathic asshole. Like someone that wants to make money from this. That sees you as their paycheck. Or alternatively someone that is convinced they are doing the right thing, someone working in law enforcement, who does this as a job. Who is convinced that you are a criminal. The sof…

You need to define your criteria for more secure. The question you where originally asking really is then: what distro offers the most suitable features for keeping myself secure online. What technologies do each offer that I can use to better protect myself from a internet banking related threat?

And since all distros offer about the same configurability out of the box, I would argue any linux / BSD flavour can be tuned to run just a stripped down web-browser inside a virtual machine with a locked down firewall that restricts traffic only to your banks domain.

Lastly, if you are truly concerned about security, I always suggest you also consider the following:

Do you know how to monitor your computer and keep track of:
- Open ports & connections
- State of files and changes in them
- Disk data integrity & smart status
- Do you have a firewall inspecting data traffic going in and out of your network?
Do you keep backups of your data?
- In multiple locations?
- On multiple forms of media?
Have you saved all necessary emergency numbers on your phone?
- Do you have a backup phone?
- Do you have a backup computer and e-mail address?
Do you carry a wallet with you?
- Do you know your own medical history, blood type etc in case of an emergency?
Do you have backups of your passwords stored elsewhere in encrypted form?
Does your hardware have a UPS?
Is your equipment insured?
- How easily can you afford to replace it?
- Have you documented all serial numbers and photographed all your tech assets?
How protected is your house/apartment/living accommodation against theft?
Do you have a recovery & response plan in place on what to do if you do get hacked or robbed?
- Have you assessed the potential impact of any potential personal disaster scenario.
- What do you do if your credit card is stolen/skimmed?
- What do you do if your identity is stolen?

mihawk90 · August 23, 2018, 4:03pm

Not for the login, the question was to regards to making transactions. And here making transactions at least requires a unique TAN per transaction.

nope · August 23, 2018, 6:37pm

im not the most knowledgeable on the topic ,

so im just here to see what people who know more than me, what advise they have to give to someone who’s not very knowledgeable on the topic . so yea , the specture vulnerabilities was a example.

My thought process was i would use a secure linux distro booted via usb , on a computer and wouldnt have to worry about hardware vulnerabilities.

tldr dont know much about linuix , but i know its more secure than windows . unless im wrong .if i am please explain im here to learn

nope · August 23, 2018, 6:43pm

physical stuff i can take care of , hardware im pretty knowledgeable at , but software i really don’t know much about but , some of your ideas i haven’t thought about thank you on the physical side .
thank you .

kewldude007 · August 23, 2018, 9:08pm

To be completely honest with you. If you are a normal person doing normal things it is unlikely for any Boogeyman to be after you and you are putting too much thought into this.

I manage my credit card using the edge browser on W10 and the only reason it was compromised is that “they” spoofed my cell number to get past 2FA and change the password.

Your operating system is low on the list of vulnerabilities.

Zippy_Parmesian · August 23, 2018, 9:58pm

Hahaha. You win

Eden · August 23, 2018, 10:22pm

Windows isnt necessarily less secure than Linux. The problem is we cant just make a statement like that as it just cant apply in all cases.

Correct me if i’m wrong. The question seems to be, how best can i do online banking in a way that i can keep what i control secure?

Would that be accurate?

You have to keep in mind that regardless, everything out of your direct control you have no control over. Banks systems could be compromised, 2FA could be compromised (if using SMS for example), the network you’re sitting on could be compromised, the routers could be compromised (MikroTik for example recently).

You do have control over your computer so whats the best options?

I’d argue, in this case, your best option is a Chromebook.

Why?

You’ve said yourself, your not overly familiar with the security side of things. So not trying to sound badly here but you cant secure a windows or Linux system. How would you know you did it correctly?

Windows can be secure, if you know what you’re doing.
Linux can be secure, if you know what you’re doing.

But if you don’t know what your doing, you may think you’ve secured it while leaving 100 other holes in the system. It’s come up multiple times on the forum, where someone looking for advice on security or privacy has (likely through no fault of their own) completely missed out areas they never even knew they had to consider that leaves their initial security or privacy fix absolutely pointless and a waste of time.

So why a Chromebook?

They can be cheap, you can use it just for things you wan’t to do on a known good peice of hardware.
They are fully supported for 6.5 years (the newest ones), not just software, but hardware also. This isnt the case for normal PC hardware.
They are made from the ground up with security in mind
Chromebook Security
(the TL:DR: by default: automatic updates, sandboxing, verified boot, encrypted, recovery (powerwash to known good state)

I picked a Chromebook because of your earlier comment. But if you want a secure piece of hardware for doing banking and other tasks you regard as sensitive, i’d challenge anyone to find something more secure out of the box. (a macbook maybe comes in similar security wise)

You can do it with other devices but there’s a lot more involved in almost all cases.

anon46267848 · August 23, 2018, 10:53pm

Android, then use your banks app.
It’s Mega secure, not even Dread Pirate Roberts can get in.