Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Banking on whether Windows is safe for banking




    BEST PRACTICES

    Banking on whether Windows is safe for banking




    By Susan Bradley

    Most of us who bank online (or do other sensitive financial transactions) through our PCs rarely give security a second thought.
    But all too frequently, our online credentials are stolen, giving cyber thieves access to our financial accounts. Here's how to defend yourself.

    The full text of this column is posted at http://windowssecrets.com/best-pract...e-for-banking/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Quinns Rocks, Western Australia
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    My Bank has a system (free to use) whereby a specific numeric code is sent to my mobile phone via sms to validate any transfer of funds from my bank a/c.
    Pretty secure system I think.
    Terence Kierans

  3. #3
    New Lounger
    Join Date
    May 2011
    Posts
    4
    Thanks
    0
    Thanked 2 Times in 2 Posts
    What if you have Trusteer Rapport as extra protection?
    I use a limited priviledges account, secunia, W7-IE9, MSE and all the standard advice for W7 settings

  4. #4
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Ray Wilkes View Post
    What if you have Trusteer Rapport as extra protection?
    I use a limited priviledges account, secunia, W7-IE9, MSE and all the standard advice for W7 settings
    Brian Krebbs on Trusteer Rapport Security Software. It has limitations.
    -- Bob Primak --

  5. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts

    Flawed Security Advice

    By its own admission, Malwarebytes Pro (paid product) is ACTIVE ANTIVIRUS.
    "RPP, Yeah You Know Me - Realtime Proactive Protection Module"
    This means it WILL conflict with most other competent active antivirus programs.
    Susan misstated that:

    The often-stated prohibition on using two AV apps applies to running two full-time scanners simultaneously.
    Where did she get that piece of misinformation?

    While Susan may be correct about MBAM Pro not conflicting with MSE in her system(s), there are many other possible system and security configurations, and her advice is at best incomplete, at worst possibly misleading.
    Whether and in what circumstances Malwarebytes Pro will offer better protections than MSE-4 is not stated in the article. What banking-relevant protections does MBAM Pro add to MSE which make it worth the price and the risk of conflicts?

    As used in the article, "Windows Defender" is not a correct term. Windows Defender is the new name for MSE as baked into the Windows 8 Operating System. It is also the older name for the native protections baked into Windows 7, but it is overridden when other AV (including MSE) is added. Windows Defender Offline (WDO) is the stand-alone burn to CD version, which can be used outside of the Windows Operating System for malware detection and removal.

    All modes of Windows Defender and MSE work well for what they are designed to do. How do they benefit significantly from the addition of any other real-time AV programs, by objective measures? Are there any independent tests of the MBAM Pro-MSE 4 combination vs. malware attack simulations to prove this theory? Secondary stand-alone scanners (with no active AV components) do add protections, but after the fact. Not while online.

    Flash Player is used by nearly all US online banking sites. Java is less common, but may be required. DEP is turned on by default in a fresh install of Windows 7.

    End the guesswork about Windows Services and other, unnecessary Services. Black Vipre has minimal Windows 7 services configurations, all in one place and ready for use in setting up a minimalist installation.

    Don't believe everything you read in Windows Secrets Newsletter!

    Other Considerations:

    If using Comodo Firewall in a secure computer environment, crank its Defense Plus and Firewall settings to Paranoid levels, and use Comodo DNS service. Comodo Sandboxing can be set up to add the browser you use for banking to the Sandbox. And Flash Player's main Active-X or Non-IE Plugin. If cranking up the settings of any HIPS Firewall (including Comodo) be ready for a flood of arcane popup alerts to which you will not know how to respond. Which is why I do not rely on third-party software firewalls or heuristics for protection. Zone Alarm Firewall is not in my experience suitable for high-security environments. It has failed me too many times, and its false positives can shut down your Internet Access completely.

    Speaking of browser security, one of the best security measures is to leave out all add-ins not needed to make the banking site work. This means, do not customize your browser when using it at secure web sites. And turn off all nonessential browser features which are not security related. There are additional steps you can take with browser settings, hosts and config files, but these are beyond the scope of this posting.

    If you're going the Virtual Machine route, why not just make the VM Linux in the first place? Did you folks know, Linux can be booted from a Flash Drive? This makes it almost independent of Windows, so you can have a secure banking OS right there at your computer without the need for a full-scale dedicated machine for the purpose. Linux also can run off USB Drives. But Linux Live from a CD is the safest mode, since the Windows OS is never turned on in the first place. However, the Hard Drive remains accessible to Linux Live. So not everything it does is necessarily going to vanish when you unplug the USB Drive, Flash Drive, or turn off the computer. Yet, as Susan notes, there is practically no Linux malware which can be run remotely.

    Router hardware and firmware security settings were not mentioned in the article. These are immportant if you're really concerned about online banking security. And wired router connections are more secure than wireless, even at home.
    Last edited by bobprimak; 2012-08-02 at 10:18.
    -- Bob Primak --

  6. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by bobprimak View Post
    By its own admission, Malwarebytes Pro (paid product) is ACTIVE ANTIVIRUS.
    "RPP, Yeah You Know Me - Realtime Proactive Protection Module"
    This means it WILL conflict with most other competent active antivirus programs.
    Susan misstated that: "The often-stated prohibition on using two AV apps applies to running two full-time scanners simultaneously"
    Where did she get that piece of misinformation?
    "full-time" was emphasized in the article. Perhaps the intention was not to use the realtime protection aspect of the paid version but heuristic scanning for zero day infections also not available in the free version?


    Quote Originally Posted by bobprimak View Post
    As used in the article, "Windows Defender" is not a correct term. Windows Defender is the new name for MSE as baked into the Windows 8 Operating System. It is also the older name for the native protections baked into Windows 7, but it is overridden when other AV (including MSE) is added. Windows Defender Offline (WDO) is the stand-alone burn to CD version, which can be used outside of the Windows Operating System for malware detection and removal.
    The link which immediately followed "Windows Defender" in the article was about Windows Defender Offline, so I think the intention was to refer to the self-booting anti-malware system. (But as the default Windows Defender in Windows 7 is only anti-spyware I think the reference should have been clearer.)

    Bruce
    Last edited by BruceR; 2012-08-02 at 12:15.

  7. #7
    New Lounger
    Join Date
    May 2011
    Posts
    4
    Thanks
    0
    Thanked 2 Times in 2 Posts
    As a non expert I am always interested to read what experts say, but I think home users can get too paranoid about malware.
    What I have picked up is that it is crucial to have:
    fully updated legal software (thank heavens for Secunia),
    the latest browser, with the correct settings,
    a hardware firewall, although I use the Windows one as well,
    and only to work in standard privileges mode.
    good passwords.
    My own experience of before and after having a hardware firewall is that it leaves your AV and software firewall with not much to do but I would not be without them.
    The biggest threat now seems to be malware which needs your help to install – it catches many.
    I prefer a free AV and then you never get caught out by not been fully up to date. I use MSE.
    For someone in a business or large organisation things must be much more difficult, but I have not had malware yet. I will be on the lookout though!

  8. The Following User Says Thank You to Ray Wilkes For This Useful Post:

    BruceR (2012-08-02)

  9. #8
    New Lounger
    Join Date
    Mar 2010
    Location
    Grand Rapids, MI
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts
    This is the 2nd WS Newsletter in a row where a respected writer says they are running MSE and Malwarebytes Pro (paid version) on the same machine. I was puzzled last week when Fred Langa said this, and now it's Susan Bradley.

    Perhaps as BruceR suggests above, they may be turning off Realtime Protection in Malwarebytes Pro (assuming that's possible), or perhaps there's some special reason why Mwb's Realtime really, really doesn't EVER conflict with MSE, or ... or? But neither columnist goes into detail about what would seem like an obvious problem.

    My interest is that I'll finally move from XP to Win7 in a few days, and want to have a good security config from the outset. Might be best to take a half-step back from what these Newsletters say, and stick with MSE plus periodic scans using Malwarebytes free version.

  10. #9
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    The article's suggestion of using a dedicated computer just for banking is very good advice for many users imo.
    Doing your banking on a computer with multiple users, imo, is a liability. Add children to the mix and you get a recipe for disater.

    If your not confident or have any bearing on your own security situation, your knowledge of computers, and even on the way you use your computer, you should abstain form doing any kind of business over the internet period, irregardless of whatever OS you plan to use.

    If you find your having to eradicate something or other on a regular basis, that should be a red flag to you right there.
    You are still your biggest security threat and knowledge will continue to be your greatest edge.

  11. #10
    New Lounger
    Join Date
    May 2011
    Posts
    4
    Thanks
    0
    Thanked 2 Times in 2 Posts

    to JohnHa Secure setup for W7

    I lifted this off microsoft MSE forums - it was by Steve Boots - I cannot find link at present
    A thing to be aware of is that the well protected platform has defence in depth, if one part fails for some reason, something else will protect.
    Steve Boots list:
    A well-protected platform consists of:
     A fully updated (legal) Operating System (including service packs), with Automatic Update ON.
     Updated Third Party Applications (Java, Adobe Flash, Adobe Reader, etc)
    note by RW use Secunia to take care of this.
     MSE installed for comprehensive anti-malware protection and malicious script scanning
     Internet Explorer 9 default security settings (Reset all zones to default level),
    with SmartScreen Filter ON, and Pop-Up Blocker ON.
     Windows Firewall ON.
     User Account Control (UAC) ON (Vista and Windows 7), and not running with elevated privileges.
     A good password policy in effect.
     And, nothing is better than having a good backup procedure, and practicing safe surfing.

    I would add a hardware firewall to this list - but I guess most people have routers so they are fine as long as they have not disabled it!.

  12. The Following User Says Thank You to Ray Wilkes For This Useful Post:

    JohnHa (2012-08-04)

  13. #11
    New Lounger
    Join Date
    Mar 2010
    Location
    Grand Rapids, MI
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thank you, RW. My general notions of what I must do are pretty well aligned with this info. But to have it now in a concise bullet list will make it easier and more efficient.

  14. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by BruceR View Post
    "full-time" was emphasized in the article. Perhaps the intention was not to use the realtime protection aspect of the paid version but heuristic scanning for zero day infections also not available in the free version?
    If any default setup is in any way altered or turned off, the author of the article should state this clearly within the article. That's just good editorial practice, I think.

    Quote Originally Posted by BruceR View Post
    The link which immediately followed "Windows Defender" in the article was about Windows Defender Offline, so I think the intention was to refer to the self-booting anti-malware system. (But as the default Windows Defender in Windows 7 is only anti-spyware I think the reference should have been clearer.)

    Bruce
    Still, it never hurts to call things by their proper names, when not doing so could cause some reader confusion. (Especially if they did not follow the link.)
    -- Bob Primak --

  15. #13
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    SB’s suggestion of using an old PC just for banking aroused my interest, as I will certainly need to replace my nine year old machine next year.

    Unfortunately there are two problems:

    1. where to place the old PC in a tiny study full of bookcases,
    2. apparently XP is not adequate, it must be Win 7. How many people have a spare copy of that hanging around? I would expect my next PC to last 8 – 10 years (assuming I survive into my 90s), and by then W7 or 8 will probably be regarded as inadequate.


    Meanwhile I’ll just have to be vigilant with my online banking.

    George

  16. #14
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by georgelee View Post
    SB’s suggestion of using an old PC just for banking aroused my interest, as I will certainly need to replace my nine year old machine next year.

    Unfortunately there are two problems:
    1. where to place the old PC in a tiny study full of bookcases,
    2. apparently XP is not adequate, it must be Win 7. How many people have a spare copy of that hanging around? I would expect my next PC to last 8 – 10 years (assuming I survive into my 90s), and by then W7 or 8 will probably be regarded as inadequate.
    Meanwhile I’ll just have to be vigilant with my online banking.

    George
    Not that I recommend upgrading a very old PC, but Windows 7 Home Premium Upgrade Licenses are selling online in the USA for about USD$60 or less. Easily under USD$100. Perfectly legit. And not OEM. Full boxed retail licenses are now under USD$150, and may drop further as Win 8 Pro hits the market. Not cheap, and not recommended for a nine year old PC, but not too bad for a general purpose upgrade (or a full retail license to upgrade to Windows 8 on a modern PC).

    For an older PC which had Windows XP and will be dedicated to online banking, I might choose to go with some distro of Linux, and harden it with a firewall and antivirus for that family of Linux distros. At least properly configure any built-in Linux firewall -- it's not that difficult and there are online tutorials. And secure your router. Who knows, if you like Linux, maybe it will become your full-time safe surfing alternative.

    Sorry, George, I cannot offer you any additional physical office space.
    Last edited by bobprimak; 2012-08-06 at 14:00.
    -- Bob Primak --

  17. #15
    New Lounger
    Join Date
    Sep 2010
    Location
    Yuma,AZ.
    Posts
    12
    Thanks
    1
    Thanked 0 Times in 0 Posts

    standard user

    After setting up another account, (standard user), and logging off one and logging on the other, I noticed that there is a "switch user box". Is this a good idea or should a person log off one before logging on the other, especially when going from administrative user account to standard user account?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •