Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I reboot into Linux to do my online banking?

Question:

I like Windows a lot, but anti-virus is not 100%. If I switch to Firefox and
Linux, am I 100% virus proof for online banking, etc. or 99% proof? I'm using
the same computer in a dual-boot configuration and I'd be back to Windows after
logging out of banking.

In this excerpt from
Answercast #85
, I look at the added security that can be added to online
banking by booting your computer into Linux.

]]>

Linux for banking

So there is no such thing as 100% virus proof on any platform. Don't let anybody tell you otherwise.

There are viruses for every possible platform that you are likely to use. Linux, Macintosh, and Windows. There are in fact viruses (and so forth) available for each.

Not popular enough for viruses

Now, 99% is actually not that bad a number. That is probably more accurate representation of something like Linux for the average home user; 99% or even 99.9% virus proof is probably what I would consider it.

That may change over time. If more and more people start using Linux, virus writers will say, "Hey, more and more people are using Linux. There's an opportunity for us to start causing them trouble too."

But right now, yes, it is pretty safe. And what you're describing is in fact what many of the more stringent security-minded people actually recommend.

Dual boot into Linux

Either use a dual boot into a Linux system (the browser at that point doesn't matter that much - Firefox is fine) and use that exclusively for online banking.

Boot from Live CD/DVD

Or, some go so far as to make sure you use a live CD or DVD - so you're actually not using "dual boot." You're actually booting from optical media that can't be written to.

What that means is that no matter what happens during your Linux session, it's not saved.

So, if for some reason, there's some kind of malware or security exploit that tries to install something on the Linux system - it can't. As soon as you reboot, you're back to Windows - and as soon as you reboot again from the DVD, the DVD wasn't altered by whatever malware tried to do.

Like I said, it's not likely; it's not common. I do know that many people do recommend using Linux (or simply booting into Linux temporarily) for online banking.

Banking on Windows

Now, full disclosure: I don't do that. I actually do my online banking from my Windows machine.

I run Windows 7; I have Microsoft Security Essentials as my anti-malware tool - and I have experience in making sure to avoid things that should be avoided: the places that are likely to get malware.

In reality, that's my recommendation in general.

Is it 100%? Absolutely not - nothing is. Is it 99%? Probably pretty close. It's certainly not 99.9%. It's not as safe, as secure as the reboot into Linux scenario - but in my opinion and in my experience, it's secure enough.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Should I reboot into Linux to do my online banking?”

  1. Malware is now being written that is cross-platform. In other words, no matter what platform you’re running the malware can install and configure itself. Windows, Mac or Linux, it doesn’t matter. Look for that to become common-place.

    Reply
  2. Or you can use a single purpose Virtual Machine so you don’t even have to reboot your whole system. That Live CD can even run inside the VM.

    Reply
  3. Leo’s arrangements are fine and dandy; Windows is safe enough on a properly maintained machine, and MSSE performs well regardless of funny benchmarking at some places.

    The worst kind of “virus” one could get is perfectly physical. Based on experience:

    1. Never, ever, let other people use your card.
    2. Get your statements online only, not in the mail.

    If someone installs a hardware keylogger on your equipment, no flavor of Linux will help.

    Reply
  4. Tom R. I think what you refer to is the Java exploit, And all you have to do to fix this is disable Java, Oracle is working on this all be it a little slowly, But yes point taken!

    Reply
  5. I use msse in conjugation with sandboxie. We have not been robbed online yet in this household.Early days perhaps..?
    Can’t say the same in the physical world unfortunately…..
    @Tom R ….any actual examples or links pls.

    Jp

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.