Linux hackable ?

[tergemble]

hey all,

I used Windows for Homebanking, but that's not so secure, like everyone knows. I can use Linux to do this job (in Inter Explorer via crossOver) , but since it is open-source, i'd like to know how secure it is.

I'm using Mepis 3.4-3 and there is a built-in firewall I suppose, do I need it ?

Thanks in advance, Tergemble

[budman7]

A firewall is always a good idea.
Do you mean Internet Explorer, if so that will be te weak point.
Have you tried using Firefox for your homebanking?

My bank told me that I would not be able to use anything besides IE or Netscape, I just went ahead and ued FF anyways, despite an error that said I would not be able to. It worked just fine for me.

[technossomy]

A discussion on inherent insecurity aside, I am not convinced that IE should not be used for homebanking. If you have the latest anti-virus software running, a well rigged firewall and the latest Windows patches you should be fine, provided your bank uses https. Your bank account is far more likely being compromised through careless password keeping, banking in insecure locations, such as an Internet cafe, and falling prey to social engineering.

Hope this helps

tech

[farslayer]

Personally I'm convinced that Internet Explorer shouldn't be used for anything web related. I prefer to access everything through Firefox. If the banks web site doesn't work with Firefox I would switch to a bank that does, but quite honestly My bank, CC company, Mortgage company, etc all work fine with Firefox.

[bigtomrodney]

If they say it won't work in any of the others it may not, but I'm surprised that they mention Netscape. If they bother to make it work in Netscape you should be okay. Remember, that obviously means no IE specific code - And anyway Netscape spawned Mozilla which spawned Firefox. Oversimplified but....

My bank swear they only support IE6+ on windows. The fact is I work for that bank and they actually coded for NT4.0 and IE5.5. The only reason they don't support firefox is because they're too lazy to test it and take on the risk of another browser. A bit shortsighted imho. I use firefox every day for my online banking with them.

[technossomy]

To state that the site should only be used with one particular browser is probably a liability issue and there to indemnify the bank in question of any denial of service on their part. The terms of use of the site are full of these type of disclaimers.

[michael_aust]

Well here in the Uk as far as I am aware the accesability laws for websites and thing also include shardware and software and not just suitable for diabled people, sites have to offer access for users of other browsers or operating systems. However most government sites in the UK fail this namely the Job centre site which doesnt even work at all in firefox.

[DagonSphere]

If you're running Windows, with the internet connection coming straight into the Windows box, I'm thinking that it can be pretty secure, even with IE. I've used the free versions of ZoneAlarm firewall, Spybot Search and Destroy, AdAware, and the free AVG Antivirus. I've used that setup for years, without a single problem. I feel that's secure until the user opens up the line of communication to a 'bad' website that will exploit the vunerabilities of IE, or any browser for that matter. IE, of course, being the worst. Especially because of ActiveX.

I have a guy at work that flat out refuses to switch away from IE. And it was a rare occasion that I ever had a problem with that particular box. I don't know if he ever went to a bank website, but he does do a lot of surfing for info which increases the chance of hitting a malicious website.

Since I put in a Linux NAT/Firewall router, I've had not a single problem anywhere. My high speed connection at work has a static IP. My iptables script locks up everything nice and tight. The computer is invisible to blind probes. I still use the full gamut of security on all the Windows machines, but ZoneAlarm hasn't even reported a single connection attempt on any computer.

Personally, I avoid IE like the plague. But from experience at work, I think it's OK to use with the proper security. But then again, I'm no security expert. One site I go to for personal finance will not work with Firefox, so I just use Mozilla instead, and it works with that site just fine.

For anyone interested in my Linux firewall, I use Arno's IPtables script. Just google for it, and you should find it.

DS