Peppermint OS Community Forum

Support => New Users => Topic started by: Sutsie on January 24, 2018, 11:19:36 am

Title: Online Banking with peppermint 8 respin (SOLVED)
Post by: Sutsie on January 24, 2018, 11:19:36 am
is it safe to bank online with peppermint 8 respin installed on my laptop?  or should i just run the live usb for banking?  is it even safer if i run the usb on a laptop without an internal hdd?  I have an old laptop that shuts down everytime i play videos, so i took the HDD out to use externally.  I am not very IT literate.  All i know about Linux is how to create a live USB and plug stuff in and out. 

thanks in advance for any help given
Title: Re: Online Banking with peppermint 8 respin
Post by: mac on January 24, 2018, 11:49:54 am
As you probably already know, no operating system is entirely secure (hack proof).  However, Peppermint is as secure as any and more secure than many.  For the most part, common sense is the key to internet security, banking or otherwise.  IMHO internet banking security depends on the following:

the security of your bank's software
keeping your OS & Browser updated
creating a strong password and keeping it private (memorized & not written down)
doing your business on the site quickly and then logging out and restarting your browser each time
*using a hardwire connection and not using wifi

It would also help to use a private, personal computer to which no one else has access.  I would also use a VPN if your bank allows.  The benefit of using detatchable media for the os would be nonimal, IMHO.  Be careful, diligent and stay on top of your bank statements & transactions. 


* Many people do use wifi for banking but I do not / would not.  Wifi is by nature less secure than hardwire. 
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 11:58:12 am
thanks for the reply.
how do i keep my browser updated on a live usb?  most likely i will run the live usb as it seems to be the recommended way  because everything is erased on shutdown?
Title: Re: Online Banking with peppermint 8 respin
Post by: mac on January 24, 2018, 12:20:36 pm
Create a persistant USB install.  Here's how: https://forum.peppermintos.com/index.php/topic,5076.msg50704.html#msg50704
The tutorial is for P7 but it works with P8 as well.  Post back if you run into problems. 

cheers
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 12:57:51 pm
thanks.  will try it out first.  however, i was reading while waiting for a reply and it seems that live usb is recommended for banking precisely because nothing is saved after shutdown. the implication being that the live usb cannot be infected in any way.  if i create persistence as suggested, doesn't that mean that i might unintentionally save something malicious onto the live usb?
Title: Re: Online Banking with peppermint 8 respin
Post by: PCNetSpec on January 24, 2018, 01:03:27 pm
Whilst using a LiveUSB may not be any more secure as far as the online connection goes (which should be secure and encrypted via https anyway), it'd certainly be more secure as far as NOTHING being left behind on the PC at all.

But you'd definitely want a NON persistent LiveUSB, or traces may be saved to the persistence file.
Title: Re: Online Banking with peppermint 8 respin
Post by: zebedeeboss on January 24, 2018, 01:11:34 pm
"Touch Wood"

I have had no adverse transaction doing online banking whilst using Peppermint on my main PC at home since July 2015 (1st Peppermint install)

Hard wired not wi-fi and no VPN

I have also made Credit Card transactions and again "Touch Wood" to no ill effect.

If you feel the need to carry out extra precautions that is your choice. I am just letting you know it's OK for me as is.

Regards Zeb...
Title: Re: Online Banking with peppermint 8 respin
Post by: PCNetSpec on January 24, 2018, 01:27:49 pm
Peppermint is about as secure as you'll get, but the web browser may not be .. let's say you somehow unintentionally installed a browser plugin that transmitted your text entry to a third party .. bank pwned.

Or maybe you downloaded a malicious .deb file from outside the default repos that contained a keylogger .. bank pwned.

But a LiveUSB with NO persistence will have its browser (and all plugins), and all installed software reset to default as soon as it's powered down .. so the next time you boot it, it's as clean as it gets again.

Also nothing gets saved to the PC, and there are no persistent caches on the NON-persistent LiveuSB .. so even if you loose the USB stick, there'ss absolutely no trace it was ever used if someone else finds it.

It depends how security minded/paranoid you are ;)
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 01:32:47 pm
Whilst using a LiveUSB may not be any more secure as far as the online connection goes (which should be secure and encrypted via https anyway), it'd certainly be more secure as far as NOTHING being left behind on the PC at all.

But you'd definitely want a NON persistent LiveUSB, or traces may be saved to the persistence file.

my gut feeling tells me live usb is safer, however the part about using updated browser makes sense to me too.  so, now the next question what to do if the browser is not the updated version?   
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 01:36:08 pm
Peppermint is about as secure as you'll get, but the web browser may not be .. let's say you somehow unintentionally installed a browser plugin that transmitted your text entry to a third party .. bank pwned.

Or maybe you downloaded a malicious .deb file from outside the default repos that contained a keylogger .. bank pwned.

But a LiveUSB with NO persistence will have its browser (and all plugins), and all installed software reset to default as soon as it's powered down .. so the next time you boot it, it's as clean as it gets again.

Also nothing gets saved to the PC, and there are no persistent caches on the NON-persistent LiveuSB .. so even if you loose the USB stick, there'ss absolutely no trace it was ever used if someone else finds it.

It depends how security minded/paranoid you are ;)



my level of  paranoia is at 10/10 right now due to hackings on people i know.

to all who replied, i really appreciate the effort taken to educate me.  linux is really a great community as reported.

the learning curve is quite hard for me as i have no experience except being able to read and write english.   with support like this, i feel greatly encouraged.
Title: Re: Online Banking with peppermint 8 respin
Post by: murraymint on January 24, 2018, 02:06:09 pm
You should be able to do a software update in the live session which would include the browser.
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 02:25:57 pm
You should be able to do a software update in the live session which would include the browser.


so, this means i have to update browser for every session since live usb does not save anything?
Title: Re: Online Banking with peppermint 8 respin
Post by: PCNetSpec on January 24, 2018, 02:39:14 pm
Why would you need to update the browser ? .. I mean you can, but as you say you'd have to do it every time (on a non persistent LiveUSB).
Title: Re: Online Banking with peppermint 8 respin
Post by: murraymint on January 24, 2018, 02:43:55 pm
From a security point of view, some of the mitigations for Intel's woes are at the browser level.
Title: Re: Online Banking with peppermint 8 respin
Post by: pin on January 24, 2018, 03:18:08 pm
Yes, but it would be hard to explore either Meltdown or Spectre if the system reverts back. Woundn't it? I mean, nothing is saved on the live system.

Skickat från min SM-G900F via Tapatalk

Title: Re: Online Banking with peppermint 8 respin
Post by: PCNetSpec on January 24, 2018, 03:25:45 pm
From a security point of view, some of the mitigations for Intel's woes are at the browser level.

Something tells me that anyone with a LiveUSB specifically for banking would be unlikely to go an a web browsing spree to risky sites prior to doing their online banking, so would be unlikely to go to a site that could remotely exploit Spectre in the first place .. and I doubt the bank will be doing it ;)

In any case, as soon as Chromium 64 hits the repos, we'll be building/releasing an updated ISO.
Title: Re: Online Banking with peppermint 8 respin
Post by: murraymint on January 24, 2018, 05:10:03 pm
Yeah, I view most of these risks as mainly theoretical and this one is no different  :)
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 10:41:23 pm
thank you all.  so i am going ahead with the live usb option for banking.
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 24, 2018, 10:49:08 pm
out of curiosity, which browser does this forum feel is the safest for banking/
Title: Re: Online Banking with peppermint 8 respin
Post by: christianvl on January 25, 2018, 05:38:13 am
Wouldn't using a "guest" account or a virtual system, both in a system with an encrypted hard drive, as good as a LiveUSB distro? Unless you're already using an infected system...

Here in Brazil it is not easy to do online banking: two factor authentication is mandatory (usually you must have the bank app on your smartphone to generate the second password and you can only enable the app going to the bank). You're also forced to install a security add-on on your computer (the infamous warsaw). Then, when you're actually doing a transaction, you'll be asked to scan a QR Code from your computer screen with your phone, double check and confirm what you're doing and enter a third random password on your computer.

You can also have a detailed notification sent to your phone whenever a transaction is made (some banks can even pinpoint the geolocation of where it was done).

So, in my case, the need for the add-on turns using a LiveUSB even more troublesome.

For me, an encrypted HD, a guest account and Firefox with NoScript and in private mode is enough.
Title: Re: Online Banking with peppermint 8 respin
Post by: pin on January 25, 2018, 07:23:15 am
Well, here in Sweden there is no Linux support for internet banking  :'(
It was removed five years ago  :'(
There is a way of doing it from Linux and it's similar to what christianvl described, but not that tedious.
From windows and mac you can install a driver provided by a third party to the bank (that's what doesn't work on Linux) and than use a security key on a chip connected to your computer through USB.
On Linux you login with your ID number and confirm it with a 9-digit random generated code that you type on the chip-card reader without the USB attachment. The card reader will provide a second code that you type as a confirmation to the first code. The same is done to confirm the payments at the end.
A third but, less secure way to do it is to use mobile-ID using your phone.
So, on windows and mac you have all the three choices, but on Linux only the last two  :'(
Must say that in IMO the connected method, that can't be done on Linux, feels less secure since that code doesn't change, it's the same for every login and confirmation.
Anyway, what I usually do... Use my regular Peppermint 7 and Firefox (one window only) login, pay my bills using the system with random codes described above, logout, clear history, cookies and the cache and close Firefox.
You still need the chip-card and the card-reader to do anything.
Title: Re: Online Banking with peppermint 8 respin
Post by: Sutsie on January 25, 2018, 10:39:37 am
In Malaysia, we only have the third less secure way that is to use mobile-ID using your phone.
Anyway, as a courtesy, i am supposed to close out this topic as solved. 

So i would like to extend a BIG THANK YOU.  It has been very educational