Ditching windows and using Linux on personal computer for secure financial transactions

vanity

[dennisw]

My question is: 
What do freepers think using Linux on personal computer for on line secure financial transactions without the windows update and virus hassles? 

Ditching windows and using Linux on personal computer for secure financial transactions

I'm thinking of setting up one computer with Linux to use for my on line financial transactions. Stock trading, mutual funds on line, on line banking, bill paying etc. Right now I have home computers with XP and win 2000 and intend to keep windows on them for my other internet use. It seems easier to use Linux for secure financial transactions than concerning myself with the latest windows updates, Explorer and Outlook Express security patches and updates. That make one's computer secure from hacking. 

Hacking, theft of passwords and financial information are my main concern. 

Viruses also are not much concern in the Linux world.

Stand alone home computers, personal computers and small office computers are my concern here. Not computer networks.

[AppyPappy]

How good are you with Linux? Linux is not for newbies. If you are comfortable with making changes to Windows settings, Linux is a good choice. If you freeze in fear everytime something goes wrong, Linux is not a good choice.

[Scannall]

Get a Mac. Same Unix security, lack of viruses, worms, trojans, spyware etc. Plus it actually works, and is easy to set up and use.

Dan

[Scannall]

Get a Mac. Same Unix security, lack of viruses, worms, trojans, spyware etc. Plus it actually works, and is easy to set up and use.

Dan

[dennisw]

How good are you with Linux? Linux is not for newbies.

Last month I downloaded, burned to 3 CDs and installed Red Hat on a hard drive for a few days. Had to wipe Linux off after one week because I needed to use hard drive for other things. I used it on the internet a bit with no problems. 

For best security on financial transactions I would have to read up on Linux security settings? I would use the latest Netscape, Firebird and or Opera which must be secure these days

[dennisw]

I'm too stingey to go the Mac route.

[Fishrrman]

dennisw writes:
My question is:
What do freepers think using Linux on personal computer for on line secure financial transactions without the windows update and virus hassles?

Why don't you just get a Macintosh running OS X?

I believe the new Mac OS is [at its core] UNIX with a Macintosh-like "front end".

I use OS 9 myself, and have _never_ had problems with viruses, worms, trojans, hacking, intrusions, or any other security matters. And I don't even use any live "virus protection".

- John

[AppyPappy]

Correct. The only problem you would have with linux is when you want to make changes. It's easy but different.

[Paradox]

I got another 80 gig hard drive ($50 after rebate) for my main computer, and I plan to run a multiboot system on it. Windows XP Pro and Linux. I havent decided yet which version of Linux to try out. This is more of a "try it out" kind of thing for me, I have no real "need" for it, but I want to check out Linux. I have used "real" unix on a university computer. Was raised on a command line and all..

[Golden Eagle]

The honest answer is any version of Linux you use is going to have significant security vulnerabilities right out of the box as well. LWN.NET is a website for Linux users that maintains vulnerability lists for many common Linux distros, and there are literally hundreds of holes listed for most versions of Linux (http://lwn.net/Alerts/).

And while Linux distros have a large number of unplugged holes to begin with, you will also find the method of patching Linux is in most cases more difficult than applying patches for Windows or OSX. Rather than just simply "pointing and clicking", you will often find yourself at the command line typing obsure commands. As an example, here are the procedures for a patch for Suse dated December 4 (http://lwn.net/Alerts/61612/):

**** Step 1: Determine the needed kernel type

Please use the following command to find the kernel type that is
installed on your system:

rpm -qf /boot/vmlinuz

The following options are possible (disregarding the version and build
number following the name, separated by the "-" character):

k_deflt # default kernel, good for most systems.
k_i386 # kernel for older processors and chipsets
k_athlon # kernel made specifically for AMD Athlon(tm) family processors
k_psmp # kernel for Pentium-I dual processor systems
k_smp # kernel for SMP systems (Pentium-II and above)

**** Step 2: Download the package for your system

Please download the kernel RPM package for your distribution with the
name starting as indicated by Step 1. The list of all kernel rpm
packages is appended below. Note: The kernel-source package does not
contain any binary kernel in bootable form. Instead, it contains the
sources that the binary kernel rpm packages are made from. It can be
used by administrators who have decided to build their own kernel.
Since the kernel-source.rpm is an installable (compiled) package that
contains sources for the linux kernel, it is not the source RPM for
the kernel RPM binary packages.

The kernel RPM binary packages for the distributions can be found at these
locations below ftp://ftp.suse.com/pub/suse/i386/update/.

7.3/kernel/2.4.18-20031204
8.0/kernel/2.4.18-20031204
8.1/rpm/i586
8.2/rpm/i586
9.0/rpm/i586

After downloading the kernel RPM package for your system, you should
verify the authenticity of the kernel rpm package using the methods as
listed in section 3) of each SUSE Security Announcement.


**** Step 3: Installing your kernel rpm package

Install the rpm package that you have downloaded in Steps 3 or 4 with
the command
rpm -Uhv --nodeps --force
whereis the name of the rpm package that you downloaded.

Warning: After performing this step, your system will likely not be
able to boot if the following steps have not been fully
applied.


If you run SUSE LINUX 8.1 and haven't applied the previous
kernel update (SUSE-SA:2003:034), AND use the freeswan package,
you also need to update the freeswan rpm as a dependency as offered
by YOU (Yast Online Update). The package can be downloaded from
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/

**** Step 4: configuring and creating the initrd

The initrd is a ramdisk that is being loaded into the memory of your
system together with the kernel boot image by the bootloader. The
kernel uses the content of this ramdisk to execute commands that must
be run before the kernel can mount its actual root filesystem. It is
usually used to initialize scsi drivers or NIC drivers for diskless
operation.

The variable INITRD_MODULES (set in the files /etc/rc.config up to
7.3) or /etc/sysconfig/kernel (after and including 8.0)) determines
which kernel modules will be loaded in the initrd before the kernel
has mounted its actual root filesystem. The variable should contain
your scsi adapter (if any) or filesystem driver modules.

With the installation of the new kernel, the initrd has to be
re-packed with the update kernel modules. Please run the command

mk_initrd

as root to create a new init rmadisk (initrd) for your system.
On SuSE Linux 8.1 and later, this is done automatically when the
RPM is installed.


**** Step 5: bootloader

If you have a 7.x system, you must now run the command

lilo

as root to initialize the lilo bootloader for your system. Then
proceed to the next step.

If you run a SUSE LINUX 8.x or a SLES8 system, there are two options:
Depending on your software configuration, you have the lilo bootloader
or the grub bootloader installed and initialized on your system.
The grub bootloader does not require any further actions to be
performed after the new kernel images have been moved in place by the
rpm Update command.
If you have a lilo bootloader installed and initialized, then the lilo
program must be run as root. Use the command

grep LOADER_TYPE /etc/sysconfig/bootloader

to find out which boot loader is configured. If it is lilo, then you
must run the lilo command as root. If grub is listed, then your system
does not require any bootloader initialization.

Warning: An improperly installed bootloader may render your system
unbootable.

**** Step 6: reboot

If all of the steps above have been successfully applied to your
system, then the new kernel including the kernel modules and the
initrd should be ready to boot. The system needs to be rebooted for
the changes to become active. Please make sure that all steps are
complete, then reboot using the command
shutdown -r now
or
init 6

Your system should now shut down and reboot with the new kernel.

(end excerpt)

That may be easy for you and you may even look forward to it. But the bottom line remains there are many default holes in Linux, and they are typically harder to patch, no matter what the Linux crowd may want you to believe.

[AppyPappy]

For newbies to Linux, I recommend Mandrake. I have loaded it a dozen times and never had a problem.

[Golden Eagle]

Sorry about those links, apparently the close parenthesis stuck to the link. Here they are again:

http://lwn.net/Alerts/

http://lwn.net/Alerts/61612/

[Fishrrman]

dennisw writes:
I'm too stingey to go the Mac route

You don't have to spend a lot of $$$ to "go Macintosh". I bought my last Mac on Ebay for the kingly sum of $137 (I have since put a few hundred more $$$ into upgrading it).

You don't need to spend big bucks on an Apple-labeled monitor, either. I use SONY Trinitrons with my Macs. The 17" Trinitron I bought for the $137 PowerMac 9600 mentioned above cost me $99 (after $50 rebate) from Best Buy.

I picked up generic "PC" USB and Firewire cards for it (less than $20 each) and they went right in. I use a Microsoft "Blue" USB mouse which I got for $20.

Of course, I _enjoy_ buying stuff on the cheap and upgrading it. However, for someone getting into Mac for the first time, I would suggest buying nothing less than a "native" g3 or g4 model Mac. You can find a "beige" g3 tower model in the $250 price range, or a "blue & white" g3 (the first model to have built-in USB) for a little more.

Even Apple.com has some relatively good deals. I believe they're selling the 1.4gig g4 "dual boot" model (boots up in _both_ OS 9 and OS X) for $1,299. Just add a monitor and you're good to go.

It's possible to find similarly-equipped refurbished models for less. But if I was "buying new" today, I'd jump for the g4.

Yes, it's a little more expensive, but you'll definitely get what you pay for.

If what you perceive as "too pricey" is the only thing holding you back from the Mac, think again. You can put together a useful and surprisingly fast home workstation together for less than $500 if you select your components carefully.

- John

[MarkeyD]

I installed LINUX several years ago as a test. I had been selling UNIX based tools (SUN/OS, HPUX, ULTRIX) for years. Administrating LINUX is/was not for the feint of heart. And trying to get information out of newgroups was pain. Either they didn't know the answers, or took offence that I even asked the question. My degree is in Electrical Engineering and I'm currently working as a software designer, but I really hate those LINUX geeks. Most software developers are commy/socialis/freeware bastards anyway. The can't stand real competition and don't understand people in the 'real world', which is why UNIX has not been a commercial success. They just don't think like normal people!

[farmfriend]

ping

[RhoTheta]

Ping.

I loaded up a laptop with Mandrake Linux 9.2 for just such an experiment. I am also trying to get my Mandrake 9.2 firewall talking. The whole intent of the laptop experiment is to see if there is a non-Billy alternative, and to learn Linux.

[econprof]

If you want to try out linux, there is a Knoppix distribution that runs from a CD. It makes no changes to your windoz setup. Just search on Google for the iso and burn the CD. It's free and perfectly legal too. I think you will be amazed at what linux can do.

[eclectic]

Don't do this! Using Linux you'd support the communist subversion!

Don't switch to Mac either - it is worse than Windows in almost every respect (how would you explain its market share relative to Windows otherwise?!)

Stick to Windows XP, configure it for automatic security updates and you'll be fine

[econprof]

More on Knoppix. Download from http://www.knoppix.net/get.php or you can order the CD from cheapbytes.com for $4.99 plus shipping. Just boot from the CD and give linux a try.

[stylin_geek]

For the most part, security is not dependent on OS, but dependent on the person who is using the computer. If you use a 128 bit encrypted web browser for secure transactions, you should be okay.

Where the problem starts is if you keep the transaction files and passwords on your local computer. And, since your transactions actually take place on a computer you connect to, there is also a chance of security problems happening on the other end.

What it comes down to is, you have to keep a close eye on your system, no matter what OS, because if your financial transactions are that important, there is no way to "set up and forget."

Basically, you have to do regular computer maintenance, make sure you have a good firewall, regularly updated virus software, and use appropriately encrypted web browsers. Also, you certainly need to keep an eye on the company you do your transactions with, and make sure they are well aware of security, and take it seriously.