Ditching windows and using Linux on personal computer for secure financial transactions

vanity

[Golden Eagle]

perhaps I'll buy a router to provide that hardware firewall. Some freepers have said to get a router even if you have just one computer.

It would be a very sound investment, probably the best you could make towards any initial investment towards improved security. The software firewall directly loaded on your actual computers would be your second best investment, they can be configured so tightly that patches can theoretically be ignored in order to avoid the performance hit you describe. Although I know of some doing this it is not a practice I would recommend that anyone but an expert attempt, I only mention it to underscore the protection the firewalls can provide. Good luck.

[Criminal Number 18F]

I don't like all the updates, virus threats and paranoia about online security with XP/2000

Problem is, you REALLY need to run the updates in Windows land. The biggest single threat is malware spread through email; partly that's because the (*&^$#s are very cunning at getting you to run their damned malware, and part of it is because the guys who did the architecture of outlook/exchange were only thinking about how nice people would use it, not how (*&%&$^#s would manipulate it.

One reason *n*x programs tend to be a little safer when thrown in among the lions, is that the original design was done and deployed in university computing labs, where all the wise-asses on earth congregate. The sort of problem that is caused by too much faith in your fellow man was exposed very early in the development process. The *n*x of today is the product of almost 35 years of continuous development in that harsh environment. Problems still crop up, but the guy who took over your email program with a bit of clever code can't "cd / ; rm -r" which is the equivalent of "format c:". The guy who seizes control of Outlook can, essentially, "format c:" or any lesser mischief he has in mind.

The FReeper who posted the "Friday night checklist" gave very good advice and you should follow it for your Windows box and the guy who finds his machine sent 360,000 spams in the middle of the night is going to be some other poor throg -- not you.

d.o.l.

Criminal Number 18F

[Criminal Number 18F]

Your points about Linux (not secure by default, and patching is more difficult). I'll give you the first on most distros, especially for server oriented or build-em-yourself distros. The second... I dunno. The auto update in XP is stone easy to use. The one in MacOS X is a bit tougher; and it has the bad habit of recommending you install updates you don't need (it wants me to put new Bluetooth drivers on my TiBook which hasn't got Bluetooth, for instance... I bet 90% of the TiBook users dunno what Bluetooth is, and installed the drivers... sigh).

But is typing "up2date" at the command line, and then following the prompts, any different?

You asked about an equiv to WInXPs simple firewall in another post (I think it was you). "ipfw" is one very common one. There are a number of GUIs out there for it (to me that is one of the downsides of Linux/BSD/etc. -- there's never ONE interface you can completely rely on. As is usual in the *n*x world, ipfw is very powerful. There are also freely available IDSs (Intrusion Detection Systems) like "snort", etc, and you can do some cool stuff like edit your router's access-list programmatically so that anyone who tries certain types of hacks finds his IP locked out.

I used to recommend that people get WinRoute or other router/firewall software for a home Windows box on DSL or cable. However, the cost of decent little hardware routers has dropped to about the cost of the software. The router is less fiddly for the average joe to configure, and with NAT enabled it is quite a challenge to the usual h4X0r to find your box, let alone abuse it.

d.o.l.

Criminal Number 18F

[Redcloak]

My Linksys keeps a log of incoming and outgoing IP addresses. The incoming log also lists the ports the incoming traffic was attempting to hit. Most of what you'll see is legitimate traffic. For example, my log's most recent entry is a mail server's response to my wife's machine checking her email. She just put several items up on eBay, so that machine's responses are also on the list. But, there are also several numbers that are listed as part of an ISP's dial-up pool. Those are likely hackers or zombies running on infected/hacked machines.

[Born Conservative]

Thanks. I have a Belkin 54g router; I'll have to check it out.

[ThePythonicCow]

What financial software are you using? I am a Linux developer with 25 years Unix kernel and tool programming experience. I do most of my work on Linux, and support my relatives on various Linux, FreeBSD and Mac OS X systems.

But even though I loathe Microsoft, I still run Windows - for games and for financials. The financial programs I require include (1) Quicken, (2) Taxcut, and (3) my banks web site, which seems to require Internet Explorer (flat out doesn't work otherwise ;). These programs need Windows (or Mac OS X, perhaps, but less well supported).

So switching Operating Systems is fine, but does it run the applications you need?

With a good firewall/router box between your PC and the web, with careful habits, and with appropriate virus, security and firewall software on your PC, I believe that most people can run Windows safely. If you are running billions of dollars, then you would be a big enough target of hackers that you'd need professional assistance to stay safe.

For the firewall box, I am currently recommending the D-Link DI-604 Express EtherNetwork 4-Port Broadband Router , though other models from Netgear and Linksys, amongst others, are fine too. The DI-604 is available from Newegg.com for $39.

[Bloody Sam Roberts]

Go Here and try Lycoris. Windows look and feel on a Linux OS. And it's only $29.95.

[dennisw]

What financial software are you using?

Not really software at all. I want to protect my personal financial information and log-on information at financial websites. Banks, bill paying, credit cards, mutual funds. Millions of dollars are not at risk. Just my own savings and investments. Definitely for Quicken and the other programs you mention, windows is needed.

[ThePythonicCow]

What financial software ... financial websites

So the key financial software you are using is a web browser. Ok.

I have found that some websites, especially financial ones in my experience, need Internet Explorer, to either look decent, or occassionally, to work at all. I've got one banking site that I simply cannot login into (type login, type password, click on [Login], nothing happens) except if I am using Internet Explorer. That bank is using Microsoft web server software.

And while Internet Explorer is available on both Mac and Windows, Microsoft has said that they are no longer supporting further development of it on Mac.

So while I'd encourage your using other platforms, such as Mac OS X, Linux, or FreeBSD, I'd recommend you keep the ability to boot and run Windows, in case you need Internet Explorer for one of your providers.

[ShadowAce]

Patches always slow systems down because the internal variables have to have their buffers increased to sufficent levels to avoid overflow attacks, which eats up more of the available RAM.

Statements like this are why no one listens to you when it comes to technical issues. If this is how you would correct an overflow problem, I'm glad I don't work in your organization.

[Golden Eagle]

So you're saying you can prevent buffer overflows by using less memory and less code? Sure you can.

[ShadowAce]

Have you ever heard the concept of bounds checking?