Virtual Banking?

NightShade03 · November 2009

What do you guys/gals think about banking on a virtual platform? IE. Suppose that to do all banking I always fired up my Ubuntu distro in Virtualbox, did my banking, and then shutdown the virtual machine. Do you think that it makes the user experience more secure? Obviously there is a long wait time for the virtual machine to boot, and all that, but do the security benefits (if any) out weight this?

Note: Linux isn't super secure...its just less targeted

wd40 · November 2009

If someone is monitoring your windows, will he/she be able to see/record what you are doing in the virtual machine?

tiersten · November 2009

It would be a little better than running everything on the host OS but it isn't infallible for the reasons wd40 said.

To make it secure (assuming the VM package is correctly written and you can't break out) you'd have to have at least two VMs. One for banking and one for everything else you do online. You never use the host OS directly.

msteinhilber · November 2009

I suppose it would be slightly more secure, but I wouldn't go through all the hassle. Honestly, I'm far less concerned about how safe I personally am with any transactions that I conduct with any financial institution online. Same with any transactions I conduct by making purchases online. Instead, I'm far more concerned about how the other end of the transaction is protecting my credentials and/or money.

eMeS · November 2009

It sounds to me to be a solution in search of a problem.

I'm no security guy, but it seems to me that the weakest link(s) in any system will be wherever there are people involved. When dealing with any financial institution online or offline, there are so many places where people are involved that doing all banking transactions from a virtualized OS seems irrelevant when considered in terms of the big picture.

Now, if you said something along the line of "is there a security benefit to doing all of my downloading and running of .com and .exe files from a virtualized session?", I'd probably agree....

MS

dynamik · November 2009

Yea, if you don't want to do your banking online in your host OS because it might be compromised, well, how secure is a VM running in that?

NightShade03 · November 2009

Thanks for the feedback all. There are alot of valid points here and I guess looking at it quickly it may seem like a good idea for those that aren't very computer savey but like most of you pointed out....it wouldn't help those that A) don't know anything about using a PC in the first place or

on a machine that is already compromised and listening on the host machine.

I guess there really is no "secure" way for non-technical people to really bank, aside from user education.

Kaminsky · November 2009

Anyone hacked my bank account I would hope they would take one look at the balance, feel sorry for me and donate something.

ajmatson · November 2009

Kaminsky wrote: »

Anyone hacked my bank account I would hope they would take one look at the balance, feel sorry for me and donate something.

+1 however, there are some good points on how secure are we really?

Virtual Banking?

Comments