secure internet banking

Secure Internet Banking with a Live CD

15 March 2005

The Problem

The problem with the security of Internet banking is that it depends on the security of both client and server. It doesn't matter how secure the bank's computer systems are, if the customer's personal computer has become "owned" by malicious software, then their money is at risk. And unfortunately it is very difficult to maintain the security of a modern personal computer. If you are an expert in computer security, you know that you are only ever one mouse-click or one security hole away from allowing someone else to control your computer. If you aren't an expert in computer security, then the odds against you are overwhelming.

The security advice that banks give to customers on their websites is usually along the following lines:

But even if you follow this advice (and some of the "be careful" advice undermines the major benefits that the Internet promises us, i.e. access to an enormous variety of free content from anyone and everyone), you are still just one mistake away from trouble.

If you do your banking on your personal computer via the Internet, trouble can mean big trouble. When you type your password into your computer to access your bank account online, you are giving your computer and all the software running on it full access to that same bank account. And if your Internet banking lets you withdraw money out of your bank account and send it to someone, then the opportunity for criminals to quickly and easily steal money from you is just too good to be passed by.

The Solution

Incredible as it may seem, there is a simple security solution built into almost all modern personal computers, which can be used to completely prevent any malicious software that has been installed on your computer from having any effect at all on the computer's operation. The name of this security solution is the bootable CD drive.

Its effectiveness arises from a few basic principles of how computers work:

Because a hard disk is a fully writeable drive, it presents a very poor security risk. If malicious software has ever taken control of your computer, it is very likely that it has taken the opportunity to secretly install itself onto the hard drive. This way it will always be active and potentially have control of any aspect of your computer's operation, even if you turn the computer off and turn it on again.

But, you can boot off some other drive. There was a time when all software was delivered on floppy disks, and including the operating system. Being able to boot from the floppy drive was an important component of the installation process.

Nowadays floppy drives are just too small, so we do the same thing with CDs. A standard computer CD stores 700MB of data, against the 1.44 MB on a floppy. If you installed Microsoft Windows or some other operating system onto your computer yourself, you probably started the installation process by booting off an installation CD.

This may have been the only time in your life that you ever booted your computer off a CD. And if you bought your computer with the OS pre-installed, you may never have booted off a CD. But you could, if you wanted to, boot off a CD every time you switched your computer on. Bootable CDs designed for this purpose are called "live CDs" (presumably because they "come alive" when you boot from them).

There are, however, a few reasons why it is not so practical to use a CD as your regular boot disk:

These disadvantages can prevent us from always booting from a CD, but they may not be such a problem for those occasions where we need to use a computer for a task where security is more critical. For example, when we do our Internet banking.

The basis scenario or "use case" is as follows:

Taking into account the list of issues just given, the following are corresponding desirable properties of a bootable CD designed for Internet banking:

Implementing the Solution

If you go to Google, and search for "Live CD", you will find links to many options for creating bootable CDs. Unfortunately, as at the current date, none of these seem to be especially designed for the purpose of secure Internet banking. So I think there needs to be a special project to create a live CD which is suitable for the purpose of Internet banking, and which represents a serious effort to provide a universal solution to the problem of client-side security based on the safety of booting from a CD.

Assuming that more can be achieved in the short term with maximum use and leverage of existing technology, the following are the design features which I think are most important in a secure Internet banking live CD that can be used by as many banking customers as possible:


A purpose-designed Live CD does seem to be a practical solution to the Internet banking security problem, and is certainly better than the "always be careful when surfing" advice given on banking websites. But it will not be an absolute guarantee of impregnable security, and there are a number of issues that need to be considered by those recommending such a solution, and which may require changes to its design:


Update (2013): What happened, historically, is that customers did their internet banking just like they did anything else on their computers, i.e. not very securely, and banks bent over backwards to be forgiving about any unintended account withdrawals caused by security lapses. So nobody cares about all the stuff above.