Bite Back Against Banking Bandits With Puppy Linux

Woof, Woof! That’s the sound of Puppy Linux as it starts. A good sound as it turns out; it reminds me as to why I’ve just booted my computer from this amazing little Linux distro – safety, security, and a substantially increased chance that I’ll hang onto the paltry funds in my bank accounts.

Puppy Linux is not a one trick pony – although, I tend to use it for one thing only (at the moment) – Online Banking. More on this in a moment*.

This is a very well trained Puppy:

Easy – Just use a CD or USB flash to boot a PC. Puppy Linux is downloadable as ISO, an image that can be burned to CD or DVD.

Fast – Because Puppy is small, it can live in your PC’s memory and be ready to quickly execute your commands, whereas in other systems, programs are first read from drive storage before being executed.

Save Money – Even if your PC has no hard disk (ex, broken hard disk), you can still boot Puppy via CD or USB and continue working. Old PCs that no longer work with new systems will still work good-as-new with Puppy.

Do More – Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash (Then forget about your operating system!). Your data can be read by other computers.

Do Magic – Help your friends suffering from computer malware by booting Puppy and removing malware from their PC (use antivirus that is built-in or can be installed in Puppy). Example – bad Autorun.inf is easily removed by Puppy (Just delete it as well as its companion exe program). If your friend thinks that she has lost data from her corrupted hard disk, boot Puppy and try saving her data!

Carry Anywhere (Portable) – Because Puppy is able to live in CD/DVD or USB flash, as well as save data to these same devices, you can carry your programs and data with you.

The Puppy Desktop – Not flashy; not eye candy – but functional and efficient.

In the following illustration, I’ve clicked on the Browser icon (SeaMonkey is the native Browser), to open this site. I considered showing my online banking connection – in a moment of madness.  

*Not to be argumentative – wait, I will be argumentative. The Internet, and its related technologies (connected devices, and so on), has become a massive playground for outrageous hype and sheer BS. It’s like listening to a used car salesman. Nowhere, is this more evident than in the orbit of security technology.

Outrageous claims of “total protection” based on stale data; ranking security suites as if # 1 was truly more effective than # 2……

As if the premise is – system security is a static environment in which knowledgeable users operate in their own best interests.

As if cybercriminals are sitting still, and not releasing highly sophisticated attacks on a daily basis.

As if application vulnerabilities are not discovered virtually on a daily basis.

So, am I being argumentative just for the sake of it? Not bloody likely.

Qualys Inc. releases a Consensus Security Vulnerability Alert @RISK Newsletter on a weekly basis (to which I subscribe), that sets out the most recent vulnerabilities for which exploits are available in the cybercrime marketplace.

Here’s a small sampling of the latest –

Title: Trojan uses new C&C obfuscation technique
Description: The Polish CERT has observed a new Trojan spreading in the
wild via a number of different social media techniques. While not
particularly novel in that regard, this particular piece of malware is
interesting in the way that it contacts its command and control servers.
Instead of using the address provided in a DNS query response, the
malware takes that value and transforms it into a different IP address,
which is then used to contact the C&C. This technique, if it becomes
widespread, has interesting implications for malware detection at the
network level.

Title: Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow
Vendor: Symantec
Description: The host-services component in Symantec pcAnywhere 12.5.x
through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka
12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and
authentication data, which allows remote attackers to execute arbitrary
code via a crafted session on TCP port 5631.

Title: Banking trojan spreading via phishing attacks
Description: The Sourcefire VRT has discovered a new Trojan being
dropped on users via a large-scale UPS-themed phishing attack. The
Trojan, which attempts to steal credentials for several major financial
institutions, also drops other malicious binaries on the infected
system. Its C&C communications are of particular interest, as its
authors chose to use the hexadecimal string “0xDEADBEEF” – which is
commonly used by attackers and researchers alike as a way to follow user
input through system memory – as a protocol marker of sorts.

Note: input through system memory.

It’s this last type of vulnerability (though not exclusively), which drives my need to logon to my banking site via a self-booting Linux Live CD – in this case – Puppy Linux. Since Puppy is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain (occasionally) to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention.

Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention. It should be yours as well.

Minimum Hardware Requirements for Puppy Linux 4.2.1:

500MHZ processor
128MB RAM
512MB free hard drive space to create an optional save file
No hard drive required to boot a Live Disc.
CD-ROM any speed

Download at: Puppy Linux

More information is available on the publisher’s site.