Bite Back Against Banking Bandits With Puppy Linux


Woof, Woof! That’s the sound of Puppy Linux as it starts. A good sound as it turns out; it reminds me as to why I’ve just booted my computer from this amazing little Linux distro – safety, security, and a substantially increased chance that I’ll hang onto the paltry funds in my bank accounts.

Puppy Linux is not a one trick pony – although, I tend to use it for one thing only (at the moment) – Online Banking. More on this in a moment*.

This is a very well trained Puppy:

Easy – Just use a CD or USB flash to boot a PC. Puppy Linux is downloadable as ISO, an image that can be burned to CD or DVD.

Fast – Because Puppy is small, it can live in your PC’s memory and be ready to quickly execute your commands, whereas in other systems, programs are first read from drive storage before being executed.

Save Money – Even if your PC has no hard disk (ex, broken hard disk), you can still boot Puppy via CD or USB and continue working. Old PCs that no longer work with new systems will still work good-as-new with Puppy.

Do More – Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash (Then forget about your operating system!). Your data can be read by other computers.

Do Magic – Help your friends suffering from computer malware by booting Puppy and removing malware from their PC (use antivirus that is built-in or can be installed in Puppy). Example – bad Autorun.inf is easily removed by Puppy (Just delete it as well as its companion exe program). If your friend thinks that she has lost data from her corrupted hard disk, boot Puppy and try saving her data!

Carry Anywhere (Portable) – Because Puppy is able to live in CD/DVD or USB flash, as well as save data to these same devices, you can carry your programs and data with you.

The Puppy Desktop – Not flashy; not eye candy – but functional and efficient.


In the following illustration, I’ve clicked on the Browser icon (SeaMonkey is the native Browser), to open this site. I considered showing my online banking connection – in a moment of madness.   Smile


*Not to be argumentative – wait, I will be argumentative. The Internet, and its related technologies (connected devices, and so on), has become a massive playground for outrageous hype and sheer BS. It’s like listening to a used car salesman. Nowhere, is this more evident than in the orbit of security technology.

Outrageous claims of “total protection” based on stale data; ranking security suites as if # 1 was truly more effective than # 2……

As if the premise is – system security is a static environment in which knowledgeable users operate in their own best interests.

As if cybercriminals are sitting still, and not releasing highly sophisticated attacks on a daily basis.

As if application vulnerabilities are not discovered virtually on a daily basis.

So, am I being argumentative just for the sake of it? Not bloody likely.

Qualys Inc. releases a Consensus Security Vulnerability Alert @RISK Newsletter on a weekly basis (to which I subscribe), that sets out the most recent vulnerabilities for which exploits are available in the cybercrime marketplace.

Here’s a small sampling of the latest –

Title: Trojan uses new C&C obfuscation technique
Description: The Polish CERT has observed a new Trojan spreading in the
wild via a number of different social media techniques. While not
particularly novel in that regard, this particular piece of malware is
interesting in the way that it contacts its command and control servers.
Instead of using the address provided in a DNS query response, the
malware takes that value and transforms it into a different IP address,
which is then used to contact the C&C. This technique, if it becomes
widespread, has interesting implications for malware detection at the
network level.

Title: Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow
Vendor: Symantec
Description: The host-services component in Symantec pcAnywhere 12.5.x
through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka
12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and
authentication data, which allows remote attackers to execute arbitrary
code via a crafted session on TCP port 5631.

Title: Banking trojan spreading via phishing attacks
Description: The Sourcefire VRT has discovered a new Trojan being
dropped on users via a large-scale UPS-themed phishing attack. The
Trojan, which attempts to steal credentials for several major financial
, also drops other malicious binaries on the infected
system. Its C&C communications are of particular interest, as its
authors chose to use the hexadecimal string “0xDEADBEEF” – which is
commonly used by attackers and researchers alike as a way to follow user
input through system memory – as a protocol marker of sorts.

Note: input through system memory.

It’s this last type of vulnerability (though not exclusively), which drives my need to logon to my banking site via a self-booting Linux Live CD – in this case – Puppy Linux. Since Puppy is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain (occasionally) to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention.

Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention. It should be yours as well.

Minimum Hardware Requirements for Puppy Linux 4.2.1:

500MHZ processor
512MB free hard drive space to create an optional save file
No hard drive required to boot a Live Disc.
CD-ROM any speed

Download at: Puppy Linux

More information is available on the publisher’s site.


Filed under Don't Get Hacked, downloads, Freeware, Linux, Live CDs, Online Banking, Open Source

20 responses to “Bite Back Against Banking Bandits With Puppy Linux

  1. Neeraj Rawat

    I use Fedora for the same but Puppy is my all time favorite distro to check hardware issues in any computer, soon will post how to boot Pupppy with a USB.

  2. David f

    It’s a great Linux distro, Bill. I’ve resurrected an old dell netbook who’s ssd has died, using Racy puppy on a usb stick. And to think my neighbour was going to throw it in the bin!.

  3. Pingback: Bite Back Against Banking Bandits With Puppy Linux | Bill Mullins … | Top Internet Security

  4. Bill,
    Great article! I’m going to download Puppy now. Keep up the good work.

  5. Mal

    Hey Bill,
    Just downloading this now to try it out. I’ve been reluctant until now to use online banking via Linux, as my knowledge of how Linux works is very limited, so I have stuck to what I know and still use Windows for banking. I am well aware of the risks involved but I am very careful and haven’t had any issue in the few years I’ve been doing this.
    Still, I have noticed that quite a few times that you have mentioned that you personally use Linux for banking, so I am going to bite the bullet and have a go at it. If you say it’s more secure than Windows, I believe you.

    • Hey Mal,

      When it comes to Linux, most people are at least a little hesitant. But, today’s Linux ain’t Granny’s Linux.

      If you can click a mouse – then, you’re good to go. It’s that easy. Glad to hear you’ll give it a go.



  6. Marcus

    Great post Bill. My elderly mother recently had her email hacked. I immediately invested in Equifax identity fraud protection for her. I also bank entirely in Linux, (for her as well). I use Arch actually, which is similarly pared down. But the idea of using an OS on a read only USB/CD seems to be another elevated level of security I should consider.

    • Hey Marcus,

      With the huge number of Linux distro available, I haven’t, as of yet, tried Arch. Since you (as an experienced user), recommend it, I’ll put that on my to-do list.

      Sorry to hear that your mother caught caught by a scumbag. But, with you to rely on, she’s in very capable hands.

      Good to hear from you.



  7. enneman

    Loved the article. I’v been using live-CD’s for banking purposes for some time now. And I managed to convince a couple of colleagues too after one of them got burned by a trojan.

    For a minimalist Linux distro you could try TinyCore.
    I installed just firefox and a couple of plugins.
    At the moment I’m trying to remaster the iso with a special firewall script I cooked up (
    This script only allows traffic to the banking website(s)
    Still a work in progress though.. :-\

    • Hey Enneman,

      Love your idea. Blocking in/out other than selected (financial) sites, should be a default.

      Thanks for the link – I’ll track your progress with interest.


      • Enneman

        Thanks for the kind comments. 🙂

        Rereading the previous comments however, I realized I could have
        mentioned the link to the program unetbootin
        With this program (for linux and windows) you can make a bootable usbstick from an Live Linux CD iso.
        However… an USB stick can be changed (read tampered with)
        But it is a great way to try different distro’s without installing them.

        • Hey Enneman,

          Coincidentally, I had included UNetbootin as part of “Today’s Downloads” in my Tech Net News column. It seems we think along the same lines. 🙂

          Thanks for the update.



  8. Marcus

    Hi Bill,

    Thought you might be interested to know (or maybe not) that today I am ditching Windows, 100%, in perpetuum. I’ve had it malingering on an old PC for a while, and have used the mac for the last 18 months. A few days ago I installed Centos 6.3 on my laptop, and its absolutely stonking. Using Gedit and the Terminal and its a thing almost of beauty.
    Razor sharp performance on a 2007 Toshiba. Great looking GUI.

    So, I am just saying my farewells to Imgburn, getting a few last copies, including Linux Tails, to use on a USB stick for banking/security, and then it’s Goodbye forever to Windows.

    Thank you for showing me the light.

    Imgburn is about the only Windows software i can think of that I will miss….

    • Hey Marcus,

      Always happy to hear from you.

      You’ve made a huge break from the traditional so – major Kudos to you. Going against the status quo, as in your case, takes some courage and a lot of hard work. Good man!!