Internet Banking

[Spearmint]

Did any of you watch A Current Affair, regarding how lack the security is with regards to internet banking, and how easy hackers can get access to your accounts?

What are the best methods currently available to help minimise your accounts getting compromised, besides not doing internet banking?

[tonymy01]

Good (and simple to use for mums/dads) firewalls and anti-spyware software (and anti-virus).

That is it.

Hackers don't just hack into your accounts, they require to hack into your machine and "watch" you punch your keys to get into the accounts.

I can only see "sensationalised" stories like that one last night basically causing the banks not to make security tighter, but to drop the whole net banking altogether. Or that other option of requiring ten passwords and a severed right finger to get in or something ;-)

[Timmy Downawell]

I read recently the banks will trial systems such as sending you a special key by SMS when you log on.

e.g. you put in your username and password, they send you the key, which you enter before you have access to banking. Each key is randomly generated and would only have a lifespan of maybe five minutes.

Sounds like a good idea, provided you have a mobile.

[tonymy01]

Sounds like a crap idea to me. Too many places you would want to internet bank from that would have none/poor GSM coverage (or no internetwork SMS if you were checking your bank details from overseas for example, which is often where internet banking is most useful!).

Regards

[Timmy Downawell]

hmm. Good point.

[laurie]

Try using Zone Alarm its free and has a firewall thrown in

cheers laurie

[Santa1503559644]

The ABA report also suggests those portable number generators (fit on keyrings).

This is a better idea, but the bank of course will charge you for the pleasure of using it.

Best course is to surf safely!

(BTW: Didnt watch report of course. I suppose it pointed out the number of morons who fall for the "this is you bank. we need you passwort" emails...

(And yep, zonealarm is good - if a bit worse in some respects in later versions)

[rochford]

I read recently the banks will trial systems such as sending you a special key by SMS when you log on.

<{POST_SNAPBACK}>

This approach is similar to the (more secure) version used by Westpac for business banking. They provide you with a hardware key that generates unique tokens (every 30 seconds?) that need to be used in conjunction with your username and password to access your account. I'd like to see an option that requires the token again when you try to transfer money or pay bills (maybe above a particular value?). From memory, you don't have to pay for the first one they give you.

Using mobile phones is an interesting way of avoiding the (high) cost of providing proprietary hardware keys to everyone who uses Internet banking. It does have some drawbacks, as others have noted. Westpac limits your daily transaction total if you do not use the hardware key, so it would still be possible to use Internet banking if you were 'out of range' or left it at home (!).

At the end of the day, you need to take into account your own situation, especially your level of risk (both what you do and how much you are willing to accept), and work out whether Internet banking is worth the risk.

Of course, you can minimise the risk through the techniques others have outlined - use an up to date operating system and browser, run anti-virus and anti-spyware software, and ensure your network has a firewall (hardware if possible).

- Miles.

[tonymy01]

I run the paid version of ZA, and while it is a pretty good firewall, is it really good enough for Mums/Dads?

I mean, so many applications require some kind of ether/internet access (even if it is to the 127.0.0.1 loopback style port) that pop-up ZA warnings, that most people would just click either the "don't do any more pop-ups" or "always let this thru" options, and given the obscure names that worms give to their server payload "servicess.exe", "iexplorer.exe" or names that look like real windows names, this really won't help.

I think a virus scanner that gets *daily* updates of sigs (although even these can be slow to pick up viralent worms in zips/etc that sometimes impact "dodgy" sourced stuff like Kazaa shares etc).

Also obviously ensuring the OS is completely up to date so those old damn worms that you still see hitting the firewall logs are useless (the ones that crash IIS and run any code on the PC are the big ones I am thinking of at the moment that I still see running on the occassional Telstra bigpuddle network user's computers).

[Timmy Downawell]

Despite firewalls and antivirus software it's very easy to pick up a trojan -even just by clicking on a website. I've had this happen and it slipped by both Norton Antivirus and Kerio Personal Firewall.

Not only do you need to scan regularly, you need to use programs like Spybot Search & Destroy, AdAware and Hijack This. I'd like to thank Microsoft for making the Internet such a fun place.

[laurie]

And me in saying I suspect these viruses may be caused[iMHO] by the very same people that offer you protection!! but we all don't believe in the conspiracy theory do we

cheers laurie

[jayjay]

the only other option is have a second computer that you only use for netbank, no email, no websurfing just internet banking, if thats all you used it for i dont see how anything could go wrong

[DrP]

Don't open or even have preview enabled on email unless you know what its about and who its from. Even then treat it carefully. Better yet, don't use a Microsoft program to read your email at all. There are plenty of execute on view problems with earlier versions of Microsoft mail clients and plenty of problems with the recent versions too. Don't use a Microsoft browser either for the same reasons. Don't blindly click on things that open up unexpectedly. Blindly clicking the 'No' button can be just as bad as clicking the 'Yes' button. There are free alternatives for mail reading and web browsing and they work. www.mozilla.org is a good starting point.

Run antivirus and keep it updated. Keep it updated. Keep it updated. You'd be depressed at the number of people that have antivirus and think they are A-OK, but haven't let it update for the past two years.

Run a firewall of some sort. Broadband users quite often are behind a SOHO router which in default configuration protect the PC from the port scans and prods that go on trying to use exploits against Windows. If you have dialup, at least make sure the XP firewall is enabled, even though there are far better (but more complex) ones available.

Keep your Windows patched. Keep your Windows patched. Keep all software updated. Keep all software updated. There are plenty of hacks and exploits for many and varied programs. Even mp3s and .jpgs can be the source of buffer overrun exploits.

If all that sounds too nasty and you are too scared to connect to the internet anymore, consider this.

[laurie]

Hope this not a stupid question but is there such a thing as a GOOD virus I can check my Norton Antivirus software is actually working I get worried sometimes thing its not doing anything

cheers laurie

[DrP]

http://www.eicar.org/anti_virus_test_file.htm

[laurie]

Thanks much appreciated DrP have you used it yourself and is not a hidden virus within the test virus!

cheers laurie

[DrP]

Its just a text file. Not a real virus. It appears all over the place, at one stage McAfee's update.txt even had it in it.

[Scorchie™]

Eicar is completely safe.

With respect to security, you can never be entirely secure. Why bother worrying? The only way banks will be as secure as they can be, is to either provide tokens, or pinpads (which generate new encryption strings each connect).

This costs the banks money, which they're not prepared to do without someone subsidising it.

The biggest problem in Australia (from what I see week in week out in my 9-5 job), is families (especially kids) randomly clicking on whatever appears on screen. If you get a dialog box that says "MEDIAAGENCY needs to install X Software in order for you to view the web page correctly" - stop, and think before you press Yes. More often than not, most of these boxes should be replied "No".

If people read what appeared on screen and actually thought, it is my humble opinion that half of the problems we encounter won't actually occur.

(That, and all spyware manufacturers should be jailed).

[Santa1503559644]

Eicar is completely safe.

With respect to security, you can never be entirely secure.  Why bother worrying?  The only way banks will be as secure as they can be, is to either provide tokens, or pinpads (which generate new encryption strings each connect).

This costs the banks money, which they're not prepared to do without someone subsidising it.

The biggest problem in Australia (from what I see week in week out in my 9-5 job), is families (especially kids) randomly clicking on whatever appears on screen.  If you get a dialog box that says "MEDIAAGENCY needs to install X Software in order for you to view the web page correctly" - stop, and think before you press Yes.  More often than not, most of these boxes should be replied "No".

If people read what appeared on screen and actually thought, it is my humble opinion that half of the problems we encounter won't actually occur.

(That, and all spyware manufacturers should be jailed).

<{POST_SNAPBACK}>

If people were that smart, we probably wouldn't still have a microsoft...