Turn An Old Computer Into A Dedicated, Secure, Banking Terminal

Here’s an idea for a spare computer you have lying around: make it into a secure banking device.

Hackers are creating more and more insidious programs to steal your financial data. You can cut down the risk by separating your online activities onto two devices.

Basically, your old computer operates as a safe terminal where you conduct all of your online-banking. You don’t check email, you don’t surf for porn. All you do is pay your bills, fund your accounts, trade stocks, manage your portfolio, etc.

Ideally you should wipe the hard drive of the old computer and do fresh OS install. Make sure the firewall is up and running before connecting the ethernet. Get a good program like ZoneAlarm to prevent intrusions. Get yourself hooked up with these free/cheap programs to protect your PC from viruses.

Savvy criminals are building phishing, trojans and keyloggers into sites, especially those of the porno and “free Photoshop download” variety. They can remotely hijack your computer or watch your every move.

Separating online business from pleasure can be an effective way to mitigate identity theft risk. — BEN POPKEN

(Photo: Maulleigh)

Comments

Edit Your Comment

  1. mxmora says:

    Or get a Mac.

  2. gameraboy says:

    Or install linux

  3. bambino says:

    I’m choking on the smug.

  4. squidhat says:

    OpenBSD

  5. ironchef says:

    @mxmora:
    Amen. Get a mac.
    you gotta be pretty computer savvy to do that Linux thing.

  6. nweaver says:

    Download Knoppix, burn onto CD.

    For your banking, simply reset the system, put in the Knoppix CD, do your banking. When done, remove CD and hit the reset button.

  7. Sam Glover says:

    You don’t gotta be computer savvy at all to install Ubuntu Linux, which is safer than PC or Mac and just as easy to use. And since we’re talking about using an old computer here, “get a Mac” doesn’t seem very helpful.

    Ubuntu is free, runs fine on any old computer, and is easy as pie to install. (Easier and faster, dare I say, than either Windows or OSX.) GnuCash is pretty nice accounting software, and you can do the rest using Firefox, just like on your PC.

  8. r81984 says:

    Mac’s are terrible, and if you use those free programs and zone alarm on your main PC it will be as secure as your “banking” computer with the same setup. This concept is pointless, just use that spare computer for someone else in your family, use it as a server, and MCE box or donate it to charity.

  9. ADM says:

    or use a virtual pc (i.e., run one operating system in a window of your current operating system), which is free. you can even reset it at the end of every session, so that even if it got infected, next time it boots, the infection will be gone.

    more and more, i think non-powerusers should do most of their computing in a virtual pc environment so that when things go seriously wrong, they can just revert to an older version of their virtual pc, and be on their merry way.

  10. getjustin says:

    @r81984: Agreed. If you’re putting in the time to do all those things, do them to your daily beater and save yourself the desk space occupied by another (probably CRT) monitor and floor space taken over by a (probably quite huge and beige) box.

  11. brianary says:

    Or just boot off of an Ubuntu LiveCD/DVD/flash device.

    And no, you don’t have to be at all savvy to click the Firefox icon and use it in Linux.

  12. drchadwick says:

    I don’t know if Windows user accounts are as well separated as Mac ones, but even if a user account on a Mac were to be infected with a virus somehow, it would not be able to escape into the rest of the machine. So create a password-protected account for one purpose (banking, porn, etc) instead of having a whole extra computer sitting around.

  13. G says:

    Sounds like you just posted the perfect fix for a non-existent problem.

  14. kedeyo says:

    I’ve used knoppix for a while. the OS is so small that it fits onto a CD. you boot it up to any PC and get to work. It resets everytime, so it travels with you everywhere – safely. and it’s free to download all over the internet.

  15. FLConsumer says:

    KisokCD (linux self-running CD) http://www.kioskcd.com This is what I run on all of my publicly-accessible terminals and so far I’ve yet to have a problem with it. ADM has the best solution, one of the virtual machines out there. VMWare.com gives their player away and you can find plenty of free virtual web browsing systems for download there.

    As far as “Use a Mac”, the last time I checked, we’ve seen more MacOS vulnerabilities over the past 18 months than Winblows

  16. Buran says:

    @r81984: Terrible? Really? Why?

  17. JohnMc says:

    FLConsumer offers one way, I’ll offer another. Get Puppy Linux. http://www.puppylinux.org. This is a live Linux CD. Have a friend burn the download to a CD for you.

    Puppy is dirt simple. Everything you would generally use is there on the desktop — email, browser, chat, etc. Use a USB key to store any files if you have to. But if you are just going to use the browser for online banking, once you turn the computer off malicious code is lost.

    Highly recommended.

  18. Bill Clark says:

    …or just stop being a knob and getting your PC infected with viruses? Honestly, what the heck is wrong with people? I’ve NEVER had a virus on my home PC, and I don’t run any sort of antivirus software. Is it really that hard to exercize common sense and not get your computer infected?

  19. velocipenguin says:

    @Bill Clark:

    Don’t be so sure your PC is clean. A lot of malware (mostly spyware, which tends to be more harmful than many viruses in the long run) can lurk silently on a PC with no noticeable symptoms.

  20. Lee says:

    @Bill Clark:

    Couldn’t agree with more…

  21. noneother says:

    @bambino: awesome. i hope the sp reference becomes a meme.

  22. mxmora says:

    @FLConsumer:

    “As far as “Use a Mac”, the last time I checked, we’ve seen more MacOS vulnerabilities over the past 18 months than Winblows”

    Keep telling yourself that if it helps you sleep at night. :-)

  23. mac-phisto says:

    hmm…maybe the answer is to salvage an older computer for porn & free photoshop downloads & save your main computer for actual computing.

    i run hijackthis! whenever i’m bored & take care of any baddies i see. it takes a little knowhow & you will be playing with your registry, but there’s a lot of boards out there with knowledge-base & geeks willing to help if you want to learn.

    it is terribly easy to get malware anymore. wish i was a coder; i’d keystroke a trojan & email it back to them.

  24. noneother says:

    @mxmora: vulnerabilities and exploits aren’t the same as worms and virii. if someone wants to get into any computer there’s a way to do it, but osx is safer for combining “online business [and] pleasure” than windows, for sure. you don’t have to agree, btw.

  25. zeiche says:

    Some malware have the ability to find and infect other machines on the network so this tip only leads to a false sense of security.

  26. jgodsey says:

    this is a great idea…..if i had room for still ANOTHER PC.

  27. ValkRaider says:

    Or deal only in cash and don’t use banks. Better yet you could just live in the wilderness and don’t deal at all.

    Perfectly safe.

    But I have to say I love my “terrible” Macs. No OS hassles since 2001 – fun and fancy free – after I left my Microsoft OS purgatory I had been in for 15 years prior.**

    **(Except for a short sting with OS/2 Warp and BeOS which kicked ass but had zero application support. I remember that my DOS network games ran faster under OS/2 Warp than DOS itself as OS/2 had better memory management and a better TCP/IP stack. BeOS was AWESOME – for the three apps that ran on it.)

  28. anmlStyl says:

    I’d like to add that for killing phishing schemes, that the use of the Opera browser for the dedicated banking terminal is a splendid idea. Sure, some tweaking may be needed for certain banking sites, as it may not be recognized as IE or Firefox… but Opera does have the ability to have sites recognize it as an IE/Firefox browser.

    Also, going to OpenDNS (opendns.com) and installing their DNS ip addresses for use on your PC/Mac/Network can help stem the fight on phish. Don’t know what a DNS or how this works? Neither did I, until I followed the step-by-step instructions. Easy peasy beautiful cover girl bliss on getting it to work on protecting your computing lifestyle.

  29. CumaeanSibyl says:

    @getjustin: Who needs a second monitor when you can get a KVM switch?

    @Bill Clark: If you don’t have antivirus software, how do you know you don’t have any viruses? They don’t all cause system failure.

  30. FLConsumer says:

    @mxmora: I run linux for most of my systems, Win32 running on proprietary systems. I’m no fan of Windows, but it can work well if you gut it like a fish… Of course, it should be this way out of the box, but that’s MS’ problem and is what will ultimately lead to their demise. I used and owned Macs in the past, but they just don’t allow the customization nor do they have the applications I need.


    @JohnMc: I love Puppy… I use it all the time, but not for public terminals, as they can change settings and save them back to the CD. It’s been an invaluable recovery tool when bringing back dead Windows systems.

  31. nachobel says:

    This comment e-peen fest has been interesting to watch.

    Thanks guys.

    @the OP, good idea, but for the people who would probably be 1) reading this 2) have an old PC lying around and 3) the know-how to secure it, this hint is probably not worth much, since they don’t have problems keeping their ish straight.

  32. Legodude522 says:

    Just use a live Linux CD on your current system or install Linux on an old PC.

    And do note, Zone Alarm sucks. It leaves permanent changes to the system and screws up ports.

  33. faust1200 says:

    If you want to dedicate a spare PC to security I would recommend http://www.smoothwall.org


    The “idea” in this article is very ill-conceived.

  34. sethwoodworth says:

    Yeah, don’t screw with any installed software. If you were really paranoid you would run on a ram disk so your data would be GONE as soon as it lost power. And if you were even smarter, you would be running encrypted, so even if you were hijacked mid stream you would be mostly safe.
    Not to be a linux geek here, but as far as I know there isn’t a way to do this readily with Any microsoft product, and there *may* be a way to kludge some linux tools into the ‘nix backend of a mac live disk.

    As this stands this is a pretty silly writeup. Shame consumerist, shame.

  35. oldhat says:

    The general idea is very sound: don’t mix business with pleasure!

    In IT terms, there’s the Production machine and the Lab machine. Play in the Lab, no funny business in Production.

    So yes, very wise to separate banking from teddy bear screensaver and gambling sites.

    (and virtual machines like VMware won’t stop the obvious keylogger, so no panacea)

  36. palaste says:

    I think people who say that Linux is for extremely computer savvy nerds only think it’s still the 1990s and installing Linux requires compiling your own kernel first.
    Nowadays, we have Linux distributions (such as Ubuntu), that can be bought on a nice CD in a nice box. You can boot from the CD, install Linux, and go surf on the web almost without having to touch the keyboard.
    There are many Internet kiosks whose computers run some distribution of Linux. People use them without problems, perhaps not even realising it’s Linux and not Windows. If Linux was for computer geeks only, wouldn’t those kiosks get lots of complaints about it?

  37. hometoast says:

    30+ comments and less than 25% of them pertain to the article directly. Take the flamewars elsewhere. I’m so sick of “Linux!” “Mac!” “Windows is good enough!” “Yer Mom!” Enough.

  38. geekboyuk says:

    This is useful advice. Setting up an OS in a highly secure manner makes a lot of sense.

    As ADM said using a virtual PC is a great way of doing this (for similar reasons to using a bootable OS), such as not needing another computer. Additionally you don’t need to leave your main OS, just switch to the other window, also moving the environment to another PC is just a matter of file copying.

  39. Using a Linux Live CD would be ideal. You could use your existing terminal, you wouldn’t even have to know how to install -anything- or waste the space using an old computer for the task.

    @Bill Clark: Your statement is inherently illogical. You say that you have never had a virus but you have never run a virus scanner. This is like saying “I’ve never had anything weird show up on an MRI, and I’ve never stepped foot in a hospital!”

    As an experiment last year I had an older machine laying around that could still run the most current version of Windows XP. I installed a fresh copy of XP, put the computer on the DMZ of my firewall (leaving it wide open) and left it for 24 hours. 1 single day. Within 1 day running no firewall, having no one even use the terminal, and simply sitting there exposed to the internet with no protection… it was infected with 2,700 forms of viruses. 2,700… in 24 hours.

  40. pipetman says:

    The Linux live-CD idea is very neat and I have pondered doing that before. But the major caveat is, that all my PCs are wirelessly networked (very likely, I’m not the only one with such a setup) and none of the current Linux distributions (at least those, that I’m aware of) offer hassle-free WIFI support out of the box (at least with WPA support).

  41. Flamsmark says:

    @ FLConsumer: Save the settings back to the CD? Are you serious? No, they can’t. *Maybe* they can add a new session to the cd, or replace it if it’s an RW with some writes left, but they can’t just ‘save settings’ like a hard drive or a flash drive.

  42. Miguel Valdespino says:

    Most of the comments involving bootable CD’s and virtual machines don’t work if you want to actually store some of your financial information.

  43. potskie says:

    I would go with the linux solution oh wait i already run linux LOL . but @ Miguel most larger bootable distros allow you to save files and even configuration info for the bootable distro your running to a fat file system ie. USB key or hdd partition

  44. Brian Gee says:

    @ironchef: You don’t need savvy with Ubuntu, or any of the other mainstream distros.