Most secure browser for Internet Banking?

[Ken g6]

TOR is the last thing you want to use for security. Your connection goes through someone's computer in the clear. SSL helps, but they might be able to set up a MITM attack.

TOR's purpose is to hide your identity, which it does if you don't reveal it through your communications.

 

[A5]

Just follow good security practices to keep malware and keyloggers off of your PC. The main vulnerability points are going to be your OS and then the bank's systems.

If you want to be super paranoid, set up one of the security focused Linux distros on a separate partition and boot to that for all of your banking and nothing else.

For normal people, just follow good security practices. Install a virus/malware scanner and use it, don't follow random links, don't run programs you find on 4chan, etc.

 

[alangrift]

I'd use Waterfox due to the robust addons for security/privacy. The core browsers should be about equal.

I've never heard of this until now, might have to look into Waterfox.

I use Chrome on my Chromebook (kinda hard not to).
Chrome for browsing on my Android Phone/Tablet and my Laptop.
Firefox for Web Designing (Firebug ftw).

 

[jkroeder]

I wouldn't use Waterfox. It hasn't been updated since January

 

[Mushkins]

I wouldn't use Waterfox. It hasn't been updated since January

But FOSS/Libre/etc is always the most secure option!!!!!

/sarcasm

 

[sm625]

If you think your browser is secure for online banking just put a little note like "for sandy hook part deux" or "for the white house anthrax job" on your transaction log. But dont be surprised if the NSA shows up.

 

[lxskllr]

But FOSS/Libre/etc is always the most secure option!!!!!

/sarcasm

It tends to be the most secure option, with quicker fixes. Anyone that says "always" is lying or misinformed.

 

[stlcardinals]

One thing you can do is test how well your bank is encrypting your connection to their servers using https://www.ssllabs.com/

 

[alangrift]

I just make sure my PC is safe, and I don't have any dodgy plugins. The main browsers are generally pretty secure nowadays.

 

[sad_guy]

People advising TOR, really...?

I mean i wouldn't even log in to my Anandtech account with that thing.

 

[Shephard]

I've been doing internet banking for years and I do not use any addons, virtual machines, or seperate browsers.

I do my banking and close the browser (history and cache wipes) - simple as that

 

[Miramonti]

TOR is the last thing you want to use for security. Your connection goes through someone's computer in the clear. SSL helps, but they might be able to set up a MITM attack.

TOR's purpose is to hide your identity, which it does if you don't reveal it through your communications.

I've accidentally left my proxy settings on (tor) when accessing all my email accounts and never had my accounts hacked. This unfortunately has happened numerous times over the last 4-6 years.

That's not to say it's 'ok' to do this, but to point out that simply using secure connections over tor doesn't lead to an automatic data scrape/exploitation by someone.

Without malware on one's computer, I'm inclined to think the greatest risk of being hacked during one's banking session (while using a current version of the top 3 browsers) is thru holes/entrances exploited on the bank's side.

 

[lxskllr]

I've accidentally left my proxy settings on (tor) when accessing all my email accounts and never had my accounts hacked. This unfortunately has happened numerous times over the last 4-6 years.

That's not to say it's 'ok' to do this, but to point out that simply using secure connections over tor doesn't lead to an automatic data scrape/exploitation by someone.

Without malware on one's computer, I'm inclined to think the greatest risk of being hacked during one's banking session (while using a current version of the top 3 browsers) is thru holes/entrances exploited on the bank's side.

If you're using encryption past the exit node, nothing will come from using Tor. and I hope everyone's bank is using encryption.

 

[MustISO]

http://www.spi.dod.mil/lipose.htm

I actually have a separate hard drive that is used for nothing other than online banking and finance. I have a case that has hot swap bays so if I need to do banking or anything else securely I just pull my main drives and plug in my "banking" drive.

 

[Miramonti]

If you're using encryption past the exit node, nothing will come from using Tor. and I hope everyone's bank is using encryption.

I don't know how that works, I simply have tor installed and Internet Options (which is what my mail application defaults to) set to tor's port.

However I checked my log and got this message:

Jun 22 12:09:36.840 [Warning] Your application (using socks4 to port 80) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.

Looks like I need to do a better job sending select dns queries thru tor as well.

 

[lxskllr]

A dns leak can compromise anonymity, but isn't especially dangerous otherwise. It's a problem if the site you're trying to reach can bring you negative attention, usually from the government. It can also tie your anonymous surfing to your open surfing by correlating the two queries.

I hope you're using an encrypted connection for your mail. If not, the exit node would be able to read all the messages that go through it.

 

[Miramonti]

A dns leak can compromise anonymity, but isn't especially dangerous otherwise. It's a problem if the site you're trying to reach can bring you negative attention, usually from the government. It can also tie your anonymous surfing to your open surfing by correlating the two queries.

I hope you're using an encrypted connection for your mail. If not, the exit node would be able to read all the messages that go through it.

All my email accounts 'require secure connection.'

 

[stlcardinals]

All my email accounts 'require secure connection.'

For information transmitted between you and the server. Most email sent between servers is not encrypted.

 

[John Connor]

http://www.comodo.com/home/browsers...p://www.comodo.com/products/free-products.php

 

[Miramonti]

For information transmitted between you and the server. Most email sent between servers is not encrypted.

indeed

 

[John Connor]

Yeah, the patch rate isn't as fast as Firefox.

 

[Shephard]

Unless you live in a 3rd world country, Internet banking is very safe. Then again a 3rd world country probably doesn't have online banking.

My bank uses https, alerts, session timeouts, ip location tracking, 4 step login, etc. Also they give a guarantee if your money is stolen they will refund you 100%.

I assume most big banks in the USA have 99% of the same security measures.

If your still not comfortable with something like that I feel bad for you.

Online banking is one of the greatest things. I can easily transfer money, pay all my bills, order cheques, check deposits, etc.

 

[John Connor]

Guessing by the way you spelled checks you are in the U.K, no?

 

[nk215]

I use a virtual machine for online banking and only that. That way the chance of getting virus,worm etc onto that v.machine is extremely small.

All my other net browsing activity is done via sandboxie.

 

[deltaforce]

I presume that the OP is located in the US and using US-based banks. If so, let me tell you ALL US based banks have pathetic security. So no matter what you do, you will never know where the information will leak. Someone can sniff through your wi-fi and what not.

I say this because the way the log in systems are set up. Some banks have few security questions, some banks have cookies and I have never understood how they call it secure. When I was living in Europe, their cards have SIM like chips (10 years ago) so your ATM transactions are secure, even your store purchases are secure (Nobody can steal your card info by copying or RFID).
The bank log in have one time codes printed on a sheet and you have to use certain code only (they provide the hint) or you had a tiny gadget that will generate code for you or the gadget you need to hook up to your machine through USB and stick your card in the gadget to log in. I do not see anything in the US. When asked, they tell me you are covered if fraud takes place.

So I use Chrome.
Before I use bank, I close all browsers, I run CCLeaner, PrivaZer and restart the machine. I log into Mint, update all accounts and see if everything is fine. Again, close all browsers, run all the stuff mentioned previously and then log into the bank account.