Linux Format forums

Fíona

On my bank's website I noticed a suggestion to install Trusteer Rapport to protect my computer from trojans. Since I (obviously) use linux and there is no version for linux I have to pass on that piece of advice.
Browsing the net I discovered that this software appears to cause more problems than it solves and I wonder if it actually protects at all.
What is the position of linux and man in the middle malware? I know that the most of the malware/virus is designed to work on windows or mac platforms but don't understand how malware works and read that information can be hijacked during the http transmission. Is a linux system susceptable to this type of attack at the http level?
Interesting to see what you think!

nelz · Posted: Tue Dec 11, 2012 11:55 am Post subject:

HTTP uses plain text, so it is susceptible to interception regardless of the OS used. But your bank should be using HTTPS, which is both encrypted and certified, preventing man in the middle attacks.

As for trojans, there are rootkits which can hide in the background and do nasty things. I run Rootkit Hunter every day to make sure nothing has got onto my system.
_________________
Unix is user-friendly. It's just very selective about who it's friends are.

Fíona · Posted: Tue Dec 11, 2012 12:03 pm Post subject:

Thanks for your answer and tip Nelz.
I use https everywhere, so hopefully that will help but I will certainly look into using the rootkit hunter as well. I have also seen another tool chkrootkit, I'll look at that too.

Ram · Posted: Tue Dec 11, 2012 12:46 pm Post subject:

That's the same software my bank would like me to install - not much chance there.
_________________

Ubuntu LXDE 12.04 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....

Nuke · Posted: Sat Dec 15, 2012 12:27 am Post subject:

pastychomper · Joined: Wed Apr 07, 2010 11:54 am Posts: 36

I'd be inclined to point out that the standard Unix user & file permissions are designed to prevent virus and spyware infection, and are of course implemented in software, so any Linux system meets HSBC's requirements - at least, as long as it isn't run as root.

If the bank didn't like that response I might consider using SELinux and/or a rootkit detector, but I doubt my current bank would care. If they support "Verified by Visa" and allow non-authenticated contactless payment, how security conscious can they be?

Fíona · Posted: Mon Dec 17, 2012 11:07 am Post subject:

I would agree that a banks view on security is sometimes surprising. I had problems with internet banking, apparently 3 atempts had been made to carry out transactions using my details. When I questioned the bank they assumed that the problem was on my computer and tried to tell me that I had windows virus's, trying to convince them that since I use linux I didn't believe that a windows virus would be the cause of the problem, was like talking to a brick wall.
If my bank were to compel me to use such software as the trusteer stuff, I would stop internet banking and go back to paper banking.