Choice of OS for online commerce.

[Satyrist]

With 2 of my credit cards being closed (and new cards issued) due to fraud, I've taken a look at whether or not possibly my OS might be to blame for the numbers being leaked out, or not; I never actually lost the cards themselves to my knowledge.

It's perhaps a question that I oughtn't torture myself with needlessly, but with the more recent cases where rootkits are becoming more prevalent, particularly in the windows world, I've begun to take some time to consider other options.

I currently use WinXP sp2, currently patched and up-to-date. Of course, I also use Firefox.

I have looked at whether Ubuntu would work better, but it appears to be very slow/sluggish with navigating Citibank's site, even before I can log in. It appears it's an issue with Citibank not feeling that it's important to offer some support for Linux, one that's not looking like it will be solved soon.

The last consideration I've thought about is Mac OS X, which will require getting a new machine. (since it'll only really be used for general surfing otherwise, nothing horribly overkill...Likely a Mac Mini Intel Solo)

As far as OS support goes, my guess is that OS X is going to be much less likely to be vulnerable to a good number of the trojans/rootkits that are out there.

Is my thinking on this correct? Or, if I'm being alert and surfing fairly sensibly, (no visits to sites that in general are higher risk, etc.) is sticking with XP "safe enough"? I am using Kerio 2.1.5, and also do have a separate firewall box set up, with IpCop 1.4.6.

I'd love to stick with Ubuntu if I could for something like this, but navigating their site in most cases is painfully slow. It even crashed out Firefox once. 🙁

Suggestions? I'd love to hear some.

 

[zainali]

unless you downloaded a trojan or something, windows isn't the reason.

a lot of time card numbers get stolen from various "merchant" databases.

 

[drag]

Firefox will run slower on OS X then Ubuntu.. But for me Firefox is fast, so I don't know. But there are other browsers. Safari for instance is popular.

But seriously if you have had a hard time with what looks like online fraud then why bank online? I know I don't.. Most bank websites are pretty bad and big banks are no exception. Maybe think about doing something to simply make your possible information leaks as small as possible. Security is a layered approach.. more of a proccess of behavoir and making good choices rather then a single product.

If that's not possible for you.. Maybe take a look at OpenBSD?
It has the absolutely best security track record of any general purpose operating system in existance. Bar none.
It beats all Linux systems, it beats Mac OS X easily. It beats Windows XP, windows 2000, windows 2003 and I bet that hackers have already discovered more holes in Vista beta products then the entire life of OpenBSD.

It's fairly primative in it's installation and execution. Performance isn't great. Requires good technical Unix knowledge to use, but it's secure by far.

Another approach to take is:
http://www.vmware.com/vmtn/appliances/directory/browserapp.html

It's a 'browser appliance'. What it is is a stripped down Ubuntu install designed to run on a Vmware player virtual machine environment. It's completely self contained operating system designed to act as just a browser to the host operating system.

When your finished using it you can just 'stop' it and resume later were you left off. Also you can 'reset' it to a pristine condition. Browse all day long, reset the browser appliance and the slate is wiped completely clean. Like it never happenned. Works on Windows and in Linux systems.

Or maybe a live cdrom?

Ever try Knoppix? Boot that up, do your e-commerce and reboot back to your normal OS. Everything is read-only and any traces of what you were doing would be wiped away on the reboot.

Of course this doesn't help against online scams or places you shop having their servers compromised and reveiling personal information about you. This is a very likely way for people to attack you.

Also do you have family that use the card? Maybe the 'electric company' called up and wanted to 'comfirm' a billing statement or some such BS?
I remember my poor grandma, with my grandpa's death in the obituraries those a-holes were all over her. One guy called her to 'confirm' a trip on a cruise ship that they 'recently put a 400 deposit on'. "Oh, He died?" (omg we feel so sorry for you) "do you have a checking or savings account or something were we call return these funds?" These guys are monsters. I could of killed them if I had a chance. bastards. (there were at least 3 or 4 different people trying different things)

So don't think for a second that changing operating systems are going to solve anything realy.,

What OS X or Linux offers over Windows is that it just makes the attack vector smaller. The OS is more safer, but there are a hundred other ways people can get to your money.


Have you looked into temporary online credit card numbers? There are a number of services from different companies like paypal or Visa or Mastercard were you can get 'virtual cards' were you get temporary numbers and such for online transactions. You pay money into the card, or line up a existing credit card to automaticly deposit on your virtual card and they are online use only.

 

[nweaver]

I know a person who used to steal CC numbers. Just a quick glance at the store, and they would have the number...(handing to clerk) and one more (handing back) to have your name and exp. date.

 

[Satyrist]

Originally posted by: nweaver
I know a person who used to steal CC numbers. Just a quick glance at the store, and they would have the number...(handing to clerk) and one more (handing back) to have your name and exp. date.

But not necessarily the 3 digit security code on the back...Problem is that not everyplace requests that code yet. As I meant, nothing is conclusive as to how my number got out, I'm researching options.

And looking to be smarter from it.

Thanks everybody

 

[n0cmonkey]

Originally posted by: Satyrist

Originally posted by: nweaver
I know a person who used to steal CC numbers. Just a quick glance at the store, and they would have the number...(handing to clerk) and one more (handing back) to have your name and exp. date.

But not necessarily the 3 digit security code on the back...Problem is that not everyplace requests that code yet. As I meant, nothing is conclusive as to how my number got out, I'm researching options.

And looking to be smarter from it.

Thanks everybody

They should be checking the signature on the back of the card... 😉

 

[oynaz]

You should not have to swich OS because for security reasons, if all you do is online banking, especially if you already has taking your precautions by using firewalls, etc. IMO, it is solely the banks' responsibility to keep their sofwtware safe.

 

[Nothinman]

With 2 of my credit cards being closed (and new cards issued) due to fraud, I've taken a look at whether or not possibly my OS might be to blame for the numbers being leaked out, or not; I never actually lost the cards themselves to my knowledge.

Unless you have reason to believe that you leaked the info via a trojan then it's more than likely one of the merchant's fault.

As far as OS support goes, my guess is that OS X is going to be much less likely to be vulnerable to a good number of the trojans/rootkits that are out there.

Maybe now, but not necessarily in the future and if the problem is a site that you bought something through and not you then you just spent a good chunk of money for nothing.

 

[redison]

I have been using macs and OS X for 4 years and never had a problem with online fraud ( Yet ... touch wood) while banking or shopping. With Safari it is easy to see if a site is secure and you can easily view their security cert.

I now swear by Macs, and OS X 10.4, I gave up Windows XP completely 2 years ago and have never looked back !!

Remember You get a lot of useful software ( iLife, iCal, DVD, Player etc) with a new Mac and everthing "just works".