Best security setup suitable for the online banking technophobic?

Sope · 14. Aug 2009, 09:45 PM

I'm interested in hearing anyone's suggestions please, regarding the best browser/password manager combo to recommend for someone who has computer skills which are limited to basic web browsing, email, online shopping and banking.
So it has to be secure, quick and easy to learn, simple to use and reliable

Oh, and let's say their only background security is a good freeware AV and windows firewall, +/- a router. You're welcome to suggest additions to this but nothing that generates pop-ups or requires knowledgeable user intervention!

MidnightCowboy · 14. Aug 2009, 10:31 PM

This is a very difficult request to comment on without seeming to be rude or unhelpful.

Browser choice in my opinion is fairly straightforward between either Opera 10 or Google Chrome. Paranoids might want to consider the SRWare Iron variant of chrome instead.

Other than that I would say that it's impossible to provide the level of security requested without pop-ups and user intervention. This by implication does require a degree of knowledge to implement. I appreciate that not everyone wants to or is capable of this but then they should not use their PC for online shopping and banking. If only people would spend the same amount of time learning how to set up their security programs as they do learning how to download videos from Youtube then the online world would be a much happier and safer place.

When you begin online transactions Windows firewall which is fine for incoming ceases to be of any use unless you have Vista, as the focus of attention becomes outbound. This requires at minimum a third party firewall and HIPS combination, all of which will generate alerts needing a correct response. A lot of people won't even realize that their PC is already infected until around a month after they start feeding credit card numbers into it. The router would help but to what degree is not possible to say without knowing the type, make and configuration details.

Another option would be to use a PC belonging to someone they trust who has transacted online for a period without problems, and ensure that the browser traces were erased afterwards.

Sope · 15. Aug 2009, 12:31 AM

Quote:

Originally Posted by MidnightCowboy

This is a very difficult request to comment on without seeming to be rude or unhelpful.

I understand, I know I'm asking a lot in the current age of cyber-crime, I'm just really looking for some suggestions to play with?

Quote:

Originally Posted by MidnightCowboy

Browser choice in my opinion is fairly straightforward between either Opera 10 or Google Chrome. Paranoids might want to consider the SRWare Iron variant of chrome instead.

To be honest I was expecting the most likely suggestion regarding browser choice to be Firefox with a few specifically chosen add-ons including a password manager. I personally use Opera but the wand feature is not compatible with all websites (I use a secondary password manager to supplement it). I've only played a little with Chrome and Iron so have no knowledge of their ability to handle passwords securely and easily.

Quote:

Originally Posted by MidnightCowboy

I appreciate that not everyone wants to or is capable of this but then they should not use their PC for online shopping and banking. If only people would spend the same amount of time learning how to set up their security programs as they do learning how to download videos from Youtube then the online world would be a much happier and safer place.

I wasn't thinking of the YouTube/Facebook generation so much as those who struggle with the technical side of computers but still feel they would like to benefit from the advantages of online shopping etc. whilst minimizing the risks.

The benefit of HIPS is obvious but really only reliable if the pop-up messages can be understood, and acted upon appropriately by the user.

I suppose a limited user account or maybe dropmyrights under XP, along with the advice not to download, install or click yes/ok to anything may help?

IMO Sandboxie also has great potential in this area once setup properly (as long as any sensitive browsing is done in a fresh sandbox).

Having said all that, the main aim of my question was really to get some ideas on the safest, easiest browser/password manager combo to consider for the computer illiterate

MidnightCowboy · 15. Aug 2009, 02:44 AM

Well that narrows it down a lot then because my knowledge of password managers is limited. Being old school, what I can't remember myself I don't bother with. I fully appreciate though that for the modern generation this is no longer acceptable as most places you visit require some sort of controlled access. If I'm not mistaken, this category at TSA is about to get a re-write so maybe some useful suggestions will appear there.

One other thing I thought of too for people wanting a safe uncomplicated bowser, have you ever tried QtWeb? It lacks a spell check but everything else including the security options are first class.

miskairal · 15. Aug 2009, 04:44 AM

This isn't exactly what you are after but I found this article extremely helpful
http://www.techsupportalert.com/impr...l-security.htm

The title is "How to Improve Your Security When Using a Public Terminal" but I feel it's something to think about even when doing internet banking from home.

Terarus · 15. Aug 2009, 05:43 AM

Mozilla + keyscrambler + lastpass + WOT/siteadvisor
Sandboxie - preferably paid
OpenDNS / Comodo DNS

The following shouldnt be hard to learn. With sandboxie I dont think there's so much a need for other HIPS. Sure, there are potential leaks in sandboxie but perhaps you can teach your friend on safe surfing habits using WOT or siteadvisor, that should keep the risks down (and also to remember to use sandboxie if you're using the free version as there you cant force browsers sandboxed). No-script in firefox might be suggested here if you are willing to set it up for your friend, allowing certain sites before you put it on sandboxed. Thats what I do at home, my bro and his gf gets annoyed and confused at what to allow and deny and so I just made it so that it allows the sites that they usually go on.

Lastpass is simple. One click - enter master password - and it'll auto login. Again, you can help your friend by presetting its options to auto-logoff when browser closes and how the passwords are used etc etc.

After that, OpenDNS or comodo DNS might help with the banking part. Phishing and fake websites are part of everyday internet and its important that you fend off such sites, esp for banking and transactions.

Sope · 15. Aug 2009, 02:01 PM

Certainly a few things for me to look at there, cheers.

Quote:

Originally Posted by MidnightCowboy

One other thing I thought of too for people wanting a safe uncomplicated bowser, have you ever tried QtWeb? It lacks a spell check but everything else including the security options are first class.

I'll have to take a look at QTWeb.

Quote:

Originally Posted by miskairal

This isn't exactly what you are after but I found this article extremely helpful
http://www.techsupportalert.com/impr...l-security.htm

Interesting, RoboForm2Go (using it's MOK) sounds a good option.
(I'll see if it plays nice with Opera)

Quote:

Originally Posted by Terarus

Mozilla + keyscrambler + lastpass + WOT/siteadvisor
Sandboxie - preferably paid
OpenDNS / Comodo DNS

The following shouldnt be hard to learn. With sandboxie I dont think there's so much a need for other HIPS. Sure, there are potential leaks in sandboxie but perhaps you can teach your friend on safe surfing habits using WOT or siteadvisor, that should keep the risks down (and also to remember to use sandboxie if you're using the free version as there you cant force browsers sandboxed). No-script in firefox might be suggested here if you are willing to set it up for your friend, allowing certain sites before you put it on sandboxed. Thats what I do at home, my bro and his gf gets annoyed and confused at what to allow and deny and so I just made it so that it allows the sites that they usually go on.

Lastpass is simple. One click - enter master password - and it'll auto login. Again, you can help your friend by presetting its options to auto-logoff when browser closes and how the passwords are used etc etc.

After that, OpenDNS or comodo DNS might help with the banking part. Phishing and fake websites are part of everyday internet and its important that you fend off such sites, esp for banking and transactions.

Thanks, this approach makes a lot of sense to me, sounds like it may take some time and concentration to set up correctly, but afterwards shouldn't be too difficult to manage from the users point of view.

I'm presuming the combination of Keyscrambler and Lastpass would go a long way to defeating any keylogger (and/or file stealer?) that may slip through the net.

I think I need to spend some time with Firefox and it's add-ons to get a better idea of what they can offer.

Thanks everyone for the info.

MidnightCowboy · 15. Aug 2009, 02:28 PM

Yes, do check out QtWeb. I've not tried this one before until now but I really like it. It doesn't have the bells and whistle possibilities of Firefox but the standard feature set is excellent. It's fast too.

http://www.qtweb.net/compare.php

For some the lack of a spell check could be a problem although you can get a limited functionality in this area by using a third party app. Mostly though because my wireless broadband is so unreliable here I tend to type my replies into PolyEdit and then just copy onto the site, otherwise I can be half way through a long reply and lose it all

Jojoyee · 15. Aug 2009, 05:45 PM

Thank MC for the link. I'll give it a try. Getting more and more browsers sitting on my PC.

This simple reply also copied over from PolyEdit.

MidnightCowboy · 15. Aug 2009, 06:15 PM

Yeah, I like QtWeb although it is proving a little temperamental with login's to the site. No two times are the same whether cookies are enabled, disabled, cleared or whatever, but at least somehow one of the methods does come off

I flirted with Safari for a couple of days and boy is this one well made piece of kit now but the resource use was horrendous. Forget the memory because I've usually got at least 2G spare but with a couple of tabs open and a third party download in progress CPU was sitting at 100% for ages while stuff loaded.

I have to admit that this is an area I've not looked at much since Firefox was such an easy option for site work but with all the crashes experienced recently I've decided to do some homework. Chris.p suggested G.Melon

which to me was exactly that but then again browsers are as personal as the people making the choices

SRWare Iron is next on the list.

14. Aug 2009, 09:45 PM	#1 (permalink)
Sope Senior Member Join Date: Feb 2009 Location: Wales, UK Posts: 791	Best security setup suitable for the online banking technophobic? I'm interested in hearing anyone's suggestions please, regarding the best browser/password manager combo to recommend for someone who has computer skills which are limited to basic web browsing, email, online shopping and banking. So it has to be secure, quick and easy to learn, simple to use and reliable Oh, and let's say their only background security is a good freeware AV and windows firewall, +/- a router. You're welcome to suggest additions to this but nothing that generates pop-ups or requires knowledgeable user intervention!

14. Aug 2009, 10:31 PM	#2 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 8,812	This is a very difficult request to comment on without seeming to be rude or unhelpful. Browser choice in my opinion is fairly straightforward between either Opera 10 or Google Chrome. Paranoids might want to consider the SRWare Iron variant of chrome instead. Other than that I would say that it's impossible to provide the level of security requested without pop-ups and user intervention. This by implication does require a degree of knowledge to implement. I appreciate that not everyone wants to or is capable of this but then they should not use their PC for online shopping and banking. If only people would spend the same amount of time learning how to set up their security programs as they do learning how to download videos from Youtube then the online world would be a much happier and safer place. When you begin online transactions Windows firewall which is fine for incoming ceases to be of any use unless you have Vista, as the focus of attention becomes outbound. This requires at minimum a third party firewall and HIPS combination, all of which will generate alerts needing a correct response. A lot of people won't even realize that their PC is already infected until around a month after they start feeding credit card numbers into it. The router would help but to what degree is not possible to say without knowing the type, make and configuration details. Another option would be to use a PC belonging to someone they trust who has transacted online for a period without problems, and ensure that the browser traces were erased afterwards. __________________ Knows nothing and cares even less

15. Aug 2009, 02:44 AM	#4 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 8,812	Well that narrows it down a lot then because my knowledge of password managers is limited. Being old school, what I can't remember myself I don't bother with. I fully appreciate though that for the modern generation this is no longer acceptable as most places you visit require some sort of controlled access. If I'm not mistaken, this category at TSA is about to get a re-write so maybe some useful suggestions will appear there. One other thing I thought of too for people wanting a safe uncomplicated bowser, have you ever tried QtWeb? It lacks a spell check but everything else including the security options are first class. __________________ Knows nothing and cares even less

15. Aug 2009, 02:28 PM	#8 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 8,812	Yes, do check out QtWeb. I've not tried this one before until now but I really like it. It doesn't have the bells and whistle possibilities of Firefox but the standard feature set is excellent. It's fast too. http://www.qtweb.net/compare.php For some the lack of a spell check could be a problem although you can get a limited functionality in this area by using a third party app. Mostly though because my wireless broadband is so unreliable here I tend to type my replies into PolyEdit and then just copy onto the site, otherwise I can be half way through a long reply and lose it all __________________ Knows nothing and cares even less

15. Aug 2009, 05:45 PM	#9 (permalink)
Jojoyee Maestro di Search Join Date: Jul 2008 Posts: 4,058	Thank MC for the link. I'll give it a try. Getting more and more browsers sitting on my PC. This simple reply also copied over from PolyEdit. __________________ Keep It Short and Sweet

15. Aug 2009, 04:44 AM	#5 (permalink)
miskairal Senior Member Join Date: Jun 2009 Location: Qld, Australia Posts: 124	This isn't exactly what you are after but I found this article extremely helpful http://www.techsupportalert.com/impr...l-security.htm The title is "How to Improve Your Security When Using a Public Terminal" but I feel it's something to think about even when doing internet banking from home.

15. Aug 2009, 05:43 AM	#6 (permalink)
Terarus Senior Member Join Date: May 2009 Posts: 157	Mozilla + keyscrambler + lastpass + WOT/siteadvisor Sandboxie - preferably paid OpenDNS / Comodo DNS The following shouldnt be hard to learn. With sandboxie I dont think there's so much a need for other HIPS. Sure, there are potential leaks in sandboxie but perhaps you can teach your friend on safe surfing habits using WOT or siteadvisor, that should keep the risks down (and also to remember to use sandboxie if you're using the free version as there you cant force browsers sandboxed). No-script in firefox might be suggested here if you are willing to set it up for your friend, allowing certain sites before you put it on sandboxed. Thats what I do at home, my bro and his gf gets annoyed and confused at what to allow and deny and so I just made it so that it allows the sites that they usually go on. Lastpass is simple. One click - enter master password - and it'll auto login. Again, you can help your friend by presetting its options to auto-logoff when browser closes and how the passwords are used etc etc. After that, OpenDNS or comodo DNS might help with the banking part. Phishing and fake websites are part of everyday internet and its important that you fend off such sites, esp for banking and transactions.

15. Aug 2009, 06:15 PM	#10 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 8,812	Yeah, I like QtWeb although it is proving a little temperamental with login's to the site. No two times are the same whether cookies are enabled, disabled, cleared or whatever, but at least somehow one of the methods does come off I flirted with Safari for a couple of days and boy is this one well made piece of kit now but the resource use was horrendous. Forget the memory because I've usually got at least 2G spare but with a couple of tabs open and a third party download in progress CPU was sitting at 100% for ages while stuff loaded. I have to admit that this is an area I've not looked at much since Firefox was such an easy option for site work but with all the crashes experienced recently I've decided to do some homework. Chris.p suggested G.Melon which to me was exactly that but then again browsers are as personal as the people making the choices SRWare Iron is next on the list. __________________ Knows nothing and cares even less

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode