Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"My bank in China requires Windows + IE + a custom ActiveX control to use their Internet banking. As a result, I don't use it."

Why not have a VM just for internet banking? Surely that's easier than taking the chop out of the safe and waiting in line at the branch.



Yeah, I thought about it. But I don't know how I could keep the VM secure, so I might end up doing my Internet banking on a malware-infested system.

I wouldn't trust myself to keep the latest version of Windows secure, given that I haven't used Windows in over a decade, so I'm pretty sure I can't be trusted to keep XP safe. (As far as I'm aware, the "security" software that the bank's ActiveX control communicates with only runs on XP.)


> But I don't know how I could keep the VM secure,

It's simple, really.

Set up the VM. Do a snapshot. Every time you need to use the shit website, launch the VM, open the site in IE and nothing else. When you're done, shut down the VM and reset it to the known good snapshot.

There. Secure.


Well, this assumes that it won't be compromised during an Internet banking session. Since I have a workaround (use the mobile app for personal banking, go to the bank for business stuff - which I don't need to do often) it doesn't seem worth the trouble and risk.


How would it be compromised if you only connect to the bank?


The bank requires their own ActiveX control and external software which the ActiveX control communicates with, both of questionable quality. Surely that's one of the more likely attack vectors you could have on a system?


At least in South Korea some (but not all) rootkits actively check for the presence of VM.


How does once check for the presence of a VM from inside the VM? Doesn't that defeat the purpose of the VM to begin with?


> How does once check for the presence of a VM from inside the VM

for example by enumerating the connected PCI devices and looking for common VM vendors virtual devices.

>Doesn't that defeat the purpose of the VM to begin with

that depends on your use-case. If it's about separating mostly trusted applications and/or servers, then absolutely not.

If it's about investigating known-bad code, then, yes, absolutely - malware is often intentionally disabling itself when it detects it's running in a VM.


Theoretically speaking you can make a VM that is indistinguishable to a real computer. In reality most VM solutions do not attempt to do so. For example, many install specialized drivers to communicate to the host that can be readily checked.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: