Helping people with computers... one answer at a time.

Websites open in different browsers, windows, or tabs should be unable to interact or see each other. Emphasis on "should".

While using my bank's secure site, I realized that an unsecured site (Hotmail) was still running in the background. Would this compromise the data on the secure bank site?

No.

OK, there are no absolutes when it comes to computing, so a more accurate answer is actually it shouldn't: It should be perfectly safe to have your bank open in one window or tab, and an unsecured site, such as Hotmail, open in another.

Let me explain why I have to say "should".

Browser Vulnerabilities

Two sites that are being viewed in separate windows aren't supposed to be able to interact or even know that the other exists.

However, there's no such thing as bug-free software, and it's conceivable that a vulnerability exists that might allow a malicious website in one window to somehow affect or interact with the other. It's not likely, but certainly possible.

Can your password be found?

That's one of the reasons why keeping your browser and operating system as up to date as possible is so important. Vulnerabilities such as this are fixed when found, but the only way that you'd get the fix is to keep your software up to date.

This is also another case where keeping Windows itself up to date is key as well. Regardless of which web browser, you use it's Windows that provides the underlying system services. An unpatched vulnerability in those services could indeed manifest through your browser.

Malicious Sites

You don't visit malicious sites, do you? Sites where perhaps questionable or even illegal content is made available?

I'm sure you don't.

But for a moment, let's pretend that you do.

Those are sites that I would recommend against having open in other windows or tabs while you do your online banking.

The issue isn't so much about cross-window access as it is about malware. If your machine gets some sort of infection from visiting a malicious website, then it's possible that your anti-malware tools might not be able to stop it before it does something to compromise your system; this could exploit the fact that you happen to have your banking window open at the same time. The anti-malware tools may clean up after, but by then, it may be too late.

Naturally, I recommend avoiding potentially malicious sites to begin with, but if your habits include the questionable, then don't try and bank online at the same time.

And for the record, while I seriously question its use as an email service, I don't consider Hotmail a questionable site.

Malware In General

The real threat to online banking isn't from other sites being open in your browser; it's from malware, such as viruses or spyware, already on your machine.

Naturally, all of the standard advice applies: keeping your system up to date, using your anti-virus, anti-spyware and firewall, and, of course, following good online behavior should all be used.

There are individuals who actually recommend keeping a separate computer, perhaps even running a non-Windows operating system, for online banking. I can't really fault the thinking, but in my own case, I simply follow the advice above and feel plenty secure.

Article C4769 - March 19, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Bruce Trainor
March 22, 2011 12:32 PM

Hell Leo

Most of my computing is done with the Windows O/S, but for on line banking I use a dedicated netbook with Ubuntu O/S. It has a firewall and I keep Clam up to date. This computer has no internet activity except banking and updates. It is only turned on for those operations.

The computer cost about 300.00 and is nearly 3 years old, I expect to be using it for a few more years, so I don't consider it an expensive solution. If it lasts 6 years total it will have been about the same price as 6 years of paid AV. Ubuntu firewall and Clam AV are free.

I also have a special credit card for on line purchases. This card has a 750 dollar limit so if it is hacked it won't hurt too bad. I pay it off each month because it is at a high rate of interest. Again it doesn't cost very much.

Your columns are very useful, thanks for producing them.

Brucwe

Digital Artist
March 22, 2011 2:55 PM

Never gave this a thought until now, I normally open the US Weather Bureau, the local newspaper website, my email service and Netflix (all four in tabs as my home page) in Firefox. If I want to open my bank or credit card accounts I either do it in a new tab or one of the four already opened. Henceforth, it will be Right-click; close other tabs FIRST.

ron
March 22, 2011 3:15 PM

I'm not a fan on online banking, not till a few more wrinkles are worked out.

However, if I ever get around to it, I think I'll follow the suggestion to use some flavor of hardened Nix on a Live CD. Boot to Nix, do the banking, and reboot back to the normal HD based OS of your choice.

It is a little inconvenient, but it bumps up the security level.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.