Helping people with computers... one answer at a time.

Using Linux for banking can certainly increase your online security a notch. Is it necessary? Well, that's a matter of opinion.

I like Windows a lot, but anti-virus is not 100%. If I switch to Firefox and Linux, am I 100% virus proof for online banking, etc. or 99% proof? I'm using the same computer in a dual-boot configuration and I'd be back to Windows after logging out of banking.

In this excerpt from Answercast #85, I look at the added security that can be added to online banking by booting your computer into Linux.

Linux for banking

So there is no such thing as 100% virus proof on any platform. Don't let anybody tell you otherwise.

There are viruses for every possible platform that you are likely to use. Linux, Macintosh, and Windows. There are in fact viruses (and so forth) available for each.

Not popular enough for viruses

Now, 99% is actually not that bad a number. That is probably more accurate representation of something like Linux for the average home user; 99% or even 99.9% virus proof is probably what I would consider it.

That may change over time. If more and more people start using Linux, virus writers will say, "Hey, more and more people are using Linux. There's an opportunity for us to start causing them trouble too."

But right now, yes, it is pretty safe. And what you're describing is in fact what many of the more stringent security-minded people actually recommend.

Dual boot into Linux

Either use a dual boot into a Linux system (the browser at that point doesn't matter that much - Firefox is fine) and use that exclusively for online banking.

Boot from Live CD/DVD

Or, some go so far as to make sure you use a live CD or DVD - so you're actually not using "dual boot." You're actually booting from optical media that can't be written to.

What that means is that no matter what happens during your Linux session, it's not saved.

So, if for some reason, there's some kind of malware or security exploit that tries to install something on the Linux system - it can't. As soon as you reboot, you're back to Windows - and as soon as you reboot again from the DVD, the DVD wasn't altered by whatever malware tried to do.

Like I said, it's not likely; it's not common. I do know that many people do recommend using Linux (or simply booting into Linux temporarily) for online banking.

Banking on Windows

Now, full disclosure: I don't do that. I actually do my online banking from my Windows machine.

I run Windows 7; I have Microsoft Security Essentials as my anti-malware tool - and I have experience in making sure to avoid things that should be avoided: the places that are likely to get malware.

In reality, that's my recommendation in general.

Is it 100%? Absolutely not - nothing is. Is it 99%? Probably pretty close. It's certainly not 99.9%. It's not as safe, as secure as the reboot into Linux scenario - but in my opinion and in my experience, it's secure enough.

(Transcript lightly edited for readability.)

Article C6215 - January 5, 2013 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

January 7, 2013 9:16 AM

I hope you have other security, besides MSE, to catch the things it misses.

Tom R.
January 8, 2013 9:39 AM

Malware is now being written that is cross-platform. In other words, no matter what platform you're running the malware can install and configure itself. Windows, Mac or Linux, it doesn't matter. Look for that to become common-place.

January 8, 2013 10:04 AM

Or you can use a single purpose Virtual Machine so you don't even have to reboot your whole system. That Live CD can even run inside the VM.

A Richter
January 8, 2013 11:29 AM

Leo's arrangements are fine and dandy; Windows is safe enough on a properly maintained machine, and MSSE performs well regardless of funny benchmarking at some places.

The worst kind of "virus" one could get is perfectly physical. Based on experience:

1. Never, ever, let other people use your card.
2. Get your statements online only, not in the mail.

If someone installs a hardware keylogger on your equipment, no flavor of Linux will help.

January 8, 2013 3:09 PM

Tom R. I think what you refer to is the Java exploit, And all you have to do to fix this is disable Java, Oracle is working on this all be it a little slowly, But yes point taken!

January 9, 2013 1:27 AM

I use msse in conjugation with sandboxie. We have not been robbed online yet in this household.Early days perhaps..?
Can't say the same in the physical world unfortunately.....
@Tom R ....any actual examples or links pls.


Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.