By Using VirtualBox and Linux Mint
Summary: This article demonstrates how to setup and use a Linux virtual machine to do online banking, shopping, and web surfing in a more secure way.
Audience: A Windows user with enough experience to install software and copy files.
A Note for Linux Experts
I did the best I could to write a quality piece on this subject, however the following disclaimer applies:
The information shared on this blog is presented “AS IS” and without warranty of any kind, either express or implied. This article is for informational and entertainment purposes only, and is not to be viewed as computer security advice. If you have a concern about computer security, please contact a professional.
Millions of people do their online banking and shopping in a very insecure way, leaving themselves open to all manner of attacks by those who want to steal their money and their identity. They use a system that is the primary common denominator in every major attack on home and office computers.
What is this insecure system that leaves so many vulnerable?
For all the work done in Redmond to make life better and more secure for Windows users, the problem remains: Windows is insecure. The huge majority of malware is written specifically for Windows. Banking and online shopping in Windows bring real dangers to your money and your identity. Even if you think you’re safe, you probably have family and friends who you want to help or wish they would do a better job protecting themselves online.
So what is the solution?
Don’t use Windows for online banking and shopping.
“What? Do you mean I have to wipe out Windows on my computer and switch to something completely different just to be safe online?”
Thankfully, the answer is “No.” There is a way to be much safer online without doing away with Windows entirely.
Use Linux Live Boot
Linux is more secure and has far, far less malware written for it than you’ll find written for Windows. Of course there’s no such thing as a 100% secure system, but using Linux is much more secure than using Windows. And there’s a convenient way to use Linux without changing your entire computer to Linux. It’s called Linux Live Boot.
Live boot lets you run your computer in Linux without installing Linux on your hard disk. The concept is simple. You put a Linux live boot CD or USB flash drive into your computer, then reboot. Your computer will boot from the live boot CD or USB, and a CD-based version of Linux will start up. You can use the browser in Linux to do all your banking or shopping. When you’re done, you remove the Linux live boot CD or USB, restart your computer, and you’ll be back in Windows again.
Even if by some miracle, Linux got infected while surfing to a nefarious site, that infection would only exist in the computer’s RAM — it won’t be written to disk. When you shut down, that infection will be gone. Each live boot is a clean machine.
As a bonus, browsing with Linux live boot is like a supercharged, super secure version of private browsing. No tracking cookies or browsing history will be kept on your computer. So when a friend sends a link you just “have to see,” you have a secure way to view that link without putting your computer’s security at risk.
The more secure option: Linux live boot from a CD or USB
While Linux live boot is quite secure, and that’s a wonderful thing, it’s not terribly convenient. You have to shut down your computer to restart on Linux. This means you will lose all your open browser windows with research on your purchase or bank transaction, and all your open apps like your word processor or spreadsheet. While you’re running Linux, you can’t use any of your Windows software until you finish with Linux and restart into Windows. Also wifi connections may be troublesome as Linux isn’t 100% reliable at using wifi adapters in live boot.
Still, if you want to boot Linux on a CD, DVD, or USB flash drive, here are some links that will help you do just that.
But is there a more convenient way?
The more convenient option: A virtual machine that runs on a Linux live CD
Booting on a Linux live CD is among the most secure ways you can surf the Internet. A close second is to use a Linux live boot virtual machine. Even if your Windows computer is infected with malware, it may still be safe to do online transactions using the Linux virtual machine.1 And if your Windows computer is not infected, doing your “risky” surfing with a Linux virtual machine is a good way to reduce the risk of getting an infection on your Windows computer.
In fact, there is a very good reason to use the Linux virtual machine: It is more convenient than booting on a Linux live CD. Don’t discount convenience. When it comes to less technical friends and family, the more convenient the option is, the more likely it is they will use it. And, if we’re honest, it’s more likely that we will use it as well. After all, the most secure system in the world can’t protect someone who doesn’t bother to use it.
The idea is simple: Use a virtual machine to boot a Linux live CD when you do your online banking and shopping.
What is a virtual machine? A virtual machine is a program that simulates a computer. Every action a real computer can do can also be done by the virtual machine, such as booting on a live CD and securely browsing the Internet. The virtual machine software also prevents the programs on the virtual machine from altering or infecting the physical computer (the “host” computer) that it runs on. The host computer won’t get infected even if the virtual machine gets infected.
The virtual machine looks and acts much like any other Windows application. This means you can boot a Linux virtual machine while your Windows-based browser and apps run. You can even copy-and-paste text between the virtual machine and Windows. When you’re done with the virtual machine, you just shut it down like you would any other Windows program. Your Windows-based browser and apps are unaffected.
Also, the virtual machine uses the host computer’s network connection, so the wifi problem with Linux live boot isn’t an issue.
Typical Use Scenario
A typical use of a Linux live boot virtual machine would be to start it up to view a link from a Facebook friend, then shut down the virtual machine — any infection you might have received from that link will disappear. Then start the virtual machine again to do some online shopping, then shut down the virtual machine. Then start the virtual machine to do your banking, then shut it down again.
You get the picture. Use the virtual machine for a specific action, then shut it down. Any infection you might get during one of your sessions won’t carry over to the next section.
What you’ll need
To get started running Linux live boot on a virtual machine, you will need:
- A computer with at least 4 GB of RAM.
- If you have less than 4 GB of RAM, I suggest you use a live boot CD or live boot USB flash drive. See these links at the end of this article for step-by-step instructions to create and use a Linux live CD, DVD, or USB flash drive.
- At least 4 GB of free disk space.
- A computer running Microsoft Windows Vista, 7, 8, 8.1, 10 or higher.
What we’ll use
Here are the specific programs we will use to set up your virtual machine live boot:
- VirtualBox — VirtualBox is a free and open source virtual machine management program.
- Linux Mint — Linux Mint is a version of Linux that is easy for most Windows users to use. Also, Linux Mint has a built-in subset of the “VirtualBox Guest Additions” which allow copy-and-paste between Windows and the Linux Mint virtual machine.
Here are the steps we will take to get up and running with a Linux virtual machine:
Step 1: Download VirtualBox and Linux Mint
Download Linux Mint 17.3 Xfce 32-bit
To download the Linux Mint file, perform the following steps:
- Click here to start the download of the file
linuxmint-17.3-xfce-32bit.iso. That is the file VirtualBox will use to create the live boot virtual machine.
- After the
linuxmint-17.3-xfce-32bit.iso file downloads, create a folder named ISOs inside your Documents folder.
- Move the
linuxmint-17.3-xfce-32bit.iso file to your Documents\ISOs folder.
To download VirtualBox, perform the following steps:
- Click here, to go to the VirtualBox download page.
- Click on VirtualBox for Windows hosts.This will download the VirtualBox for Windows setup program.
Step 2: Install VirtualBox
To install VirtualBox, perform the following steps:
- Double-click the VirtualBox for Windows setup program you downloaded in the last step above.
- You will see the
Oracle VM VirtualBox Setup wizard. Click
- You will see the first
Custom Setup page. Click
- You will see the second
Custom Setup page.
- Optional: Uncheck
Create a shortcut on the desktop.
- Optional: Uncheck
Create a shortcut in the Quick Launch bar.
- You will see the
Warning: Network Interfaces page. Click
- You will see the
Ready to Install page. Click
VirtualBox will begin to install.
- You may see a User Account Control dialog box or boxes. If you do, click
Yes each time you see the dialog box.
VirtualBox will continue to install.
- Once VirtualBox has installed, you will see the
Oracle VM VirtualBox installation complete page.
- Ensure the
Start Oracle VM VirtualBox after installation checkbox is checked.
Step 3: Create the Linux Virtual Machine
Now that VirtualBox is installed, we’re ready to create the virtual machine.
- If VirtualBox is not already running, start VirtualBox. The VirtualBox program will appear.
Create Virtual Machine dialog box will appear, showing the
Name and operating system page.
Name, type “Linux Mint Xfce 17.3”.
- On the
Memory size page, enter
2048 for the memory size.
- On the
Hard disk page:
Do not add a virtual hard disk.
- VirtualBox displays the
VirtualBox - Warning dialog box to warn us that we are creating a virtual machine without a hard disk. Because our virtual machine does not require a hard disk, this is what we want. Click
- Now that we have created the virtual machine, we need to change some of its settings.
Linux Mint Xfce 17.3 from the list.
- In the
Settings dialog box:
- Select the
Shared Clipboard to
Storage, then perform the following steps:
- In the
Storage Tree, select
- In the
Attributes, select (check)
- Click the disc icon on the right. A context menu will appear.
Choose Virtual Optical Disk file...
- In the
Please choose a virtual optical disk file dialog box:
- Select your Documents\ISOs folder.
- Double-click the
Step 4: Start the Linux Virtual Machine
To start your Linux Mint virtual Machine, perform the following:
From the VirtualBox Manager:
Linux Mint Xfce 17.3.
The virtual machine will begin to boot up.
There is a ten second pause in the boot up process.
If you wish to bypass this delay, you can press
Enter to show the boot menu, then press
Enter again to start Linux Mint immediately.
In a few seconds, Linux Mint will finish booting and be ready for use.
Step 5: Use the Linux Virtual Machine for Safe Transactions
To use the virtual machine, you can do the following:
You can resize the virtual machine window with a click and drag on the lower right corner of the window.
You can start the browser by clicking the Firefox icon on the virtual machine’s task bar.
To maximize the browser, click the plus sign in the upper right corner of the browser window.
Now you can perform your online banking and shopping with greater security than before.
Step 6: Shut down the virtual machine
There is no need for an elaborate shutdown process since the virtual machine will boot fresh every time.
When you’re finished using your virtual machine to perform your shopping or banking:
- Click the “x” in the upper right corner of the virtual machine’s window.
Power off the machine.
That’s it! Your secure web surfing session is finished.
By following these steps, you have a new and more secure way to do your online banking, shopping, and web surfing. And you have a way to help friends and family members be more secure in their online activities, too.
If you have anything to add to this, or want to leave a comment, please do so in the comment section below.
A Note for Linux Experts
Certainly, there are many varieties of Linux I could have suggested for this article. After much research and experimentation, I chose Linux Mint 17.3 Xfce 32-bit because it gives a high quality experience for Windows users who wish to increase the security of their online transactions. If you are curious, here are the reasons for my choice:
- I chose Linux Mint because a subset of VirtualBox Guest Additions are already baked in, which is important in a live boot situation. Copy-and-paste of text is bi-directional, and the virtual machine window can be resized as easily as any other application window.
- I chose 17.3 because, as of this writing, it is the most recent long term support release (LTS) of Linux Mint.
- I chose Xfce because it is a lightweight, responsive interface that is familiar and easy to navigate for most Windows users.
- I chose 32-bit as this works in VirtualBox without the need to check or change the BIOS/UEFI virtualization settings (VT-x or AMD-V), which are required for 64-bit guest operating systems. Changing BIOS/UEFI settings could be problematic for less technical Windows users. If you wish to understand these settings, here is a good article on the subject.
- I chose 2048 MB of RAM for the virtual machine because that gives a stable and responsive experience. I tried 1024 MB and 1536 MB, but found these to have less stability and responsiveness when numerous browser tabs are open.
- I chose 1 CPU in the virtual machine because that does not require additional settings in VirtualBox (ie., to use more than one CPU, you may need to enable the I/O APIC feature in the Motherboard section of the System page).
If you are setting this up for yourself or a friend or family member, and you wish to use a different distribution of Linux or different settings for your virtual machine, I have every faith you will choose well.
If you want to use a physical live boot CD/DVD/USB Drive
This article documents how to use Linux live boot in a virtual machine, which is not quite as secure as booting on a Linux live boot CD, DVD, or USB. If you want to know how to create and use a Linux live boot CD/DVD/USB for your online banking and shopping, here are some links that show how to accomplish that:
1. Is it safe to do online transactions by using a Linux live boot virtual machine on a compromised Windows computer? Perhaps yes, perhaps no. It all depends on the type of infection on the Windows host.
If, for example, the Windows host computer is infected with a keylogger or screengrabber, the Linux virtual machine will offer no better security for online transactions than the compromised Windows computer. The keylogger will still capture the keystrokes of your usernames and passwords, and the screengrabber will still be able to take screenshots of your online activity.
However, if the Windows host computer is infected with a browser-based infection, for example, then using the Linux virtual machine for online transactions should provide greater security, since the Linux virtual machine’s web browser will be used for online transactions, not the infected Windows-based browser.
The point is, it’s at least as good as using the Windows computer, and quite possibly better.
For more information, see this article and the comments that follow it: Banking on a Live CD: http://krebsonsecurity.com/2012/07/banking-on-a-live-cd/comment-page-1/