Is Mac OS X Firewall sufficient for Internet Banking?

[Mat]

Hi

A friend of mine also has a mac, and is interested in internet banking, but is tight and doesn't want to have to buy any security software. Will Mac OS X 10.3.9's inbuilt firewall offer him enough protection from any threats. If not, what should he buy to do the job? I don't do internet banking so I was really of no use to him. If any of you lovely peeps could help out that would be awesome.

Thanks, Mat

 

[Mikuro]

For the most part, I don't think firewalls are really relevant here. Firewalls block data and connections in mid-transmission, but with online banking, everything needs to get where it's going anyway. The security concern with online banking isn't so much that people will be making unwelcome attempts to connect to your machine, but that they will be tapping your transmission as your private data goes between your modem (past any firewall) and its destination. Unless my knowledge of how such hacking is done is very flawed (could be), firewalls won't help here.

About the only thing I can recommend is making sure the banking site is encrypted, as it almost certainly would be. Also, if you're accessing the Internet wirelessly, there should also be some encryption between your machine and the wireless router (I'm no expert on wireless networking, but I think there should be settings in the wireless router's configuration).

Hope this helps.

Edit: This is not to say that he shouldn't have any firewall. Certainly, that would compromise his security. — just not in a way that's really specific to online banking.

 

[Thank The Cheese]

This is where the media's manipulation comes into play. They never talk about technology on the 6 'o clock news unless it has something to do with phishing (which they call "credit card scams"), or root kits (which they refer to as "viruses"). So those who don't know enough about computers to see past the sensationalism panic and buy all this software they don't need.

What they don't tell you is that using a credit card to buy online is (arguably) far safer than giving your card to some random employee of a restaurant.

The media use the argument that the Net is insecure "because anyone can make a site and ask for money". True, but if you use some common sense and buy only from websites you know of (Amazon for example), there is almost zero risk. You can also look out for marks like the Verisign certificate, which is displayed only on websites that are secure.

sorry, i'm not attacking you Mat, it's a very valid question you ask - it's the media I have a beef with!

 

[fryke]

Or to shorten the answers: This really depends on the security of the process the specific online bank is using and not the Mac's side of security. You need a current browser for this (security certificates etc.), but you're probably going to try with Safari 1.3.2 on 10.3.9, so that's good.

 

[sgould]

I would think that if you use a Mac there is virtually no risk (as long as the bank system is Mac friendly and works at all!! ) since there is virtually no bad stuff written for the Mac.

My bank has introduced drop-down menus for choosing the digits of a security number which, they say, prevents keystoke readers from recording your code.

 

[ElDiabloConCaca]

If you're talking about viruses (or malicious software that actually executes on the Macintosh), then yes, the Mac is a lower risk platform.

However, when it comes to the internet, data is data and is independent of the operating system. An "internet transmission" (TCP packet) from a Macintosh looks identical to a transmission from a Windows computer -- once you get beyond your router/firewall, it's all the same.

It's not viruses that snoop your online banking transmissions -- it's people and computers somewhere between you and the bank doing the snooping. There's nothing you can do about it except make sure your bank uses SSL and encrypts the data (which I don't know of a single bank that doesn't).

 

[scruffy]

It is in fact viruses that snoop on your online transactions. Since, as you mention, banks use SSL (and have for a long time now), the weakest link is going to be the user's home computer, not the SSL session.

Plenty of viruses include keyloggers, or use other tactics to capture passwords to banking sites. The other common method of attacking online banking is sending out phishing emails.

The main thing for your friend to keep in mind is the same common sense measures that always apply - open attachments you weren't expecting, and never enter sensitive information into a site you reached by following a link in an email.

 

[Mat]

OK. So summing that all up, my friend does not NEED a firewall as all of the information sending/receiving is done outside of a firewall's reach. The security really needs to be within the bank website, they need to encrypt passwords and such to keep it safe in transmission. However this guy should have a firewall for general security anyway. Also, there is the ever present risk of viruses, keyloggers and the like, however these are few and far between on Macs, so they're not such a worry.

Thanks for all of your comments. (If I've misinterpreted any of that please let me know)

 

[Willo24]

Mat,
Scruffy's point is, I think, the most important here. Most fraud related to internet banking at the moment is in the form of misleading emails which aim to get the client to disclose account and password details. Such phishing attacks rely on people being naive or stupid.
Remember that if it sounds too good to be true, it isn't (true) and that if it smells fishy it's probably rotten.