Donnerstag, 13. September 2012

Creating a secure user for home banking

People (like me) tend to use more and more useful applications like skype, dropbox and others that run as a service in the back. Additionally, a couple of addons are installed in the browser. Everytime I enter enter my homebanking account in my browser, my gut says: Do you really trust all of the sofware? It could easily log your banking PIN and forward it to some criminals.
To make my gut feel better, I created a separate windows user just for home banking. To be clear: If you're infected by a virus, this doesn't help. Always keep your antivirus updated! Benefits of this solution
  • No apps running in the back that could be nosey about my PIN
  • No addons in firefox that could grab inputs or modify outputs
  • Separate user data that can be secured
Step 1: Normal Accounts
First of all, your regular user account should not be an administrator. If you accidently download malware, it's very helpful if your account does not have admin permissions.

Step 2: Create new user
Create a new user account named "Homebanking". Make the accound a regular account, not administrator and set a password.

Step 3: Disable autostart
Login with the new user and run "msconfig" from the commandline. In the startup tab, you can see all autostart applications and the location they are configured to be started. Most of them are located in the windows registry in HKCU or HKLM. To disable the startup only for the homebanking user, there's a simple trick. Open startup the registry editor "regedit" as administrator. Navigate to the paths listed in the location column. In total, there are only 3 or 4 locations that should get you covered. All of them have a "run" folder. Right-Click the run folder in the regestry editor and change the permissions. Disable access for the "homebanking" user. This way, this user won't have any autostart.


Step 4: Encrypt the data
Logout the homebanking user. Login with an administrator account and navigate to C:\Users
Open the properties of the "homebanking" folder and enable encryption.

Step 5: Setup Browser
I prefer firefox. Install it (if not done, yet) and run it. You should have an empty profile now with no addons. If there are any addons, please carefully check, if you want them there or not. I'm okay with a addon from my antivirus software. Everything else will be uninstalled. Setup the bookmarks to your bank accounts or just set the default start page.

That's it!

I recommend not to use the homebanking account for anything else but home baning. I typically even don't visit any websites but my bank site.