Why A Linux Live CD Could Save Your Small Business

Could Linux really protect your business against an online banking disaster? Absolutely -- and the major arguments against this approach simply don't hold water.
Could Linux really protect your business against an online banking disaster? Absolutely -- and the major arguments against this approach simply don't hold water.It is tempting for people on both sides of the Windows-versus-Linux debate to use this topic to advance their own agendas. As someone who advocates for the use of both platforms in real-world small business environments, I think it's important to put aside the religious zealotry and to discuss precisely why Linux provides an ideal platform for online banking.

1. Linux is only secure because so few people use it to do online banking. I strongly disagree with this assertion, but that doesn't matter in this case -- it's entirely beside the point.

No small business that currently uses Windows needs to switch entirely to Linux to use it for online banking. These users can -- and in many cases should -- boot into a Linux Live CD for online banking and financial-management tasks.

As I discussed in my previous blog post, a Linux Live CD provides a quick, easy, almost completely painless way to use Linux without disrupting an existing Windows-based desktop system. It also provides another, crucial benefit: The system loads directly into a PC's memory from a CD, DVD or other read-only medium.

Even if you browse to a site that attempts to load a bit of malware capable of attacking a Linux system, it literally has nowhere to hide. It can't alter or interact with Linux system files or other applications, and it is flushed out of memory as soon as the system is booted back into Windows.

(An important caveat: Your Linux Live distro is only as secure as its source. Make sure yours is completely reputable before you proceed.)

It is also possible to create a Linux Live distro using a write-enabled USB key or rewritable optical media. And I think that any major desktop Linux distro, no matter how it is installed, offers far better protection against malware than any existing Windows release.

But if you want truly airtight protection, booting Linux from read-only media still offers the best possible option. In fact, even desktop Linux users might consider booting from a read-only Live CD when accessing an online business bank account.

2. Why not simply use a "Windows Live CD" to do the same thing? In theory, that approach is possible. In practice, it can be a difficult and messy process, and Microsoft has even called its legality into question. Until Microsoft or an authorized third-party developer creates a proper Windows Live CD implementation (don't hold your breath), I can't recommend that any small business employ this method.

3. Linux doesn't prevent phishing attacks any more effectively than Windows. This is probably true. It is also irrelevant here.

Phishing is form of social engineering attack that exploits a user's carelessness or lack of experience. A potential victim, for example, might get an email asking them to "update" their online banking contact information. The helpful link included in the email actually takes the user to a site that looks like their online banking Web page, where their login credentials are captured and used for all sorts of nefarious purposes.

As long as phishing exploits a "bug" in the hardware between a user's ears, security software can only do so much to prevent it.

Using a Linux Live CD offers protection against malware that attacks an operating system, Web browser or other application software. This includes Trojans and keystroke-logging spyware that install themselves on compromised systems and wait patiently until an unsuspecting user logs into an online baking site. At that point, it's all over -- and the victim may never know precisely what happened.

Think you're too smart to get suckered into downloading malware? Think again -- hackers routinely attack major Web sites and use them as distribution points for new malware variants. And while antimalware tools offer a great deal of protection, they are not perfect and never will be -- an attacker only needs one shot at your system to win this game.

4. We'll take our chances -- the odds are still stacked in our favor. If you're talking about a regular consumer bank account, that actually sounds reasonable. After all, your bank is legally required to reimburse you for fraudulent account activity if you report it in a timely manner.

If you're talking about a business banking account, however, then this is a foolish and reckless act.

With few exceptions, banks are under no legal obligation to reimburse business banking customers for fraud-related losses. Fewer still will make exceptions out of the goodness of their hearts.

That turns this into an all-or-nothing gamble. Make a single mistake, and your company's cash flow will drain into some sociopath's retirement account.

Burning and learning how to use a Linux Live CD such as Ubuntu is about as difficult as eating that second doughnut you didn't need anyway. Rebooting into it for an online banking session will take maybe five minutes. Is it really worth discussing whether or not this is "too much trouble" for a small business that wants to stay in business?