Security of your financial data

[smjsl]

I thought I was on a pretty secure computer. I did not visit any questionable sites and by nature a very suspicious computer user who does not open weird emails and links (even when the links are sent by seemingly someone I know since it could be not from them and even when it is, they are not as suspicious as I am ;-) ) and virus-checks every file I download on a computer... and yet a new tool I found (online scan from eset.com) revealed some Trojans...

What do you do to make sure thieves do not steal your bank account information? How do you secure your computer and internet access? Any practices / guidelines / tricks that you find helpful?

Malware can send your files to the thieves, your keystrokes can be monitored and also sent, insecure communications intercepted, there are rootkits that can do pretty much anything and hide from anything, malware removers you might download may end up themselves being a source of malware, etc. I recently started reading on the subject (again) and it's a wild scary world out there.

Here is link I am looking into more recently:
Different approaches to removing malware - Computerworld Blogs

"Don't simply dismiss today's computer exploitations as an annoyance like we did just a few years ago. That was play time; this is serious. ... 99 percent of malware is crimeware designed to hurt you financially."

 

[kumquat]

This could become a book, many people have written them. There are all kinds of things you can and should do. One is not to believe everything that appears on your screen. Just as certain "vendors" will try to get you to download malicious software by claiming you are infected, legitimate software sometimes makes mistakes and flags innocent files as malware. Research what is finds.

Some simple suggestions:

Learn safe computing habits.

Things not related to your online actions/habits are:

1. Never attach your computer directly to the Internet. Always use a NATing router between them. Change its password and don't allow remote access to it.
2. If using Windows, enable automatic update or update manually often.
3. Make regular backups.
4. Use some anti-malware software (free or otherwise).
5. Use a browser other than IE.

For the ultra paranoid.

1. Don't use Windows, pick an obscure OS like NetBSD.
2. Configure your router to only allow communications with certain sites on certain ports.

 

[easysurfer]

To add a few other tips:

1. use encryption software to encrypt important financial data

2. use a password keeper/generator to maintain hard to guess passwords

3. for financial sites that have security questions and answers to reset passwords, use more cryptic answers (for example, what city were you born? Instead of just "New York" as the answer, put something like "New_York!")

 

[Kabekew]

...a new tool I found (online scan from eset.com) revealed some Trojans...

Well, those "online virus scan" companies make their money by "finding" things, then you hopefully buy their product to get rid of it. I don't know them specifically, but a lot of similar sites will report simple website cookies as "trojans" under the very weak justification that websites could theoretically and magically know the cookie ID of other websites and read them to see what data they store.

Cookies really aren't a threat though, and can't read your keystrokes. Actual, active "trojans" are programs that install themselves and run constantly, but today for one of those things to install itself requires major security holes on your part. If you're using Windows, just make sure your firewall is on (Start/Control Panel/Security Center) and automatic Windows updates is on (Start/Control Panel/Automatic Updates), and don't click on things that tell you to click on them in emails and websites and you'll be fine. Install a virus scanner like Norton and you'll be even better.