I currently keep a hosts file to make my online banking more secure. But that won�t help in the event of a DNS-cache-poisoning zero-day attack. Is the following solution practical?
Dedicate one browser for secure online banking, and dedicate a different browser for normal browsing of the Internet. The secure browser would be restricted to a whitelist containing only by bank�s IP addresses. Is there a way to restrict IP addresses for just one browser? (hosts file won�t work because it restricts all browsers) The browsers would run on Ubuntu 11.04.
Something to keep in mind is that some browsers implement their own dns resolving routines, instead of using the system's. I would assume that they'd consult the host file, but with web browsers being as complex, insecure, and error-prone as they are, one should never take anything for granted.
By the way, does your bank not use HTTPS? If it does, you shouldn't have to worry about dns poisoning. If it doesn't, I'd be more concerned by a man-in-the-middle.
If you want to be absolutely sure that your browser isn't tainted, create a VM for online banking, and disallow any interaction with the host system (shared folders, shared clipboard, ...). Make a known good snapshot of that VM, and restore to that snapshot every time you close it.
But really, there's probably a bigger chance of a well hidden trojan/root kit, or excellently crafted phishing attack, especially if the bank uses SSL. If it doesn't, change banks.
Last week, I've found out that Fortress Linux has released a secure Linux OS that is called the "Secure Browsing Edition". It only includes a hardened web browser.
This browser has a smart protection system against evil scripts and cookies. And it seems to be the only browser that forces TLS 1.2/SSL 3.3 encryption, while all the available web browsers in my Ubuntu install only use TLS 1.0, which was cracked recently. (Google for TLS cracked). Besides, I don't trust Ubuntu anymore after my system was infected by a root-kit last week. Rather go for a live system like this one.
I now use the Fortress Linux secure browsing edition to do my online banking and more. It's fast and it has an "Apple" look window manager. It boots in a matter of seconds.
For some reason I cannot post an URL, but their website is:
www fortresslinux org