Bootable disc eliminates viruses for safer banking

Computerworld Australia - A computer science researcher has developed a secure software application intended to bypass the problem of viruses altogether.

"Viruses are a fact of life. Let's provide a different way of doing certain things which are not affected by viruses," says professor Paddy Krishnan of Bond University.

Krishnan and his team at Bond's Software Assurance Center in Australia have created a secure platform for computing in the form of a live CD.

The software, tentatively called BOSS (Bank on Secure System), was designed with the home user in mind and is limited to specific applications that involve sensitive transactions, such as electronic banking.

Krishnan claims the procedure is easy. The end user simply slips the CD into the PC and reboots it. Instead of the usual operating system loading at boot, the BOSS loads first. Once loaded, a browser opens, followed by a graphical keyboard for added security. Normal online banking can then be conducted on the secure platform. When the user completes his transaction, the original operating system is restored by simply removing the CD and rebooting.

"The advantage of this [technology] is that when you're doing your banking, the viruses that live on your hard drive are not active anymore."

Krishnan described the CD as an engineering achievement, even though the idea of a live CD has been around for several years. "However, most of the work done on it has been to hide the details or charge too much for the software. Our system requires no change from the banks and also no real change in the hardware that is commonly found at homes," he said.

Krishnan continued, "In security-related matters, it is important to identify the vulnerabilities and the ways to protect oneself from the vulnerabilities. One aspect of our system which is not covered in other systems is the customizability of the security aspect. That is, we have added PwdHash -- but we can easily add other tools -- to provide better protection."

At present, the software is available for evaluation. Krishnan is keen to see the results of initial testing, as well as to make progress with his ongoing research into the formal verification of the software.

"Verification is very hard, because you need to mathematize the whole thing and the system is too big for that," he said. "But it is the only way to ensure that something works."

The commercial aspect of the technology is not a high priority, Krishnan said, but he can visualize the government promoting the software for public-good reasons. Banks, too, may wish to customize the solution to provide an additional protective layer for customers. Interested customers can contact the university for a copy of the disc. Krishnan said it would charge a nominal fee to cover the cost of postage and the CD.