Vista Personal Bank Security Suggestion

[Anthony]

A special default user or mode called "Bank"
When this user logs in IE loads pointing to the users bank site.
Vista runs only the minimum number of processes required to enable IE access.
Vista prevents any non-essential processes or applications from running
under this user/mode.
No applications, no start menu, no shortcuts, just an IE shell pointing to
the users bank site.
Essentually its a pure bank terminal with a focus on security.

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

[url]http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?mid=03c7576c-8466-4570-bcbb-bf50b6a4f5be&dg=microsoft.public.windows.vista.gen eral[/url]

[Andre Da Costa [Extended64]]

Security has been greatly improved for doing transactions online in Windows
Internet Explorer 7. The Phishing filter should be well noted, this feature
checks out the legitimacy of websites which should be a convenient feature
for users who do online transactions. You can check the address and location
of the website, whether its in Russia or your country, a red bar is placed
in the address bar when a website is a known Phishing site, of course, if
you are sure it is not a Phishing site, you can report it to Microsoft where
a live person will make the appropriate decision. If the bar is yellow it is
suspected to be a Phishing site, again you can report it to Microsoft as a
false positive.

Features such as Protected Mode which basically sand boxes the browser from
the rest of the system, so if a vulnerability does strike it's contained in
the IE Cache and no where else.

Also, there is Internet Explorer 7 with no Add-Ons, which basically running
IE with no add-on tools that can be used in a advantageous way to be used
maliciously against user.
--
--
Andre
Windows Connect | [url]http://www.windowsconnected.com[/url]
Extended64 | [url]http://www.extended64.com[/url]
Blog | [url]http://www.extended64.com/blogs/andre[/url]
[url]http://spaces.msn.com/members/adacosta[/url]



"Anthony" <Anthony@discussions.microsoft.com> wrote in message
news:03C7576C-8466-4570-BCBB-BF50B6A4F5BE@microsoft.com...

>A special default user or mode called "Bank"
> When this user logs in IE loads pointing to the users bank site.
> Vista runs only the minimum number of processes required to enable IE
> access.
> Vista prevents any non-essential processes or applications from running
> under this user/mode.
> No applications, no start menu, no shortcuts, just an IE shell pointing to
> the users bank site.
> Essentually its a pure bank terminal with a focus on security.
>
> ----------------
> This post is a suggestion for Microsoft, and Microsoft responds to the
> suggestions with the most votes. To vote for this suggestion, click the "I
> Agree" button in the message pane. If you do not see the button, follow
> this
> link to open the suggestion in the Microsoft Web-based Newsreader and then
> click "I Agree" in the message pane.
>
> [url]http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?mid=03c7576c-8466-4570-bcbb-bf50b6a4f5be&dg=microsoft.public.windows.vista.gen eral[/url]

[Pierre Szwarc]

What about people with several bank accounts? This *is* an interesting
suggestion, but its scope is too narrow, IMO.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Anthony" <Anthony@discussions.microsoft.com> a écrit dans le message de
news: [email]03C7576C-8466-4570-BCBB-BF50B6A4F5BE@microsoft.com[/email]...
|A special default user or mode called "Bank"
| When this user logs in IE loads pointing to the users bank site.
| Vista runs only the minimum number of processes required to enable IE
access.
| Vista prevents any non-essential processes or applications from running
| under this user/mode.
| No applications, no start menu, no shortcuts, just an IE shell pointing to
| the users bank site.
| Essentually its a pure bank terminal with a focus on security.

[Anthony]

Thanks, I thought I'd give a general idea rather than go into specifics.

You could have a "Bank Wizzzard", bit like email say, for setting up
different bank users(terminals).

As for IE7's phishing protection, it sounds good, but what about key loggers
and trojans. I thought by having a precisely known number of processes
running that when ever an unknown process starts Vista would know thereby
informing the user or attempting to terminate the process.

"Pierre Szwarc" wrote:

> What about people with several bank accounts? This *is* an interesting
> suggestion, but its scope is too narrow, IMO.
> --
> Pierre Szwarc
> Paris, France
> PGP key ID 0x75B5779B
> ------------------------------------------------
> Multitasking: Reading in the bathroom !
> ------------------------------------------------
>
> "Anthony" <Anthony@discussions.microsoft.com> a écrit dans le message de
> news: [email]03C7576C-8466-4570-BCBB-BF50B6A4F5BE@microsoft.com[/email]...
> |A special default user or mode called "Bank"
> | When this user logs in IE loads pointing to the users bank site.
> | Vista runs only the minimum number of processes required to enable IE
> access.
> | Vista prevents any non-essential processes or applications from running
> | under this user/mode.
> | No applications, no start menu, no shortcuts, just an IE shell pointing to
> | the users bank site.
> | Essentually its a pure bank terminal with a focus on security.
>
>
>

[Pierre Szwarc]

This is a nice concept, but malware can masquerade as known processes, for
one thing, and Windows Defender is already there to watch over the system,
for another. I think you're using a sledgehammer to crack nuts, in this
instance. Given the fact that IE already starts in "protected" mode,
starting an instance with only a specific subset of available ActiveX
controls enabled - and linked to a specific URL - should be fairly easy to
accomplish with .Net development: the "browser" control is scriptable. It
needs not be restricted to banking, you can add on-line commerce and medical
insurance sites, among others, in the project.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Anthony" <Anthony@discussions.microsoft.com> a écrit dans le message de
news: [email]022E316B-1374-4C01-8AC5-275E1C52A480@microsoft.com[/email]...
| Thanks, I thought I'd give a general idea rather than go into specifics.
|
| You could have a "Bank Wizzzard", bit like email say, for setting up
| different bank users(terminals).
|
| As for IE7's phishing protection, it sounds good, but what about key
loggers
| and trojans. I thought by having a precisely known number of processes
| running that when ever an unknown process starts Vista would know thereby
| informing the user or attempting to terminate the process.