Safe to Bank online with ppc (leopard 10.5.8)

Discussion in 'PowerPC Macs' started by tom vilsack, May 5, 2015.

  1. tom vilsack macrumors 68000

    tom vilsack

    Joined:
    Nov 20, 2010
    Location:
    ladner cdn
    #1
    Was wondering if it's safe to Bank online using a ppc with leopard 10.5.8 (all updates) and using stock safari browser?

    Would only use safari for banking and no other web browsing and computer would also just be used for this purpose.

    Any suggestion's? (perhaps remove flash ect)
     
  2. ptdebate macrumors 6502

    ptdebate

    Joined:
    Jul 3, 2014
    Location:
    Dallas, Texas
    #2
    Just out of curiosity--is there any particular reason you'd be sticking with stock Safari rather than Webkit or TFF?
     
  3. Hrududu macrumors 68020

    Hrududu

    Joined:
    Jul 25, 2008
    Location:
    Central US
    #3
    I'll be interested in how people respond to this thread. I do some banking online using PowerPC occasionally myself and have wondered if there is any real danger in doing so.
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    Stock Safari is very insecure and a poor choice for any SSL site.
     
  5. jbarley macrumors 68030

    jbarley

    Joined:
    Jul 1, 2006
    Location:
    Vancouver Island
    #5
    I can't say for sure, but I would imagine that TFF which is reputed to being kept up to date would be a better choice.
    Please someone correct me if my supposition is incorrect.
     
  6. bunnspecial macrumors 603

    bunnspecial

    Joined:
    May 3, 2014
    Location:
    Kentucky
    #6
    I would feel safe(and do feel safe) using TFF for online banking and any other "secure" stuff.

    I use Webkit for general browsing. It's more up to date than stock Safari, but I still don't feel safe using it for secure stuff.

    So-the short answer-use TFF if you must.

    In all honesty, most of the time for online banking, Paypal, and the like I use an Intel laptop running 10.9 or(grudgingly) 10.10, or even my iPhone. I feel perfectly safe in TFF, but can never remember my bank password :) and I can't get TFF to store it.
     
  7. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #7
    I use both Safari and T4Fx.

    It's not that I don't care about security, but I bank with the same very specific websites monthly and while I won't pretend that I'm smart enough to spot a scam site when I see one, I very rarely make purchases directly outside my own personal orbit.

    The fact that all of my Macs (with some exceptions) happen to be on Leopard is circumstantial.

    It's never overly concerned me.
     
  8. tevion5 macrumors 68000

    tevion5

    Joined:
    Jul 12, 2011
    Location:
    Ireland
    #8
    Not in Yosemite I hope!
     
  9. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #9
    It still has some flaws, but not as nearly as bad as that in its PowerPC counterparts.
     
  10. bunnspecial macrumors 603

    bunnspecial

    Joined:
    May 3, 2014
    Location:
    Kentucky
    #10
    Intell,

    What do you suggest as the most secure browser in general?

    I've been using Firefox almost exclusively for at least ten years-back when I was still a Windows user. When I transitioned to Macs, I continued using it, although obviously on PPC Macs I now use Webkit or TFF. All of my Intel Macs are running the most current version of Firefox.
     
  11. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #11
    They all have weaknesses. It's much too difficult to simply state which is the most secure when none of them ultimately insecure to begin with. But if I had to choose one, it would be one that is extremely simple where all it does is basic HTML rendering and nothing else. Such browsers are no longer functional on the modern internet, but that is the price one would pay to have the most secure browser.
     
  12. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #12
    The encryption standards used by such browsers are also severely outdated.
     
  13. tom vilsack thread starter macrumors 68000

    tom vilsack

    Joined:
    Nov 20, 2010
    Location:
    ladner cdn
    #13
    Just was wondering about a clean install with no third party software.

    With both TFF and Webkit,how are we to know that some rouge key tracing code isn't written in? How can we be assured of the security of either of these browsers? In the Intel world people can rest assured that major companies like Firefox and Google are securing there browsers. What assurance do we really get with TFF and Webkit? (another reason i asked about using just stock safari)

    Right now I bank online using a window's laptop and legit windows 7. Was thinking if I could use one of my PowerBook G4's to online bank,I could rid myself completely of my last pc.

    ps: I guess I could always run a ppc version of linux on one of my pb.
     
  14. Beavix macrumors 6502a

    Beavix

    Joined:
    Dec 1, 2010
    Location:
    Romania
    #14
    Safari on Leopard by itself is still safe enough for online banking. Just don't install 3rd party software/plugins/extensions which may hijack your data.
     
  15. ptdebate macrumors 6502

    ptdebate

    Joined:
    Jul 3, 2014
    Location:
    Dallas, Texas
    #15
    I feel like PPC machines are pretty secure for web browsing due to the fact that modern malware and viruses are incompatible with the architecture, but I could be totally wrong.
     
  16. 556fmjoe macrumors 65816

    556fmjoe

    Joined:
    Apr 19, 2014
    #16
    TFF would include the same security patches that its equivalent Firefox version does. As far as browser security, that might be your best bet on a PPC aside from Lynx, which is probably much more secure than any full featured browser despite having some insecure code in it.

    However, there are still problems. Leopard doesn't have a very good version of ASLR as it was Apple's first real attempt. Not all memory addresses are randomized. Some libraries, such as the loader will still load at a fixed address. Also, due to prebinding, libraries are randomized once upon prebinding and that's it until the library is upgraded, allowing an attacker time to guess where in RAM it is loaded. ASLR is still much better than no ASLR, so Leopard is more secure in that sense than any OS X before it, but its design in Leopard means a buffer overflow is much more exploitable on than on more modern OS X versions or other operating systems.

    Then you have the problem of many unpatched vulnerabilities from years of abandonment by Apple. Using a 3rd party browser like TFF at least gets you updates to your browser, but Safari would be full of holes. If you're going to bank using OS X, I would make a separate, unprivileged user just for that purpose and prevent that user from seeing any other directory than his own. This doesn't stop you from being exploited; it just helps contain the damage should it happen (and may not even do that depending on the attack).
     
  17. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #17
    TenFourFox and Leopard WebKit are some what opensource. They are both based off of open source code and have published changesets. One of the key natures of open source code is that developers all audit each others code and fix problems where they arise. This isn't always the case, rarely a large flaw will be missed for months or years at a time, most notably the heartbleed flaw in OpenSSL.
     
  18. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #18
    It is a fallacy to think you are safe using what you use now.

    No one is ever truly safe. There is no 100% secure browser.

    Is what you use more secure than PowerPC ad Safari or TenFourFox. Yes. But, 100% foolproof? No.

    People get wrapped around an axle on this. I get it. It's your money and you don't want to be robbed. But the best you can do is take measured precautions.

    If the lack of security on the PowerPC platform is that much of a concern, then stick with what you have. TenFourFox is a good browser security wise, but the OS it runs on will never receive another security update and T4Fx itself is just as vulnerable as Mozilla Firefox because it uses much of the same code.
     
  19. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #19
    It's been shown by Cameron Kaiser, the creator of TenFourFox, that malicious code can be run through the browser on PowerPC Macs.

    The proof that he showed was for malicious code written in Java, which T4Fx and every other browser can run. The payload of that particular malicious code was written for Intel Macs however so would not run on PowerPC. But the actual delivery did execute on PowerPC because it was written in Java.

    So, the danger is indeed there. But you are correct in that a big part of our security is our dwindling market share.
     
  20. Cory5412 macrumors member

    Joined:
    May 14, 2004
    Location:
    Arizona
    #20
    I would personally say that your Windows 7 computer is a better and safer Internet citizen in general than your old PowerPC Mac, still running 10.4 or 10.8.

    The danger with old, unpatched systems is rarely in somebody hacking in and getting your data. The danger is with somebody hacking in and using your resources for their particular nefarious purposes, which usually involve sending spam or phishing message. These days, there are automated tools that can break into Linux and BSD systems. Given that Mac OS X is "just" a BSD system with a special display layer and windowing manager, it's not too crazy to believe that a Mac could be susceptible to these kinds of tools.

    In addition, not only is it possible to execute malicious code on a Mac through Java or Flash (which you should try to avoid on Windows and on modern Macs as well) but it's possible to get malware onto a Mac by having a program just literally ask for permission. Most of this malware targets pretty new versions of Mac OS X, but there's no reason it couldn't target 10.6, 10.5, or 10.4. (This isn't just a "PowerPC" issue -- 10.5, 10.6, and 10.7 on Intel-based Macs are also insecure at this point.)

    And, none of that talks to what everybody else in this thread did, which is that the built-in, "period" browsers for Mac OS X 10.4 and 10.5 on PowerPC are woefully deficient by today's encryption standards, so if you're say, using a PowerBook in your local Starbucks (which is probably possible, Apple has built good batteries for a really long time) it's possible that somebody will sniff your wifi traffic and capture the login sequence with your financial institution (or your school or work or whatever.)

    There's stuff you can do even on old PPC Macs to mitigate part of that risk a little bit (such as using a VPN service or tunneling all of your web traffic over an SSH connection to your home system) but at that point you'd almost be doing as well to just run Firefox on X11 over SSH instead of running anything on your local Mac at all.

    Other things to consider, just as general notes: Mac OS X has had IPv6 included and enabled by default for a really long time, and by default (to this day) the firewall is not enabled for IPv4 or IPv6 by default, so that will be a thing you'd want to look at.

    For web browsing, using TenFourFox will help with the encryption cipher thing, but if your system's compromised somehow, all bets are off, and for as often as new vulnerabilities that affect Linux and UNIX these days show up, it's probably just best not to connect a PPC Mac running OS X to the Internet at all.

    If you only want to have PPC Mac hardware, and your mail goal is to be able to securely use the Internet, your best bet is to put something like a current Linux or BSD on it. There's malware for those systems, but since they're still actively being patched, that problem is likely to be fixed sooner rather than later. (or, you know, "at all.")
     
  21. MrPilot macrumors 6502

    Joined:
    Apr 30, 2013
    #21
    banks usually don't try to infect clients with viruses. I'm guessing very few does that. :p:p Porn sites and other shady sites? sure, I'd think so, but banks?

    You should be ok. Also here in Sweden we have signature codes which are generated by a tiny external device.(like a calculator) So you can't do anything banking wise without that generator. My wells fargo US account isn't like that though... safety depends on the country/bank.

    I personally don't care what device I use...
     
  22. bunnspecial macrumors 603

    bunnspecial

    Joined:
    May 3, 2014
    Location:
    Kentucky
    #22
    I had one of those for Paypal for a while. If I remember correctly, I had to push a button on it every time I logged onto Paypal and enter the 4 digit number it generated. The numbers had a finite lifetime-I think about 30 seconds-as their random number generator was synced with the one Paypal had for my account. I know that the first time I set it up, I had to enter about 5 separate codes in series to get everything synced correctly.

    Mine was on my keychain, and unfortunately met an untimely death when my keys went through the washing machine. For a while after that, I had to enter my mother's maiden name and the last four digits of my SSN every time I logged in, although I finally managed to get it turned off. I'm not sure if Paypal even offers them anymore.
     
  23. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #23
    Wow. Something I've never heard of.

    I linked Paypal to my bank account some time in early 2002-2003. I've never had to do anything as you've described. That's nuts!
     
  24. MrPilot macrumors 6502

    Joined:
    Apr 30, 2013
    #24
    it's a hassle.... but rather safe! :cool:

    [​IMG]
     
  25. iModFrenzy macrumors 6502a

    iModFrenzy

    Joined:
    Jan 15, 2015
    Location:
    Lead The Way!
    #25
    I prefer stock Safari, TFF is very slow on my 1.25ghz PowerBook G4
     

Share This Page