> Germany's best-selling PC magazine
c't periodically distributes "Bankix"
on their CD.
>I believe that quite a few people
actually use it.
That sounds like a great attack vector. How secure are factories where discs are pressed? Even without access to the factory you could buy a bunch of magazines and repackage them with compromised CDs.
Someone would probably notice, checking the DVD against a checksum.
Repackaging it seems to be tricky, since the paper inlay is bound in the magazine, it's not just stuck on the cover or whatever. You tear it out at a perforation, leaving part of the DVD cover inside.
There are much more exposed attack vectors on online banking users, I would think.
And you can always just download the ISO and check it against the hash (and the PGP key).
I've set up VMs for people with their credentials in the VM and nowhere else, and the host firewalled pretty restrictively such that that VM is pretty useless except for banking. I suspect compliance is high on systems like that.
