https://www.heise.de/ct/artikel/Sichere ... 84099.html says
Wir empfehen, c't Bankix mittels UNetbootin auf einem USB-Stick mit Schreibschutzschalter oder einer SD-Speicherkarte zu installieren – wobei es insbesondere bei SD-Karten entscheidend ist, den Schreibschutz zu überprüfen, da dessen Funktion einzig vom verwendeten Kartenleser abhängt. Alternativ können Sie das ISO-Image auf eine DVD brennen
I presume you are not bothered by that issue named in the above quote? Especially the one that you have to make sure the read-only switch on a SD-card depends on the card reader alone and is not a hardware switch that really sets the card itself into a read-only, no writing mode?
Projekt c't Bankix ist eingestellt
c't Bankix war ein von Ubuntu abgeleitetes Live-Linux-Betriebssystem, das speziell für sicheres Online-Banking konzipiert wurde. Es wurde von Mitte 2008 bis 2016 entwickelt und unterstützt, genauere Informationen zum Projektende finden Sie in den Kommentaren.
So, it is no longer maintained since mid of 2016.
I know the anti virus / virus scan CDs or DVDs ct packed with some special anti virus / virus scan magazines for some time, these they have not been able to offer without the magazine due to the restrictive licenses of some of the virus scanners provided.
But I presume there should be no such issues with bankix.
Do you know of a source where one could download the most recent bankix? At least when we have one to test, we might figure out if this system differs from Porteus when started with the cheatcode "noauto hohd".
_____________________________________________
Then again, the article states explicitly
Die wichtigste Sicherheitsfunktion ist, dass die im Rechner verbauten Festplatten (SATA, PATA) von c't Bankix aus unerreichbar sind – dazu haben wir eine spezielle Änderung in den Linux-Kernel integriert.
Of course, since Linux can only have one kernel, it is not possible for Porteus to have that patch included in the standard Porteus flavour. I presume you will understand why that cannot be.
When it comes to such issues with a specialized
Porteus Kernel Builder kernel,
especially one that has a rare patch like the mentioned (and sadly they don't go into any details in that article, but maybe the ct magasin you still have with such bankix has more details on that patch), I suggest you head over to one of neko's posts. A good start might be this one
Porteus Kernel Builder He is the resident Porteus Linux kernel guru and might be able to either direct you to the patches needed, or maybe is even willing to create such a patched Porteus Linux kernel for you. But that depends on him, I can not guarantee anything, what free time he has for such extra adventures I don't know, but usually he is helpful to all polite requests concerning Porteus special kernels.
Then again, our main developer, brokenman, is quite interested in my for now abandoned approach in creating modules for a Porteus that turns it into a security audit. See my post here:
Vulnerability scanners
having a specialized kernel with disabled reading of the harddisk would not help here, since some of these tools are for analysing the hardware and having an audit of what malware was found.
___________________________________
Anyway, when it comes to possible malware infected machines? You know of the latest trend (that is now already some years old…) in that "business", creating a virtual machine during boot time that loads prior the kernel or any other code loaded from any OS, including Linux?
The "real OS" is just running in that malware VM. When the PC you are concerned about does have such malware already installed, you will be out of luck, since this malware already controls everything on that machine, and usually no malware scanner can detect anything since the VM of the malware has complete control over what any later started software is able to see, or
not to see.