"Time to ditch Windows for online banking and shopping"

Story: The Washington Post Says Thumbs-Up to Linux for BankingTotal Replies: 20
Author Content
henke54

Oct 15, 2009
8:10 AM EDT
Adrian Kingsley-Hughes :
Quoting:It’s time to ditch Windows for online banking and shopping.

There, I’ve said it.

Last week, FBI Director Robert Mueller told an audience in San Francisco how he nearly fell for a bank phishing email. As a result of this Mueller now doesn’t do any banking on line.

Then Washington Post “Security Fix” columnist Brian Krebs advises businesses not to carry out online banking on Windows-based machines and to use a Linux-based LiveCD.

I’m going one step further, and suggest that no one use Windows for either banking or online shopping. Period.
http://blogs.zdnet.com/hardware/?p=5813
gus3

Oct 15, 2009
8:45 AM EDT
Too bad he had to qualify his final point. "For either banking or online shopping" may be true enough, but the reality is "for anything on the Internet."

Also, check out his updates in the column. He responds to the M$ fanbois. Part serious, part "oh puh-LEEZ!".
Bob_Robertson

Oct 15, 2009
8:46 AM EDT
I'll go two steps further and denounce the use of Windows at all.

Sadly, a phishing scheme will work regardless of the OS, since it's the mind of the user that is tricked and not the machine.
jacog

Oct 15, 2009
9:47 AM EDT
Yarrr Bob, often the blame for things get horribly misplaced. A number of years ago a user's bank account was emptied because his/her PC had a keylogger on it. The entire focus of the blame was on the bank with who he banked, not the unsecure operating system he used.
henke54

Oct 15, 2009
1:05 PM EDT
Idea : Post an email to your 'bank-headquarter' with these washingtonpost/zdnet links and with the suggestion of ....since the 'new-year-gifts-to-customers-period' nears... ; a cheap linux(ubuntu)-banking-usb-stick or a live-CD to give to their customers as a holidays-gift..... ;-)
jdixon

Oct 15, 2009
1:48 PM EDT
> I'll go two steps further and denounce the use of Windows at all.

Yes, his first sentence would be far more true if he simply stopped after the first five words.

Use Windows solely for those legacy applications where you have to use it. Use Linux or a Mac for everything else.
montezuma

Oct 15, 2009
4:32 PM EDT
The basic point is a read only OS. Funny how there are no Windows livecds ;-)
gus3

Oct 15, 2009
4:42 PM EDT
Not in the sense of a downloadable or purchase-able LiveCD, but apparently it isn't totally outside the realm of possibility:

http://www.knoppix.net/forum/viewtopic.php?t=13008
tracyanne

Oct 15, 2009
5:25 PM EDT
I just posted the following to my bank.

Quoting:Given that the majority of security breaches occur on the user's computer (always when running Microsoft Windows), what is your comment regarding the following advice from this Washington Post technical column blogger, with respect to his suggestion that we use Linux.

http://voices.washingtonpost.com/securityfix/2009/10/avoid_w...
caitlyn

Oct 15, 2009
5:33 PM EDT
Actually, live CDs aren't all that great a solution either if you store data on your hard drive. That hard drive is still read/write, not read only. Many live CDs become outdated quickly, leaving the user with a known password (or no password), possibly running as root, with older apps with known security vulnerabilities. A live CD is no panacea though it's certainly true you can't install a keylogger to it.

Better solution: Linux, BSD, or MacOS properly secured and patched.

Oh, and it's high past time Windows was abandoned. Some people are just waking up now but it's been bad for about forever.
henke54

Oct 15, 2009
5:37 PM EDT
Australian police :
Quoting:Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.

The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.

"If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.
http://www.itnews.com.au/News/157767,nsw-police-dont-use-win...
montezuma

Oct 15, 2009
6:50 PM EDT
Good onya Bruce!
hkwint

Oct 15, 2009
8:04 PM EDT
Hmm, why does nobody mention the security of the online banking system provided by the bank?

Some of them - providing static passwords by paper post which have to be entered in the same order as shown on paper - are far more insecure than other ones - like using security tokens with one-time passwords etc.
jdixon

Oct 15, 2009
11:50 PM EDT
> The basic point is a read only OS. Funny how there are no Windows livecds ;-)

http://ubcd4win.com/

It's very useful if you're stuck working on Windows machines.
Steven_Rosenber

Oct 16, 2009
1:41 AM EDT
Of course my credit card company, Citibank, doesn't allow its Web site to be accessed from any Web browser in Linux. You have to use a Mac or PC. Bet you can guess how many times I've used that card since I figured this out.
hkwint

Oct 16, 2009
4:06 AM EDT
Well, last time I looked Citi was "almost bankrupt", so their business model is flawed anyway.
henke54

Oct 16, 2009
4:09 AM EDT
Randy Abrams Director of Technical Education from ESET : http://www.eset.com/threat-center/blog/2009/10/14/windows-on...

ESET,... isn't that a firm which makes antivirus-software for windoze??????.....hmmmmm

Also...Michael Horowitz said :
Quoting:In my opinion, people should not conduct online banking from Windows machines. As I've written elsewhere, I feel the safest approach is booting to Linux to run Firefox.
http://blogs.computerworld.com/14882/being_alert_about_onlin...
bigg

Oct 16, 2009
6:04 AM EDT
@Steven: All you have to do is adjust user agent switcher to identify as Internet Explorer. It's shocking that they would try to enforce a strict policy of, "Only the world's least secure browser" but it's only on the login page. All credit card companies make Microsoft look like a gift from heaven, so I won't single out Citi for hatred.
herzeleid

Oct 16, 2009
3:41 PM EDT
Quoting:All credit card companies make Microsoft look like a gift from heaven, so I won't single out Citi for hatred.
I would. Seriously, I've been banking online for years with a number of organizations and I've always used linux. Currently using firefox for credit union transactions, and for credit card payments and such.
hkwint

Oct 16, 2009
4:01 PM EDT
Quoting:It's shocking that they would try to enforce a strict policy of, "Only the world's least secure browser"


Believe me, I encountered this in real life and I was told they did it because the browser I used (FF) was not as secure as IE. This was in the IE6 days. Needless to say that was also the bank with the least safe method of internet banking (consecutive TAN-codes needed to transfer money, TAN-codes sent by regular postal mail). I was glad when I didn't need to 'maintain' that account anymore.
caitlyn

Oct 21, 2009
1:44 AM EDT
FWIW, the recent security articles have finally convinced my Mom, who has used Linux successfully before, to go to Linux pretty much full time. I'll be doing a fresh install on her laptop come Thanksgiving holiday when I visit her.

It was also helpful that I could reassure her that the software her university uses does have a Linux client or else is web based and will work just fine. At 71 she's semi-unretired again and teaching two classes at the University this semester. She enjoys teaching so more power to her :)

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!