Is Windows too unsafe for secure online transactions?
A growing number of technology professionals are saying that the Windows operating system is too unsafe for sensitive online transactions like banking. This is not just the same old tired refrain from Linux and Mac fanboys. These are respected professionals making a sober assessment of a rapidly growing problem. For example, Michael Horowitz, who writes about defensive computing at Computerworld, recently wrote:
Do you make online financial transactions from a Windows computer? If so, you may want to re-visit that decision.
It’s a given that almost all malicious software targets Windows. In my opinion, while it is possible to secure a Windows computer, the process is too hard, too time-consuming and/or technically over the head of most people.
Horowitz goes on to explain why he thinks some sort of portable Linux setup is the best solution. Not switching completely to Linux but using one of the Linux distros that run on a CD or a USB key for sensitive transactions. As he explains, it’s not all that complicated to browse the Internet with Firefox and portable Linux.
Yesterday, Adrian Kingsley-Hughes took up this theme in a ZDNet post:
It’s time to ditch Windows for online banking and shopping.
There, I’ve said it.
Last week, FBI Director Robert Mueller told an audience in San Francisco how he nearly fell for a bank phishing email. As a result of this Mueller now doesn’t do any banking on line.
Then Washington Post “Security Fix” columnist Brian Krebs advises businesses not to carry out online banking on Windows-based machines and to use a Linux-based LiveCD.
I’m going one step further, and suggest that no one use Windows for either banking or online shopping. Period.
So, am I saying this to be controversial? No. Am I attacking Windows or Microsoft? Am I trying to start a flame war? No.
So why am I saying this? Simply because I believe that the risk of using Windows outweighs the convenience.
Like Horowitz, he recommends using Linux on a CD.
I do a lot of various transactions on the Internet and I have to say that I am seriously considering using Ubuntu on a CD. The sophistication of the latest bank scams is alarming.
Added later: Here is the article in the Washington Post by Brian Krebs in the Kingsley-Hughes quote mentioned above. It begins:
An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud.
The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.
I do not offer this recommendation lightly (and at the end of this column you’ll find a link to another column wherein I explain an easy-to-use alternative). But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. I have heard stories worthy of a screenplay about the myriad ways cyber crooks are evading nearly every security obstacle the banks put in their way.
But regardless of the methods used by the bank or the crooks, all of the attacks shared a single, undeniable common denominator: They succeeded because the bad guys were able to plant malicious software that gave them complete control over the victim’s Windows computer.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.