The 2 concepts above should never be spoken ( let alone used ) together considering the poor security track record of all Windows operating systems but somehow people still ‘trust’ the venerable OS to do their daily banking, paying of accounts and transferring of monies.
So the question is why? I can only think of 2 reasons:
1. people don’t ( or don’t want to ) understand the threat to their financial systems and are oblivious to the many threats to their Windows platform despite the continued issues they face on a daily basis
2. people think that if anything were to occur with their on-line banking systems, they would be covered by some miracle banking refund
In the first case, wake up and smell the roses! Windows is flawed and always has been from a security point of view. You can not trust it to do your banking, full stop! There are so many types of threats vying for space on your machine, from malware to spy-ware to phishing and pharming attacks, keyboard loggers, drive by downloads and social engineering tricks. If you know a stove plate is hot, you’re not going to touch it on purpose. Yet many, even knowing ( or sometimes oblivious to ) the dangers to their desktop OS, still proceed with on-line banking using Windows.
Now I’m not saying that Windows can’t be made relatively secure, it can – however it takes an experienced person to do so and a lot of time. Most Windows users out there do not have the time or knowledge to do so. However if you are still interested, here are some steps you could take:
- Install and maintain one or two anti-malware programs that run constantly in the background
- Periodically scann with a few other anti-malware programs
- Be sceptical of all email attachments and don’t trust the FROM address of an email message when deciding whether to trust an attachment
- Consider opening email attachments with alternative applications rather than the more mainstream software that is a larger target. For example, use Open Office rather than Microsoft Office or the Foxit PDF Reader rather than the Adobe Reader, use Mozilla Thunderbird instead of MS Outlook
- Periodically run the Secunia on-line scanner to insure that you are up to date on bug fixes to Windows and the most popular software
- Turn off autorun
- Windows XP users should use DropMyRights to defend against drive by downloads
- All Windows users should consider using Sandboxie for defending against drive-by downloads
Wow, quite a mouthful.
For point no. 2, you better think again, because the terms and conditions of most banks’ on-line banking systems are clearly orientated to defer as much responsibility as possible in the event of an issue. Unless you’ve got very clear proof that the bank was at fault, you are likely to be on the losing end in a battle with your bank. Most banks indicate that you are responsible for the security of whatever system you use to access their service. And that means there is very little you can do, if your machine was infected with some sort of security problem that has caused a loss of money for you.
But Robby, you can’t just sit there and tell us we have a problem – give us a solution! Yes of course, here are two simple ones:
- Switch to Linux or MacOS X as your desktop OS – this may seem a big adjustment ( and I won’t understate the effort to do this ) however it’s definitely worth your banking security, and to boot you’ll get a more reliable desktop. These 2 OS’s are not security foolproof however they are an order of magnitude better than Windows and don’t have to deal with all the Windows malicious security issues out there
- If switching OS seems a bit of a mountain to climb, why not use a live CD or USB stick to boot your machine when you need secure access to the internet. There are a number of CD and USB-based Linux distributions that are compact and quick to boot, giving you a simple and secure environment within which you can go about your banking business
On November 28th, Randall Stross described in the NY Times, a user’s story of money loss due to internet banking, then wrote “I’m not convinced, however, that online banking carries the high risk that Mr. Mueller implies. I know that as ordinary computer users, we are offered unlimited bait from phishers. But I’m not particularly worried: I’m not on the hook for losses from fraud—my bank is.”
Now this is someone who is certainly not a computer professional ( describes himself as an ordinary computer user ), and who has the eye of millions of people in the US giving out advice along the lines of: Don’t Worry – the banks will protect you!
Are you really prepared to take the risk? After those same banks have brought the world economy to a halt over the last 2 years. Those same banks who only have their own interests at heart. And those same banks who won’t ( and to be fair shouldn’t ) accept responsibility for the inherent security issues in the Windows platform.
I haven’t used a Windows platform to do internet banking in the last 3 years. And I feel fairly confident that I’m not about to be hacked and have my identity stolen along with all my money. Are you?