Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"But apparently the security is NOT only based on HTTPS but on built-in encryption: "...every ..."
on Google Wave secured with 'crypto fairy dust'
by Janet | Oct 17, 2009 7:31 AM
 
"I bet them mothers had a lot of money. I have always wanted to be a hacker, but I'm not good ..."
on Underground hacker forum taken offline
by Murray Rebel | Oct 17, 2009 4:54 AM
 
"OMG, I bought the new Snow Leopard planning to install it on my MacBookPro, to replace 10.4. ..."
on Snow Leopard users complain about deletion of files
by Deborah Tudor | Oct 17, 2009 1:30 AM
 
"NOcomment"
on Ads on Facebook serving up adware
by deepak prasad bhandari | Oct 16, 2009 8:14 PM
 
"Hi , I live in China My Hotmail and Yahoo And my bank account in same password . befor a ..."
on Thousands of Hotmail passwords leaked to the web
by sam | Oct 16, 2009 2:57 PM
E-Commerce Security

NSW Police: Don't use Windows for internet banking

  • Email a Friend
  • Print Page
NSW Police: Don't use Windows for internet banking
Related Articles
By Munir Kotadia
Oct 9, 2009 7:57 AM | 20 Comments
Tags: internet | banking | security | Windows | Linux | Apple | iPhone | Puppylinux | clean | boot
Cybercrime expert endorses Linux, iPhone when banking online.

Consumers wanting to safely connect to their internet banking service should use Linux or the Apple iPhone, according to a detective inspector from the NSW Police, who was giving evidence on behalf of the NSW Government at the public hearing into Cybercrime today in Sydney.

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.

The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.

"If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.

"It gives you an operating system which is perfectly clean and  operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.

The collection of MPs listening to van der Graaf were very enthusiastic about his suggestion but didn't understand what he meant and asked for clarification.

"You may need to explain further for us," said one MP, while another responded, "yes, we need to understand that".

In response, van der Graaf explained what 'booting a computer' means and explained that his recommended method guaranteed a "100 percent clean installation".

He further explained that the clean boot would bypass any infections on the system. "if you have an infected hard disk ... that wont be an issue," he said.

Van der Graaf also mentioned the iPhone, which he called "quite safe" for internet banking.

"Another option is the Apple iPhone. It is only capable of running one process at a time so there is really no danger from infection," he said.

Van der Graaf said he mentioned the two alternatives to Windows because he was concerned about any future law that could require internet service providers or banks to check their users had protection before allowing them to connect.

"If you had a rule where ISPs would have to check for firewalls or that sort of thing, people using this safer system would not be able to do their internet banking. People using an iPhone, which is quite safe, would then not be able to do their internet banking," he added.

The hearing continues tomorrow when vendors including Microsoft and McAfee will make their presentations.

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 20
12 | Next »
Unfortunately, it's this sort of headline-catching soundbite that causes ordinary users to be scared about using the internet rather than teaching them basic computer security advice. Ignoring the fact that the iPhone CAN run more than one process at once (in fact, in the related articles section at the top of the page, there's a link to an article entitled: Apple plugs remote-code execution flaws in iPhone), Windows is perfectly safe to use for internet banking; at least, if running a current anti-malware package and the latest security patches. The sort of person that is capable of creating a USB-bootable linux install is the sort of person that would ensure their computer was running an anti-malware package and the latest security patches. Insp Van ger Graaf's statements really don't inspire much confidence in the NSW computer crime unit, if this is the level of understanding of information security typical of their staff.
SC Magazine - comments icon Posted by Dan HalfordOct 9, 2009 2:51 PM
I believe the security recommendations presented by this speaker is based on his technical ignorance and personal bias. Additionally I don’t feel he can predict future laws that require ISPs to validate the clients’ security environment. The validation would require a breach of security. Finally, if his audience needs an explanation on what booting up a system means, I suspect they are not technical enough to challenge his techno babble.
SC Magazine - comments icon Posted by BillOct 9, 2009 3:07 PM
If they're not technical enough to challenge his techno babble, then they're certainly not technical enough to pass laws mandating specific security technologies for internet banking!
SC Magazine - comments icon Posted by BernOct 11, 2009 2:16 PM
Even though the recommended solution is rather impractical for most users, the man has a point: according to the most recent estimate, almost 60% of all Windows computers worldwide is infected with malware -- a fact that I can testify to from personal experience with lots of (now former) Windows users. Especially click-happy kids and adolescents are pron(e) to infection. Antivirus by nature is always running behind the facts, so even though it helps, it's by no means a guarantee for a clean box (not to mention the fact that a lot of malware silently disables anti-malware software).
SC Magazine - comments icon Posted by RichardOct 12, 2009 1:27 AM
The main problem is getting you Windows people to accept what the truth is.
SC Magazine - comments icon Posted by JimOct 12, 2009 1:43 AM
"If they're not technical enough to challenge his techno babble, then they're certainly not technical enough to pass laws mandating specific security technologies for internet banking! " Unfotunately, that hasn't stopped them making similar laws in other industries.
SC Magazine - comments icon Posted by HaroldOct 12, 2009 1:45 AM
Detective Inspector Bruce van der Graaf should be commended for telling the truth, even though he must know that a certain large computer software company will be after his head on a platter. For internet banking the LiveCD idea is a simple practical measure that any user can take. You don't even need to burn a cd yourself. Canonical will post a cd to you free of charge: https://shipit.ubuntu.com/
SC Magazine - comments icon Posted by SilverWaveOct 12, 2009 2:47 AM
@Bill If a person who understands what he is talking about with internet security cannot "predict future laws that require ISPs to validate the clients’ security environment", how can the people that are unable to understand him then create such laws? Why do you think the MPs are listening to experts in a 'hearing'? And if you think this validation is a security breach, go read about web browser user agent strings on Wikipedia! @Dan Ordinary Windows users should be scared of using the internet for online banking - there's a 50% chance that there is something on their computer watching them. That way they might do it more securely. As an analogy, would the reason you lock your house happen to be fear?
SC Magazine - comments icon Posted by BuggyOct 12, 2009 2:53 AM
@ Dan Halford: Excuse me, but you seem not to know what a Linux bootup disc is. It is a CD. You download a CD image and burn it to a CD. This CD is then bootable, without needing a USB stick or internal hard disk. So all you need to do is: 1) Download 2) Burn to CD 3) Put the CD in the CD drive and restart your computer. I definitely have no idea which part of this procedure would be so complicated that an ordinary computer user can't perform it.
SC Magazine - comments icon Posted by Gustl BurgerOct 12, 2009 3:19 AM
Dont focus on the windows thing. Focus on the "Live CD" thing. Thats a fantastic idea and it really doesnt matter the OS on the live system. If theres such a thing as a windows live cd, that'll work too. The iphone idea isnt so great though, because iphones are very easy to steal, cookies and all.
SC Magazine - comments icon Posted by shayne.Oct 12, 2009 4:07 AM
12 | Next »
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Breaches & Exposures Whitepapers
 
Popular Tags
antivirus apple banking boot clean data flaw internet iphone leopard linux malware microsoft puppylinux security software trojan update virus windows