NSW Police: Don't use Windows for internet banking

[Harper]

NSW Police: Don't use Windows for internet banking - Security - Technology - News - iTnews.com.au

NSW Police: Don't use Windows for internet banking

Cybercrime expert endorses Linux, iPhone when banking online.

Consumers wanting to safely connect to their internet banking service should use Linux or the Apple iPhone, according to a detective inspector from the NSW Police, who was giving evidence on behalf of the NSW Government at the public hearing into Cybercrime today in Sydney.

Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.

The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.

"If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.

"It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.

The collection of MPs listening to van der Graaf were very enthusiastic about his suggestion but didn't understand what he meant and asked for clarification.

"You may need to explain further for us," said one MP, while another responded, "yes, we need to understand that".

In response, van der Graaf explained what 'booting a computer' means and explained that his recommended method guaranteed a "100 percent clean installation".

He further explained that the clean boot would bypass any infections on the system. "if you have an infected hard disk ... that wont be an issue," he said.

Van der Graaf also mentioned the iPhone, which he called "quite safe" for internet banking.

"Another option is the Apple iPhone. It is only capable of running one process at a time so there is really no danger from infection," he said.

Van der Graaf said he mentioned the two alternatives to Windows because he was concerned about any future law that could require internet service providers or banks to check their users had protection before allowing them to connect.

"If you had a rule where ISPs would have to check for firewalls or that sort of thing, people using this safer system would not be able to do their internet banking. People using an iPhone, which is quite safe, would then not be able to do their internet banking," he added.

The hearing continues tomorrow when vendors including Microsoft and McAfee will make their presentations.

The big problem that I see here is that most most end users have a hard enough time using thier computers in the first place, let alone trying to get them to use a linux boot CD.

The other problem that have come accross that banks seem to be making thier net banking apps compable with the populare operating systems and brousers. So if you are not using Windows or MacOs with a IE, FIrefox or Safari, you might have some problems logging in.

What some of the banks should realy be starting to promote those small random number generating tokens. Sure, might have key and mouse loggers out there. But goodluck if they can work out what string of number that is going to appare next on the token.

The other thing that the banks need to promote is to tell people to stop using the same password for every thing. Or at least not to use the same password on MSN messager as they on thier internet banking or paypal account.

 

[patonb]

My bank requires a 2nd password if the computer is saved on their system.

So, getting my pass as i type it is useless, as i don't type the 1st one in, as i've already okayed the comp.

 

[Harper]

my bank is

First Set of Questions
Member Number:
Access Code:
Enter the text exactly as it appears above :

Second Set of Question
Enter the number on that is appearing on your security token.

Even if I was stupid enough to put both my banks user name and passwords, unless you got the security token in your hands, good luck on guessing the 1 of the 1 million possible random number combinations that changes every 5 seconds.