Two very influential people have made public comments recently that could lead to widespread distrust of the Windows operating system for online banking.
Last week, FBI Director Robert Mueller related in a speech in San Francisco that he had received a phishing email that tried to steal his banking credentials and nearly fell for it. As a consequence, he is not doing his banking on line. (Speech text here.)
This week, Washington Post columnist Brian Krebs, who writes the “Security Fix” column and is among the most influential writers in the computer security space, wrote that businesses should simply stop doing their banking online from machines with the Windows operating system.
He wrote: “The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.”
“…regardless of the methods used by the bank or the crooks, all of the attacks shared a single, undeniable common denominator: They succeeded because the bad guys were able to plant malicious software that gave them complete control over the victim’s Windows computer,” he wrote.
“While there are multiple layers of protection that businesses and banks could put in place, the cheapest and most foolproof solution is to use a read-only, bootable operating system, such as Knoppix, or Ubuntu.”
Krebs column here.
Krebs has done a series of columns recently about small and medium-size businesses, non-profit organizations and schools losing tens of thousands of dollars to cyber thieves using banking Trojans to provide access to their bank accounts and transfer funds to money mules.
The implications of this loss of trust have been mentioned by other significant observers in the computer security world. David Kennedy, Manager of Risk Analysis at Verizon Business, wrote in his weekly intelligence summary for his company’s customers: “Reports the FBI director’s spouse refuses to allow on-line banking is a serious indictment of on-line trust and we will be tracking related reports of trust erosion, especially by high-profile individuals, groups and companies.” (Kennedy summary here.)