|Home » Industry Watch » The Technological
Using Windows for a Day Cost Mac User $100,000
Addicts or astroturfers?
No question about it: Brian Krebs is a great security blogger. He's been at it ever since his first network got hacked some eight years ago. He goes underground to see what the Russian Business Network is up to. He continually gets reports on hacked Windows networks, plundered bank accounts. Brian's the worst possible PR nightmare for Microsoft.
His 'fans' - those who frequent his site - are another story. There are recurring rumours Microsoft are 'astroturfing' in the comments sections much like they've been exposed for doing at other sites (such as LinuxWorld). And there's an obvious lack of IT credentials with most of the participants.
Brian published a new report in the wake of the Google Bomb (and so far has not commented on the bomb itself). A report on one David Green who normally managed his company's banking from his secure Mac at work - but on a single occasion used his wife's Windows PC from home.
That blunder cost David Green's company $98,000. And coming in the wake of Google's silent Microship Down, it was devastating.
Brian's advice all along has been to use a live CD for banking. No matter what operating system one normally runs. And preferably a Linux or Ubuntu live CD. Either that or get a Mac.
Just today the chairman and vice chairman of Sweden's Pirate Party met with Sweden's crown princess and the rest of the royal family and gave the princess and her fiancé each their own USB thumb with Ubuntu's live CD and a VPN tunnel preinstalled.
Sweden's king was very envious of the couple. Several officials made sure Rick Falkvinge understood they wanted him to help them learn to use those cool devices.
Live CDs are not exactly alien culture. The live CD is an overnight cure for everything ailing corporate banking today. Why then do the minions at Krebs on Security mod the man himself down when he reminds them of it?
This is what heroin or nicotine addiction must be like: you attack everything but the problem itself. And this has been going on ever since Brian left WaPo on 1 January. But today, in the wake of the sensational FT.com story, it's worse than ever. And possibly may have reached heights heretofore unimaginable. Here's a selection of the best of the best.
A mac machine is just as likely to have a keylogger as anything.
Thank you for lobbing that conversational hand grenade. I'd take strong exception to your blanket statement that Macs are just as likely to get a keylogger as anything. ALL of the victims I've interviewed (>100) were Windows users. Seeing a pattern here?
- Brian Krebs (modded down 14/fourteen times)
Brian, have you analyzed how many of the 100+ were the wife's machine? Perhaps wives are to blame.
Put down your fanboy flags for a moment and try to put yourselves in the shoes of a small business owner that just saw a year's worth of earnings walk out the door because of a single trojan infection.
- Brian Krebs (modded down 9/nine times)
what are you going to suggest in 5 years when everyone is a Mac user and the same cyberthugs are cranking out maleware that exclusively targets and exploits Mac's? [sic]
I'll probably still be suggesting what I have been blaring for the past year: that business owners should bank on a LiveCD.
- Brian Krebs (modded down 3/three times)
OSX, Windows, Linux, etc all allow for discretion to the end-user. They are all equally (in)secure. To say one is more secure than the other is misguided.
What is required is a separate trusted PATH to the user, either a hardware dongle which can authenticate TRANSACTIONS...
I completely agree, that in this case, the user went to a different machine, with different controls and expected the same security. Sorry, that's a User Failure.
Better yet, let's focus on Out Of Band Authentication or some other method to digitally 'countersign' or confirm these type transactions.
Telling people to use OS X instead of Windows is a bit like saying if you drive intoxicated at 90mph and swerve in and out of traffic better do it in an Mercedes because your chances of survival will be better. That may be true but the real problem/solution isn't the model of car.
Focusing on which operating system is a security distraction.
Oh joy. We can agree that a Live CD is the solution? Wonderful.
- Brian Krebs (modded down 7/seven times)
Google, a company with 10,000 employees around the world, is officially ditching Windows. This has to be seen as pretty tangible proof that Google, as a company, does not trust Windows to be secure in any way, shape or form. They do trust Linux and Apple, and their spokesperson in this case is willing to say so explicitly.
Windows is, let's be 100% frank here, swiss cheese. The average new Windows PC has about as much built-in rock-solid security as a mosquito net.
Yes this guy should have known better, but the fact that, really, any Windows machine that he himself had never set up should always be perceived as so insecure that anything he did with it is monitored and recorded by criminals, is a pretty strong statement that Windows effectively is not secure, full stop.
(modded down 7/seven times)
In terms of one having a larger market share Windows is associated with greater risk, but in terms of their technical merits there probably isn't much difference.