By Michael Horowitz
October 26, 2009
In August I wrote an article here that suggested rather than doing online banking from a Windows computer, a much safer approach is to re-boot using Linux (either from a CD, USB flash drive or a memory card) and running Firefox under Linux to access banking websites. (Editor's Note: It's a lot easier to plug in a HomeATM device into the USB port and bank via that separate machine)
Now, a consensus seems to be forming behind this idea. The cons"senses" should be forming around the idea to use a separate machine for online banking. That separate machine is the HomeATM.
For months, Brian Krebs has been writing in the Washington Post about companies, municipalities and school districts that suffered large losses due to online banking fraud. The impetus for my article came from one of his first stories.
After interviewing businesses that suffered these losses, Krebs would inevitably be asked by the owners of the business about protecting themselves going forward. Addressing this in a recent column, he said:
"The simplest, most cost-effective answer I know of? Don't use Microsoft Windows when accessing your bank account online. I do not offer this recommendation lightly ... But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. I have heard stories worthy of a screenplay about the myriad ways cyber crooks are evading nearly every security obstacle the banks put in their way ... all of the attacks shared a single, undeniable common denominator: They succeeded because the bad guys were able to plant malicious software that gave them complete control over the victim's Windows computer."
The rest of the column goes on to discuss security measures taken by assorted banks and how the bad guys breached every one of them.
Antivirus and Anti spyware Software
If you think anti-virus and/or anti-spyware software will protect a Windows computer, think again. You are certainly safer running anti-malware software but you are not safe. As Randy Abrams of ESET put it recently, "There was a day that anti-virus software could protect you against almost all of the viruses in the world, but that day was significantly more than a decade ago."
Anti-malware software is only one line of defense, and it cannot be your only defense. Whether anti-malware software protects you 10 percent of the time or 90 percent of the time, everyone agrees that it cannot protect you 100 percent of the time.
In one case that Krebs wrote about, the malware that drained the bank account first infected the computer a year earlier, despite antivirus software. When I'm called on to clean up an infected computer, I always run a handful of anti-virus and anti-spyware programs. Normally, the third, fourth and fifth scans find malware that the first few products missed.
The amount of malware targeting Windows is staggering.
Just days after my previous article on online banking was published, Trend Micro reported that "... in the first six months of 2008 ... 253.4 million systems were infected with malware. The comparable volume for 2009 is almost double at 491.2 million." The same blog posting says that AV-Test.org is finding more than a million new malware samples every month. In the good old days of 2007, they had only 5,490,000 samples of malware....