Wed, 05 May 2010
How I Stopped Worrying About Computer Security

Only kidding ...

Generally, I'm pretty pessimistic about computer security. I think that, on the whole, it's impossible to fully "secure" a computer from local or network attacks, even for a computer professional. You can mitigate the risks but not eliminate them. I think that anyone and everyone is at risk to some degree, whatever level of knowledge and experience, and whether using Linux, OpenBSD, Windows or Mac OSX. People using Unix should not assume they are are safe.

A recent article in The Boston Globe called Please do not change your password says that security advice is not only confusing to the average computer user but that it's often a waste of time.

The "triumphirate" helps of course :

  • Running anti-virus software (or multiples of)
  • Keeping things up to date with vendor patches (OS and applications)
  • Using strong passwords

But what else? We have direct threats from links in emails, crafted PDF files, malicious web sites and web sites normally trustworthy but hacked to infect you with bad software. Taking part in the distribution of SPAM is one (bad) thing, but having your bank details and credit card information exposed via a keylogger is quite another.

And accessing your online banking account?

I'm far too paranoid to do any online banking using a Microsoft Windows based computer. Mitigate the risk somewhat and use something else ... as some people have started to mention, a Linux Live CD might be a good way to make your internet banking more secure.

Bottom-line: Don't do banking using Microsoft Windows!