As if Microsoft wasn't getting hammered enough in technology circles over security flaws in Windows, now comes this article from The Washington Post saying small and midsize businesses should not use Windows for online banking.Specifically, the writer noted that all the victims of the recent rash of cyber thefts directed at banks' commercial customers (and local governments) used Windows machines. To prevent such crimes, the author was quite blunt in his assessment:
"The simplest, most cost-effective answer I know of? Don't use Microsoft Windows when accessing your bank account online."
The reason is that Windows is just too vulnerable to malware attacks that will let thieves take over businesses' online banking accounts. The malicious software is outsmarting most of the major security measures banks take, such as dual-factor authentication. Yes, they're even able to circumvent hardware-based security tokens, according to the report.
In the end, the writer suggested businesses access their online banking via Live CDs running a Linux-based operating system on a stand-alone computer that does not have web access.
Or, they can all just switch to Macs! However, the writer offered the Live CD as a less expensive alternative to buying pricey Apple computers. Of course, and this is just my opinion, the more popular Macs become, the more tempting targets they'll be for cyber thieves. I know the Mac OS is built on a Unix-type kernel which makes it very unlikely that malware can be built for Macs. I find some solace in that. However, one of the speakers at the BS&T Executive Summit last week said that cyber criminal gangs are becoming so sophisticated now that they're outsourcing their malware development to India. That speaker was Heartland Payment Systems' CTO Kris Herrin.
Based on all the conversations I've had with bankers, analysts and vendors, I think in the world of computer security, one should never say never.