Comments on: Should you swap out Windows for better security?

By: Pete

Pete — Fri, 16 Oct 2009 16:55:32 +0000

@Kurt -

Thanks for pointing out my mistake – I agree that the live CD option isn’t bad and have updated my post accordingly.

Pete

By: kurt wismer

kurt wismer — Fri, 16 Oct 2009 16:10:47 +0000

sorry to rain on everyone’s parade, but this is a strawman.

krebs’ advice was not to switch to linux. krebs’ advice was to boot from a livecd when you wanted to do your online banking.

there’s virtually no training involved because browsers operate the same in that environment as they do on windows (the biggest change is that the OS’s GUI will look slightly different, but that’s only an issue up until you launch the browser).

there’s no concomitant shift to attacks against the new platform because it’s on read-only memory and cannot be persistently compromised. and if it’s used only for online banking the chances of a non-persistent compromise prior to entering your credentials are next to nothing (the banking website itself would have to be serving malware in order for you to get compromised).

phishing is a red-herring since no technological measure has any effect against a purely social engineering based attack. that said, technologically assisted phishing (being directed to a false banking page that loads credential stealing malware) is largely foiled AND if you ONLY do your online banking through the livecd it becomes very difficult follow banking related phishing links because the contents of your clipboard don’t survive a reboot.

By: Pete

Pete — Fri, 16 Oct 2009 15:01:46 +0000

@Peter -

I had a different experience with Vista, but more importantly are the Office apps. I do agree that Macs are viable alternatives, at least for smaller companies, but I suspect that they are not “cost effective”. I think people have a tendency to oversimplify costs and worry about the long-term viability of a switch like that described.

Perhaps even more importantly – I am not convinced it is a particularly effective strategy.

Thanks for the note about the design – I am still working on some details so look for more changes.

By: Pete

Pete — Fri, 16 Oct 2009 14:48:24 +0000

@Steve -

Well said.

Pete

By: peter

peter — Fri, 16 Oct 2009 14:47:58 +0000

I’m not sure of I can agree.. A few months ago I switched to a Mac and what a difference. This week I had a Windows Vista experience. I know my way around in various OS, but when you make the user experience that frustrating and the time needed to start things up so time consuming it will also negatively impact the willingness of users to invest time in security.

By the way..I like the new design, big improvement.

By: Steve P.

Steve P. — Fri, 16 Oct 2009 13:49:38 +0000

I’m personally a big Linux fan and use it personally, but would have a hard time recommending an organization of any size switch at the moment.
1) Active Directory is the crown jewel of MS at the moment in my opinion. Group policy is much more powerful then anything we have on the Unix side, and it’s well known by admins.
Which brings us to:
2)Your admins probably know Windows better. If not, you’re probably already using *nix, and don’t need my recommendation in the first place. You can secure what you know and have experience with better then some new system you’ve never seen. Yes, under administrated home or small business windows is crap, and in those situations Linux might in fact be better. The enterprise is a whole different kettle of fish. In defense of the original article, it seems targeted at the small enterprise set.

So, to the article, if you want to fire up and alternative browser just for banking, go for it. If *you* want to run Linux, either as a live-cd (which is all the original article recommends) or as your main OS, go for it, but it’s probably not the time to be recommending that enterprises mass migrate to Linux desktops.

For someone else’s ranting on the topic, see http://risky.biz/news_and_opinion/metlstorm/2009-04-02/i-heart-windows