Brian Krebs at Security Fix does excellent research into breaches, but I cringed when I saw his advice to “business owners” about how to protect themselves from cybercriminals:
“The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.”
In my opinion, this is horrible advice, especially to small and midsized businesses. Here are some reasons why:
- “Don’t use Windows” is a half-hearted recommendation to begin with. Because it is oriented around the threat, any significant movement to follow the advice would increase the threat to the new platform in kind. So the only way for this advice to work is if nobody follows it.
- This move is unlikely to protect against the omnipresent phishing threats that are out there. While Brian asserts that his research shows mostly host-based rootkits/malware as culprits, there are a number of other ways to compromise an account and most business owners will not recognize this difference.
- While a move from Windows to Linux will save licensing fees, it is highly unlikely to save money in the long run. The total cost of ownership is much higher when you factor in support, training, cost of labor, etc.
So now the question is, what should you do? Aside from being a skeptical Web surfer, the biggest bang for your buck will come from taking away local administrator capabilities. Sure, there are ways around this, but this alone will solve 80% of the rootkit problem. there are a number of budding host intrusion prevention solutions out there that can address this problem well, too.
Update: In the comments, Kurt rightly pointed out that I did not read Brian’s full posting carefully enough (or jumped to conclusions). Another pertinent paragraph:
“Also known as “Live CDs,” these are generally free, Linux-based operating systems that one can download and burn to a CD-Rom. The beauty of Live CD distributions is that they can be used to turn a Windows-based PC temporarily into a Linux computer, as Live CDs allow the user to boot into a Linux operating system without installing anything to the hard drive. Programs on a LiveCD are loaded into system memory, and any changes – such as browsing history or other activity — are compeltely wiped away after the machine is shut down. To return to Windows, simply remove the Live CD from the drive and reboot.”
This advice is much more reasonable than I first thought, assuming that the banking application/site still works in read-only mode. There are other solutions that run virtual machines and isolation programs that may be as useful with less hassle, but this certainly isn’t “horrible” as I originally thought.