An article today in ITNews caught my attention. It suggests that one of the states leading Cybercrime experts thinks that the best way to do Internet banking is to use iPhones or Linux and to avoid windows at all costs. On face value this is a great concern to me as he’s not actually educating, but more he’s scaring people.
He suggests that booting of a Linux disk will be safer because “it only runs in memory”… that’s not to actually say though that if a user was to get infected and THEN access their bank that they would be safe. He’s giving people a false sense of security when in fact it could be worse because their Linux version might be unpatched and therefore open to compromise. Now I’ll admit that I’m not a Linux expert at all – I’ve in fact never installed it. However in general terms surely the same rules would apply being that if you became infected whilst surfing and then went to a secure site, it would still be possible for the bad guys to compromise your security.
I heard it said at a conference over the weekend in Las Vegas that using Linux was a great security measure as it was “not attacked” by the bad guys. Again this is false security as it also means that any vulnerability is less likely to be known to your average user and therefore put them at MORE risk than if they ran something like Windows.
I’m not for a moment saying that Windows is invulnerable to infection or attack – every operating system has holes, it’s a matter of how we are told about them and how quickly they are patched for the average user that matters.
What do you think? Am I totally wrong?