Using Windows for a Day Cost Mac User $100,000 (and it's not related to anything else totally)
-
Using Windows for a Day Cost Mac User $100,000
David Green normally only accessed his company's online bank account from his trusty Mac laptop. Then one day this April while he was home sick, Green found himself needing to authorize a transfer of money out of his firm's account.…
In short: guys owns company, normally uses a secured work Mac to access his bank account, one day decides to use the family Windows PC, gets pwned.
And that's Windows' fault. Somehow. But it certainly is.
-
@slashdot, look out. You've got nothing on Macie for posting outdated "news" articles
Filed under: :p
-
@slashdot, look out. You've got nothing on Macie for posting outdated "news" articles
I see stupid, I share stupid. I'm not concerned with dates or other trivialities.
also, I want to see Blakey's reaction to that, so shush
-
You've got nothing on Macie for posting outdated "news" articles
Outdated? He's clearly 8 days in front - it's only Jun 2...
-
As such, I’ve frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows.
-
Stupidity, uh, finds a way.
-
Comments are facepalm-worthy too:
The number of defects in an operating system is related to the amount of malware targeting it.
And not, uh, the fact that Windows is the most popular OS, nor that pretty much all non-power-users use Windows (with some Macs thrown in, maybe).
-
From the blog's about section ...
What most people want to know is how I got into computer security, and whether I have a technical background in the field.
The short answer is “by accident,” and “no,” respectively.
-
Clearly
-
Eh...Brian Krebs is a pretty solid guy. He used to write for WaPo. I didn't look at this article (or maybe I did a while ago), but he's done a lot of good reporting on security issues. And trolled a lot of black hats.
-
As such, I’ve frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows. What’s more, the tools these crooks are using — mainly the Zeus Trojan — almost always outpace anti-virus detection at least by a few days, and by then it’s usually too late.
It's not the worst advice I've ever seen; the guy does have a valid point, after all.
-
It's still stupid, even if it's not as stupid as it could be.
-
That's true. And why I rarely use Windows. It makes you stupid.
-
$GENERIC_LINUX_JOKE
-
Seriously, though, could you explain what is "stupid" about the article?
-
Seriously, though, could you explain what is "stupid" about the article?
Completely ignoring the point that he was using a home entertainment machine used by non-technical people and blaming the fact that he got pwned on Windows?
Yes, there is correlation between "Windows machines" and "getting pwned". No, it does not imply causation.
-
Completely ignoring the point that he was using a home entertainment machine used by non-technical people and blaming the fact that he got pwned on Windows?
So this is a reading comprehension problem?
Unfortunately for Green, that PC was the same computer his kids used to browse the Web, chat, and play games online.
-
So this is a reading comprehension problem?
Well duh, it's mentioned (briefly) in the article. How else would I know that? But the assertion made in the headline is outright misleading.
-
I don't see how. This was one post among several (many?) where he'd followed people getting ripped off after some sort of Windows malware led to draining their bank accounts.
This was also 5 years ago.
-
The bit I quoted above - recommending that these users use non-Windows because trojans don't work on non-Windows. Yes, that works now but it's just going to encourage complacency around security because "trojans don't work on Macs" - what when they do become available for Mac? These users blindly carrying on becuase they're assuming it's safe simply because it's Mac (or Linux) could get caught out.
Informing users about ways to be properly safe and secure irregardless of platform would be a better approach IMO.
-
I don't see how. This was one post among several (many?) where he'd followed people getting ripped off after some sort of Windows malware led to draining their bank accounts.
It wasn't "using Windows" that cost him $100,000 - it was "using a home machine which was also used by technical illiterates (since even in 2010 it was already almost impossible to get infected due to a Windows bug), and which got malware installed".
It's like saying "using Linux causes WTDWTF server downtime". No it doesn't - using shitty forum software does. That this software happens to be written for Linux is completely irrelevant.
-
Informing users about ways to be properly safe on secure irregardless of platform would be a better approach IMO.
At the time, his recommendation was to use a LiveCD. This was really good advice. Your idea requires that users maintain good discipline. Not using Windows is probably a lot easier and effective.
It wasn't "using Windows" that cost him $100,000 - it was "using a home machine which was also used by technical illiterates (since even in 2010 it was already almost impossible to get infected due to a Windows bug), and which got malware installed".
Yes, and if he hadn't used Windows to bank with, none of it would have happened. You can tilt against sensational headlines all you want, but you might as well go sit with blakey in the Windows fanboi section if this is your argument that the article is stupid.
-
At the time, his recommendation was to use a LiveCD. This was really good advice.
Yes - I didn't at any point say the article was stupid - just the bit I quoted.
-
At the time, his recommendation was to use a LiveCD. This was really good advice.
Because a LiveCD is readonly and can't have malicious modifications?
Has nothing to do with most of them being Linux ...
-
Yes, and if he hadn't used Windows to bank with, none of it would have happened.
No, if he hadn't used his home machine to bank with, none of it would have happened.
If we weren't using Linux, we also wouldn't have shitty forum software on our hands.
-
Because a LiveCD is readonly and can't have malicious modifications?
Pretty much.
Has nothing to do with most of them being Linux ...
True. He probably mentioned some sort of BSD at some point. But they definitely weren't Windows.
-
No, if he hadn't used his home machine to bank with, none of it would have happened.
He'd posted other things where work computers had gotten infected.
If we weren't using Linux, we also wouldn't have shitty forum software on our hands.
Experience and CS prove you wrong.
-
At the time, his recommendation was to use a LiveCD. This was really good advice.
Unfortunately, doesn't work in all cases. Personal banking? Mostly, yes. Here, any kind of business account management requires a hardware token of some kind (USB stick, smart card). Many of them lack drivers or client software for anything but Windows. And still, even if it worked, you'd have to install it every time, unless you make your own live CD with all the stuff already included.
-
Yes - I didn't at any point say the article was stupid - just the bit I quoted.
Now explain why that was stupid:
As such, I’ve frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows.
-
Now explain why that was stupid:
recommending that these users use non-Windows because trojans don't work on non-Windows. Yes, that works now but it's just going to encourage complacency around security because "trojans don't work on Macs" - what when they do become available for Mac? These users blindly carrying on becuase they're assuming it's safe simply because it's Mac (or Linux) could get caught out.
Informing users about ways to be properly safe and secure irregardless of platform would be a better approach IMO.
Post cannot be empty.
-
Unfortunately, doesn't work in all cases. Personal banking? Mostly, yes. Here, any kind of business account management requires a hardware token of some kind (USB stick, smart card). Many of them lack drivers or client software for anything but Windows. And still, even if it worked, you'd have to install it every time, unless you make your own live CD with all the stuff already included.
That would indeed be a problem. His target audience being the US, this wasn't a problem.
-
But they definitely weren't Windows.
They could be (Windows boot CDs can be done), and they would be just as secure due to being read-only.
As such, I’ve frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows.
They also fail to run on DOS. Doesn't make DOS more secure than Windows.
If people do start doing personal banking with Linux, malware users will target Linux because that's where money is. Using Linux over Windows is just security by obscurity - in this case, running a system obscure enough that most malware writers don't bother with it.
-
Yes, that works now
Ta da!
"trojans don't work on Macs" - what when they do become available for Mac?
He might update his advice.
These users blindly carrying on becuase they're assuming it's safe simply because it's Mac (or Linux) could get caught out.
It's possible. Things change. But his advice was certainly sound at the time. I don't know if things have changed, and his reporting lately has focused more on ATM skimmers and big data breaches. I suspect this is in part due to Windows becoming more secure in the last half decade.
Conclusion: Not Stupid.
-
He really should have been using Windows RT. I've never gotten a virus on my Surface.
:ducks:
-
They also fail to run on DOS. Doesn't make DOS more secure than Windows.
I know you guys are mostly ignorant about his advice, but one of the points was that if you pop an Ubuntu CD in, you have Firefox, which people were already familiar with.
If people do start doing personal banking with Linux, malware users will target Linux because that's where money is.
Fuck...Beta 11 appears to have wiped out completion our custom emojis. Fuck you dicsourze.Nevertheless, you're going to be safe right now, while Windows is targeted.
- in this case, running a system obscure enough that most malware writers don't bother with it.
No. Just no.
-
In short: guys owns company,
Ok...
normally uses a secured work Mac to access his bank account,
Wow he just fucked-up his IRS return by admitting he uses that Mac for personal business.
Oh wait, was that not the point of the WTF?
-
personal business.
It was his company's bank account AFAICT. Also, I'm disappointed in you not ranting.
I know you guys are mostly ignorant about his advice, but one of the points was that if you pop an Ubuntu CD in, you have Firefox, which people were already familiar with.
And in DOS, you can install Lynx, with which some people are familiar with too. Now, your point?
Nevertheless, you're going to be safe right now, while Windows is targeted.
And if you obfuscate your password handling routine by doing some random ROT-x shifts, you're safe right now, and you may even deter one or two attackers who won't bother. That still doesn't make your system even a tiny bit more secure than the other guy storing passwords in plaintext.
-
It was his company's bank account AFAICT.
Then why was he accessing it from a NON-work computer? Either way this guy's a dumbshit.
Also, I'm disappointed in you not ranting.
If you want me to dance for your amusement, pay me. Fuck you.
-
Yes, and if he hadn't used Windows to bank with, none of it would have happened. You can tilt against sensational headlines all you want, but you might as well go sit with blakey in the Windows fanboi section if this is your argument that the article is stupid.
Let's try a thought experiment.
Suppose we're reading an article about someone going to a really impoverished neighbourhood, by themselves, at night, and getting mugged. Because poverty and crime correlate.
Poverty and race also correlate, and it happens that this dirt-poor area is also predominantly black.
Did the guy get mugged because he went to a black neighbourhood, or because he went to a really crap neighbourhood? If the article headline explicitly states the former, and the copy takes pains to gloss over the latter and imply that the former was the relevant factor, is that an intelligent article?
-
And in DOS, you can install Lynx, with which some people are familiar with too. Now, your point?
Just that you're still wrong.
And if you obfuscate your password handling routine by doing some random ROT-x shifts, you're safe right now, and you may even deter one or two attackers who won't bother. That still doesn't make your system even a tiny bit more secure than the other guy storing passwords in plaintext.
I don't even know what you're talking about now.
-
Did the guy get mugged because he went to a black neighbourhood, or because he went to a really crap neighbourhood? If the article headline explicitly states the former, and the copy takes pains to gloss over the latter and imply that the former was the relevant factor, is that an intelligent article?
If a straw man begs the question would you burn him just because he'd burn you?
-
-
Just that you're still wrong.
Because you changed the subject?
I will admit to being wrong due to
, however. Congratulations.
-
straw man
I don't think what you think that means and what I think it means are the same.
Even if my analogy wasn't applicable, that's not a strawman.
-
Even if my analogy wasn't applicable, that's not a strawman.
I put more stuff in there than strawman. The best anyone has at calling this article stupid is the somewhat sensational headline. And now analogies to claims of racism.
-
The best anyone has at calling this article stupid is the somewhat sensational headline.
And that - again - security by obscurity is not security. Using Linux instead of Windows not because Windows is flawed compared to Linux, but because Linux is less popular is pretty much the definition of that.
-
They could be (Windows boot CDs can be done), and they would be just as secure due to being read-only.
Being read-only doesn't make it secure if it has a network connection. It can only boot up as secure as the trustworthiness of whomever created the boot CD.
And that's saying nothing of the possibility that you're a complete moron and you install your desktop stripper so you can have some entertainment while you do your banking.
-
I put more stuff in there than strawman.
Yes, but you put strawman in. I wasn't going to argue the toss about the validity of my analogy, because I don't care enough, but there was no strawman, so I objected to the suggestion that there was.If you're suggesting I'm claiming that your opinion is racist because it stems from the same logic as the racist opinion in my analogy, then you have failed to grasp the concept of an analogy. Although you have nicely demonstrated a strawman.
-
And that - again - security by obscurity is not security.
You're confused about what this is and what security by obscurity is.
Using Linux instead of Windows not because Windows is flawed compared to Linux, but because Linux is less popular is pretty much the definition of that.
If the attacks are all against Windows, then not using Windows is one way of being safe right now. 100%. But that's not all that his advice was.
If you're suggesting I'm claiming that your opinion is racist because it stems from the same logic as the racist opinion in my analogy, then you have failed to grasp the concept of an analogy. Although you have nicely demonstrated a strawman.
I'm saying a couple of things. Your analogy is imputing racism where there isn't necessarily any. But that's off topic. Nevertheless, you're using something that's poisoning the well (racism). And it's wrong, to boot. I threw a silly statement mentioning several common fallacies and you noticed one of them.
-
The headline should have been:
Using an unsecured computer for a day cost a small business owner $100,000
Leave the OS bullshit out of it. It has nothing to do with the operating system, and everything to do with poor security practices. That's just sensationalizing the Mac/Windows fanbois, creating FUD about security, and as @loopback0 pointed out, encouraging complacency regarding security, specifically Mac security.
