Internet Security and Microsoft - an Oxymoron

Add Your Comments

Thieves notoriously go after the “low hanging fruit” – the easy target; for PC users, this means anything Microsoft.

Symantec released their Symantec Global Internet Security Threat Report for anyone to read. I read it over – all 108 pages – and was struck by two things:

  • Anyone who uses their PC for financial transactions is playing with fire;
  • Anyone who uses any Microsoft software for financial transactions provides the matches to start the fire.

Reading this report is at least sobering and at worse a confirmation that the web is becoming a wild and dangerous place for careless consumers. How anyone uses a PC and does not scrupulously update Windows security patches and use an anti-virus program is beyond my understanding, although I have seen both on friends’ PCs. In this case, ignorance leads to theft.

However, there is one thing glaringly missing from this report:

No mention anywhere on using Linux rather than Windows

Now I understand that Symantec is in the anti-virus business, and that their bread-and-butter is preventing consumers from getting phished, scammed, or robbed due to internet security threats, but what I find “interesting” is that nowhere among the recommendations is a mention made of using a Linux OS – nada, not even a hint. Am I missing something here?

I don’t pretend to be a PC guru, but one thing I do know is that in using Ubuntu, I have no need of anti-virus software. I don’t know how long this will last, but at present I have moved all my financially sensitive transactions to my Ubuntu desktop. After reading through this report, I feel this is a prudent move for anyone using the internet for more than Facebook. My take on internet security:

Anyone not running a dual-boot Ubuntu PC is courting disaster

One thing about Ubuntu is that it works “out of the box”, is constantly upgraded every six months, and is well supported by both Canonical and an extensive user community. Considering that Windows is updated maybe every five years with sometimes questionable upgrades (eg, Vista), the Ubuntu model has a lot going for it.

I’m not going in any detail about Ubuntu or whether users should chuck Windows for Ubuntu – that’s old stuff and there are plenty of articles around covering this topic. I will repeat, though, that an Ubuntu dual-boot is easy and can even be done within Windows, so why not?

As to the report itself, I’ll cover some highlights:

First off, financial data is the top phishing target:

76% of phishing targeted well-known brands in the financial sector – if you’ve ever seen something like a message regarding your bank account, chances are high this is a scam. Crooks go where the money is, as this table shows:

Grab user data and sell it – that’s the game. The recession/depression has most likely accelerated code threats – 2008 was a banner year:

Microsoft is the de jure monopoly OS – not surprising is where the attacks come from:

The second most favorite target is Adobe Acrobat – those pdf files are ripe for exploitation.

As to browser vulnerability, this graph is revealing:

According to the report:

“The window of exposure for Web browsers is the difference in days between the time when exploit code affecting a vulnerability is made public and the time when the affected vendor makes a patch publicly available for that vulnerability…Of all the browser vendors examined, Mozilla browsers maintained the shortest window of exposure while patching more vulnerabilities than other vendors.”

In plain terms, FireFox is a better bet for secure browsing than all the other browsers. Interesting to note that this quick response time fixed more vulnerabilities than other browsers:

According to Symantec:

“The prevalence of ActiveX vulnerabilities poses a particular concern to end users and organizations that use Internet Explorer. While the market share of Internet Explorer 7 surpassed that of Internet Explorer 6 in 2008, the fact that ActiveX vulnerabilities are still a popular avenue of attack suggests that the security features of Internet Explorer 7 have not eliminated the ActiveX threat.”

In plain terms, use Microsoft’s IE at your own risk.

At the risk of repeating myself, if you use the internet for financial transactions, using Ubuntu seems to me a no-brainer. It costs nothing and protects sensitive data, so why not?

Leave a Reply

Your email address will not be published. Required fields are marked *