Warning about trojans - especially if you are a Yorkshire Bank customer!

Lost2

Thanks for that td_007

jambosans

MPH80 wrote: »

http://www.theregister.co.uk/2009/01/26/more_mac_malware/

Although I stand completely corrected I would like to highlight the lower risk trojans/ viruses pose OSX. The bulk are designed for Windows, and as a result, I have never had a virus or trojan in the four plus years I've been running Macs. The PC I used before running XP often got infected - although I do blame my little brother for this more than anything else.

Perhaps it's better architecture or perhaps it's the lower market share, either way OSX, in general, is more secure that Windows. Still doesn't stop me from being diligent and running an anti-virus.

mr_fishbulb

One of the better ways to ensure security with online banking is to use multi-factor authentication. That combines "something you know" such as a password, with "something you have" such as a keyfob, or "something you are" such as a fingerprint.

As a lot of people will not trust the banks to use their biometric information to identify them (who want's to give them a retina scan?), that leaves "something you have".

I know nationwide have 2 factor method when you are making payments. You put your debit card into a card reader and go through a challenge-response process to prove that you have the card-reader in your possession. Some other banks have similar methods, however most don't.

2 factor authentication is expensive for banks (although compared to how much money they make it is a drop in the ocean). They will only roll it out when the cost of not doing so is too great. The cost of not doing so is made up partly from actual loss from fraud, and partly from loss of custom due to people thinking their online banking is not safe. As people get more used to this issue, hopefully they will start to demand stronger security from their bank, or vote with there feet towards those who do.

Anti-virus, anti-malware, firewall, https etc are all good practices that people can employ to make sure they are not the low-hanging fruit (whilst there are easier targets available, fraudsters will go after those). However this will only protect you so much. But I believe enhanced security should be driven by the financial institutions themselves.

masonic

jambosans wrote: »

Although I stand completely corrected I would like to highlight the lower risk trojans/ viruses pose OSX. The bulk are designed for Windows, and as a result, I have never had a virus or trojan in the four plus years I've been running Macs. The PC I used before running XP often got infected - although I do blame my little brother for this more than anything else.

Perhaps it's better architecture or perhaps it's the lower market share, either way OSX, in general, is more secure that Windows. Still doesn't stop me from being diligent and running an anti-virus.

It's both. Why look for and exploit vulnerabilities in an operating system only a minority of people are using? Also, the default security settings in windows have been awful. If you make the effort to configure your windows machine in a security conscious manner, the vast majority of problems are neutered, but the cost of that is a lot of inconvenience most people do not want. I would definitely agree with you that your chance of being infected with something nasty while running a Mac is at least a couple of orders of magnitude less than if you were running windows.

td_007

masonic wrote: »

It's both. Why look for and exploit vulnerabilities in an operating system only a minority of people are using? Also, the default security settings in windows have been awful. If you make the effort to configure your windows machine in a security conscious manner, the vast majority of problems are neutered, but the cost of that is a lot of inconvenience most people do not want. I would definitely agree with you that your chance of being infected with something nasty while running a Mac is at least a couple of orders of magnitude less than if you were running windows.

Or Linux - it is FREE

jambosans

td_007 wrote: »

Or Linux - it is FREE

Maybe people should start dual-booting Ubuntu to use their online banking.

Note: I am not being sarcastic, OSX is distant cousin of Linux. A Unix OS that has been !!!!!!!ised by Apple and made closed source.

Update: Ten point if you guess the word MSE has blanked out. I used it for it's true meaning not to curse.

DCFC79

Surely its just down to the user having anti virus, a firewall plus any other protectiona nd keeping it uptodate, keep the passwords all different and include numbers, capital letters

Andystriker

jonnyb wrote: »

Your requirement for accessing 6 different organisations with 6 different logins, and doing it securely, is a spot on candidate for egg money manager. There are other programs that doing something very similar, as I have seen them referred to in discussions on here, but I cannot remember any of them.

Have a google for it. Their website says free to Egg customers, so you could open a savings account with £1 to become a customer, then add all your external accounts. I cannot find a mention of the cost if you don't have an egg account.

Honestly, it makes my life so simple for everyday online banking.

I do have a Egg Money Card.

I have to say though I would feel very uneasy about using this. I would fear if money went missing the banks would say "you told Egg your passwords it's Egg's problem" and Egg would say "Not our problem we don't know your password" and they would start blaming each other. I feel happier using my memory stick, at least I can then say I did not reveal my password to anyone.

Why can't the banks have my phone number lodged with them. Then when I make a withdrawal why could they not ring me on my phone number which the Trojans would not know and ask me to confirm the payment. We could even have a seperate 4 digit password to put in the phone.

Is this not a good idea?

td_007

Andystriker wrote: »

Why can't the banks have my phone number lodged with them. Then when I make a withdrawal why could they not ring me on my phone number which the Trojans would not know and ask me to confirm the payment. We could even have a seperate 4 digit password to put in the phone. Is this not a good idea?

Ebay does phone authentication for setting up a seller account. During the registration process it brings up a 4 digit PIN and you get an automated phone call during which you input the PIN generated during the reg process to confirm your identity.

This can easily be adapted for bank payments as well...but it costs money - look how long the Faster Payments took to be implemented and even the only a handful of bank offer it and cannot be considered 100% reliable.

masonic

Andystriker wrote: »

Why can't the banks have my phone number lodged with them. Then when I make a withdrawal why could they not ring me on my phone number which the Trojans would not know and ask me to confirm the payment. We could even have a seperate 4 digit password to put in the phone.

Some websites use your mobile phone for cheap two factor authentication. They send a text message to the phone containing a code, which you then have to enter on the webpage to complete the transaction. This seems a reasonable alternative to the more expensive card reader system some banks have adopted.