Security Experts: Avoid Windows for on-line Financial Transactions

More and more security experts are recommending that people avoid the use of Windows in any form when performing on-line financial transactions. Some experts say this is even more important for businesses than consumers because businesses have less time under the law to identify and report fraud.

Brian Krebs, the computer security expert for the Washington Post says in an October 9, 2009 Blog post:

An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud.

The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.

He goes on to say that businesses, and presumably the rest of us as well, should use a “live CD” version of Linux to transact any type of financial business on the web because that is the only way to avoid the Windows Malware that steals your ID and your money.

Read the complete post. I won’t post the details here, because you can read the entire blog entry for yourself, but it seems that in one case thieves had hacked into the Windows computer of the bank controller in order to steal access codes.

How safe can your Windows computer be if an allegedly secure one belonging to a bank can be cracked so easily?

In Australia, the New South Wales police are recommending that consumers use Linux for on-line banking. Again they recommend using a Linux boot up disk or USB thumb drive to perform on-line financial transactions.

The reason? Linux is secure.

Complete Solution

I wonder why these experts only recommend using a Linux on a Live boot disk for financial transactions. Why not just move to Linux completely? Is the rest of your data, especially for businesses, not as important as your financial transactions? If you keep your accounting data on a Windows computer, your product designs, your marketing plans, emails discussing projects and potential projects with your customers, does that data not need to be protected as well?

Of course it does.

I recommend gong all the way with a complete security solution. Use Linux from beginning to end. Use Linux on your computers all the time. If you have one or two critical applications for which there are no Linux replacements and you must use Windows to run them, I recommend only running Windows as a guest in a virtual machine on a host computer running Linux.

Use Linux for a complete end-to-end, full time solution to keeping your data — all of your data — safe.

You might also want to find out what your bank is doing to keep your account information safe.

Thanks to Steven J. Vaughan-Nichols whose original blog post at ITWorld, “Windows unsafe for online banking? Shopping?” led me to this information.

About Linux Distributions

Although many of you have heard of Linux I know that you are not necessarily familiar with it or the term distribution. This post is intended to answer the question of what a distribution is and how it affects you.

What is a Distribution?

A Linux distribution, or “distro” as they are called by many Linux aficionados, consists of several main components packaged together in such a manner as to be easy to distribute and install. A Linux distro may be distributed on CD, DVD, USB thumb drive, or, via the Internet as an ISO image of one of those media, from which a bootable CD, DVD, etc., can be created.

Mainstream Linux distributions usually contain the major components described in the table below.

Hundreds of Distributions

There are literally hundreds of different Linux distributions. The Wikipedia article on the term Linux distribution states that there are over 600 Linux distributions and that over 300 of them are under active development. Each distribution contains a different combination of libraries, utilities and application programs, depending upon its intended usage.

The good news is that most distributions are designed for very specific niches and most people considering the use of Linux at home or in the office only need concern themselves with a very few.

Choosing a Distribution

Whether working with a consultant or on your own, it is important to understand what you intend do do with the computers on which you will install Linux. Developing a complete set of requirements for each computer or class of computers in your business, such as servers, development workstations and desktops, will be a key step in in this process.

Your choices will be driven by functionality, security, stability, application availability, interoperability, ease of installation, maintenance, cost and other factors. In some cases your choices will be numerous as multiple distributions may meet your requirements and in others you will be left with only one or two distributions from which to choose.

When using a consulting firm such as Millennium Technology Consulting LLC, we can assist you in making the choice of distributions.

The Value of Certifications

Certifications are all the rage. Many people have them and many companies require at least one when hiring technical personnel. Most certifications are worthless and some are valuable.

Rote Memorization

Many certifications, like the Microsoft ones, are simply a matter of memorization. That is not to say that there are not some very good Microsoft certified techs out there, but the certification has nothing whatsoever to do with whether they are any good or not.

I have worked in a number of jobs where I had to interview candidates for hiring. The vast majority of the candidates who claimed to have Microsoft certifications could answer basic questions about the OS, but really had no clue about how to go about doing problem determination and the problem resolution. When faced with even a simple example of a problem, they were completely unable to even state the first step they would take to resolve a problem, or even worse, would suggest approaches that would do more harm than good.

You can memorize a bunch of facts but that does not teach one how to perform a task. In the computer industry that task is all about identifying and resolving problems.

Performance Based Testing

I have taken a few performance based tests over the years and most people have taken at least one. The common driving test is a performance based test. If you cannot drive, you don’t get a license. And I really don’t think the test is hard enough. Too many people who should not be driving seem to pass. But that is a different rant.

My Pilot’s license was a three part test. The first part was a very technical standard test consisting of multiple choice and fill in the blanks type questions. This was to test my basic knowledge of flying, navigation, FAA rules and other aviation skills. The second part of the test was the “oral,” in which the check pilot quizzed me on many aspects of flying, weather, instruments, navigation and more FAA rules. He then had me create a flight plan and checked it over. The third part was the flight test. This is where a prospective pilot gets to demonstrate his or her capability to actually safely fly an airplane. If you cannot do this, no matter how well you do on the other parts of the test, you cannot get a pilot’s license.

Performance based tests like Cisco and Red Hat are the best tests in the IT industry for ensuring that certificate holders are actually qualified to work on those systems. When I took the Red Hat test there were three sections; one was a standard 50 question test and two were 2.5 hour performance based sections. One section tested how well I could find and resolve problems and the other was to install Red Hat Linux on a computer to meet a set of specifications.

The Red Hat test is now a single section and is completely performance based. Red Hat dropped the written section a few years ago because no one ever failed the test based on the results of that section. The two remaining sections were combined into a single installation and troubleshooting section just a couple months ago.

Aside from my pilot’s license, my Red Hat certification is the one of which I am most proud. It is also the one that is most meaningful. If someone has passed this examination then you can be certain that they have a pretty high minimum skill level and can actually perform problem solving and administrative tasks in the real world.

My Mostly Worthless Collection

I have lost count, but I currently hold between 16 and 18 certifications. Some are worthless because the products that the certification is for are no longer current.

Take my several OS/2 certifications. Who uses that any more? I got half of those certifications because I wrote the multiple guess tests myself while I worked for IBM and later as an independent contractor. A couple of the tests were actually pretty good, but no test that is strictly a classic “written” test, even if given on a computer, can really tell whether a person can actually track down a problem let alone fix one.

I also have some certifications for old Dell and IBM hardware that have long since been best suited to use as boat anchors.

And of course I have my Red Hat certification. That was an exhausting seven hour test in which I had to actually demonstrate the capability to think and perform problem determination as well as resolve problems and perform an installation. It was difficult and I did not pass on my first try.

True Value

One of the most qualified people I have ever hired did not have any certifications. She knew the answers to all of the technical questions we asked during the interview, and she was able to discuss at length the process she would use to resolve certain real world problems we posed as part of the interview.  I hired her and she turned out to be one of the best technical people I have ever worked with. I have also worked with people who had only simple written test certifications who could not resolve even simple problems.

I have never worked with anyone who has passed a performance based certification test who could not perform at least the tasks required by that certification and in most cases they were far more capable than just the minimum required to pass the test. Performance based certifications are one good way to differentiate between candidates when hiring, or when looking for a consultant. They are not the only point on which you should base your decision. You should be careful not to eliminate perfectly good candidates just because they do not have a certification.

Forget about using written tests of any kind as a yardstick. They are totally useless.

The true value is in the person not the certification.

Time for Housecleaning

How is this for coincidence? After yesterday’s post, The Pain of Moving to a New OS, today’s morning paper has an article, Brace for bumps in Windows upgrade,  about how painful it will be to move from Windows XP, which most people are still using, to Windows 7.

It seems that you will not be able to upgrade from XP to 7. You will have to back up your data and do a clean install of Windows 7, then restore your data. And all of those programs you have downloaded or installed over the many years on XP? You will have to be lucky to find all of the old CDs or download and install them again.

For older hardware, there will also be the usual issues with lack of drivers as well as just plain lack of the guts needed to run this new version of Windows compared to XP. Microsoft even touts Windows 7 as a “cleaned up” version of Vista. Not a very auspicious marketing statement.

More Gain for your Pain

If you are considering an upgrade from Windows XP, check with Millennium Technology Consulting LLC first. If you are expecting pain anyway, you might as well get the maximum gain. Linux can significantly reduce the overall version to version upgrade pains in the long run, as well as being more stable, more resistant to malware, far more secure and free to boot.

You Get What You Pay for — or Not

The old saying “You get what you pay for” seems true on its surface, and it can be true. I like to save money, but many times I am willing to pay more for a better brand or an upgrade to a product with more features. I do this because I know the better brand will last longer or the product with more features has a particular feature I need or find useful.

When I bought my Hybrid Toyota Prius I paid more than I would have for an equivalent size car back in 2001. But I bought it to save gasoline and the environment, not because it was cheaper than the other cars. With gas prices as they have been for the past few years, I have saved more on gasoline in the long run than I paid extra for the Prius, plus I have been saving the environment as well. But my Prius has also been a very reliable, trouble-free car and the problems I have had were fixed under warranty, in many cases even after the warranty had allegedly expired. That in itself has saved me a good deal of money compared to other cars I have owned. Some things are worth paying extra for.

Cheap stuff breaks. We bought a cheap refrigerator a few years ago, even though it was an allegedly good brand. We have had service out several times for various problems and it has never really been fixed properly. It continues to give us trouble and will until we replace it.

I have seen many really cheap computers and some really great ones. Having worked for IBM, I know that they made some of the best and most reliable computers on the planet. But when the cheap junk started showing up, they could not compete on price and that is what the vast majority of consumers cared about. IBM got out of the PC business because they could not compete on price and no one cares about the quality of a PC when they can be replaced so cheaply — relatively speaking.

The Software Exception

There is one very prominent exception to the “get what you pay for” axiom. Software. Oh, sure, you can pay for software. But why should you when there is much better, higher quality software available for free?

Open Source Software is usually free and it is almost always of very high quality. All of the Free Open Source Software I use is of excellent quality. It works and does what I want it to do. I have not paid a penny for software in many years. That makes companies like Microsoft crazy!

I have worked in places where we had software that cost millions of dollars in licensing fees. And yet when we would call for support for a word processing program, for example, the best answers we could get were pathetic. You don’t need to reboot every time something goes wrong with your software, but that seems to be the first answer you get from any support people when dealing with any problem while running Windows.

Most support centers use low-paid, untrained people who do nothing more than follow scripts. If you are lucky and get to a third level person, they might know enough to actually solve your problem. Perhaps, but don’t hold your breath.

What kind of support is that? Crappy, that’s what! So why pay for software on the premise that paying for it gives you support? That sounds dumb to me. But it does give the company that bought the software someone to yell at when things don’t work. I fail to see how that helps, though, when your objective should be to keep your people productive and your customers happy.

And just try to get a proprietary software company to add a new feature that you really need! If you are lucky and they decide to do it, you can pay a very large sum of money for them to add a new feature and it will take months at best.

If Open Source Software breaks or does not have a feature I need, I can request a fix or a new or revised feature and the hundreds or even thousands of programmers around the world who work on that particular piece of software will often  have a fix or a new feature ready in a few days or even less. Security problems may be patched within hours. This is much better responsiveness than any proprietary software I have ever had the misfortune to use over the years.

Paying for software does not make it better. Contact us at Millennium Technology Consulting LLC for a demonstration of Free Open Source Software that can save your company a great deal of money.

Value add – Databook

One of the things that most companies want when they choose a consultant is a level of knowledge and support that will always be there. It is not enough to simply do the job and walk away like many firms do; you want some ongoing support and a place to find information when you need it. Whether to answer basic questions  like, “how do I…,” or to complex system administration tasks, you will always have some need for information within or even beyond the scope of the consulting contract.

Freedom of Information Act

The basic tenet of Open Source is that program code should be free. Open Source Software is free as in speech and so also should the information about it be free.

As a Linux and Open Source consultant I believe that information should be free. Not merely as with the federal Freedom of Information Act that requires the information seeker to request the specific information they are seeking and wait for the powers that be to decide whether it is in their best interest to release it, but really free as as in speech so that it is readily available when you need or want it.

This is the Value Add proposition addressed by Millennium Technology Consulting LLC. For us, Freedom of Information Act is a verb.

Memory Aid

Over the years I have collected a great deal of information about Linux and how it works. I have found that I needed the same information many times, but that I perform the associated tasks so seldom that I needed to re-discover that information. So I began saving things I had learned in a database that was intended to be a memory aid and to prevent me having to recreate the same information over and over. This database has grown significantly and will continue to grow in the coming years.

I decided that this same information could be valuable to many other people as well, whether they — you — are customers of Millennium Technology Consulting LLC or not. As a result, I opened up my database to the world so it is free as in speech, I and have made that information free as in beer as well.

That database is my DataBook® web site where I keep two books plus other information such as product reviews and a blog. The books are the DataBook for Linux Users and the DataBook for Linux Administrators. Whenever I answer a question for someone, or perform a task that requires a bit of research on my part, I try to add it to one of the DataBooks. This makes it available for me in the future as well as for anyone else who has the same need.

Proprietary vs Free

Some people have asked me why don’t I just charge for this information so I can increase my revenue stream. I could do so either by charging for access to the DataBook web site or by charging for my time to provide “customers” that same information. I choose not do to so for the simple reason that I believe that restricting information in that way sucks.

Many, in fact almost all consultants consider the information they have proprietary and want you to pay for it — all the time, every time. Frankly it is not in my best interest to work that way. What is in my best interest is to have well-informed customers with access to as much information as possible so that you can make informed, intelligent decisions. I believe that is in your best interest as well. I believe that if you are not currently a customer and you find the information I provide on my web sites useful, you will call me when you need a consultant. Period.

Contact Millennium Technology Consulting LLC when you are ready for a true Open Source Consultant. We do Open Source and Linux consulting for individuals and small to medium businesses.

Monopoly

No, not the board came, but the anti-competitive practices of Microsoft.

No Choices

Aside from any questions of whether you would want to or not, have you ever tried to purchase a computer with any operating system other than Windows? Even if you don’t need to buy a new computer, go to a store like Best Buy, Staples, Office Depot or even a local computer retail store such as (in Raleigh, NC) Intrex. Ask the sales person for a computer that has a different operating system than Windows. Watch the faces and see the incredulity and even disdain.

The first problem is that there are only a couple, and only one is for PCs. One is Apple’s MAC OS and the other is Linux. Of course you can go to an Apple store to get a computer with MAC OS. The other is Linux. Linux and MAC OS are very closely related. You have to have a MAC to run MAC OS, but you can run Linux on any PC. So there are not many choices in the first place which is always the sign of a monopoly.

The second problem is that virtually all computers come with Windows already installed. You might be able to purchase a computer with Linux installed from Dell or HP, but probably only on their web sites and with a very limited set of hardware on which they will install it. You cannot just go to the store and purchase a computer with anything but Windows on it. The best you could possibly do is to purchase a computer without any operating system at all from a place like Intrex and install one yourself.

So you essentially have no choices for an operating system when you go to a store to purchase a computer. This is a monopoly. The same is true for applications. Try to purchase a copy of any office software other than Microsoft Office. You cannot because it is not there.

For this discussion it is irrelevant that Microsoft itself is responsible for this lack of choices. They will tell you that their software is the most popular in the world. Like they got elected prom queen when no one else ran against them is popularity. Do you see the problem here?

The Microsoft plan for world domination works like this:
Sell software, such as Office, that reads old formats and only writes new ones (or at least write new ones only if you know a magic incantation). You can do anything you want with your new software.  People send you things, you do what you like with them.

When you send something back, people have trouble using it with their old software.  They snarl at you and tell you to learn the magic incantation.  After a while, they get tired of snarling, especially since it usually doesn’t work, and they give up and buy the new software.

But the key is, when you buy the new software, it has to do everything you want so you don’t badmouth the new stuff and go back to using the old stuff yourself.  It has to be the people with the old stuff that give up and buy the new stuff. Of course this didn’t go according to plan with Vista.

Open Source Freedom

With Open Source Software there are many choices available and they all play nicely together. For example there are three primary office suites for Linux, OpenOffice, GnomeOffice and KOffice. There are others as well and also a good number of stand-alone word processors and spreadsheets. The best part is that they all adhere to open standards such as the Open Document Standard which allows them to be used interchangeably with any given set of documents. With Microsoft you cannot even use your current word processor with a document from the next one. In fact, some of this Open Source Software even runs on Windows.

All of these Open Source word processors offer better compatibility with older Microsoft Word documents and even other word processors such as WordPerfect. The rectors at our church had seventy or eighty old WordPerfect documents when they moved to our church that they could not use with Word. OpenOffice allowed them to access these documents for the first time in several years.

And of course all of these Open Source office programs and suites are not only free as in speech, they are free as in beer. So if you do have to upgrade because your old version of StarOffice won’t open the latest OpenOffice documents, it does not cost you any money.

Let Millennium Technology Consulting LLC show you how easy it is to make the transition to Linux and Open Source Software. We can also provide training to assist in making the transition. We do Open Source and Linux consulting for small to medium businesses.