Security Experts: Avoid Windows for on-line Financial Transactions

More and more security experts are recommending that people avoid the use of Windows in any form when performing on-line financial transactions. Some experts say this is even more important for businesses than consumers because businesses have less time under the law to identify and report fraud.

Brian Krebs, the computer security expert for the Washington Post says in an October 9, 2009 Blog post:

An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud.

The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.

He goes on to say that businesses, and presumably the rest of us as well, should use a “live CD” version of Linux to transact any type of financial business on the web because that is the only way to avoid the Windows Malware that steals your ID and your money.

Read the complete post. I won’t post the details here, because you can read the entire blog entry for yourself, but it seems that in one case thieves had hacked into the Windows computer of the bank controller in order to steal access codes.

How safe can your Windows computer be if an allegedly secure one belonging to a bank can be cracked so easily?

In Australia, the New South Wales police are recommending that consumers use Linux for on-line banking. Again they recommend using a Linux boot up disk or USB thumb drive to perform on-line financial transactions.

The reason? Linux is secure.

Complete Solution

I wonder why these experts only recommend using a Linux on a Live boot disk for financial transactions. Why not just move to Linux completely? Is the rest of your data, especially for businesses, not as important as your financial transactions? If you keep your accounting data on a Windows computer, your product designs, your marketing plans, emails discussing projects and potential projects with your customers, does that data not need to be protected as well?

Of course it does.

I recommend gong all the way with a complete security solution. Use Linux from beginning to end. Use Linux on your computers all the time. If you have one or two critical applications for which there are no Linux replacements and you must use Windows to run them, I recommend only running Windows as a guest in a virtual machine on a host computer running Linux.

Use Linux for a complete end-to-end, full time solution to keeping your data — all of your data — safe.

You might also want to find out what your bank is doing to keep your account information safe.

Thanks to Steven J. Vaughan-Nichols whose original blog post at ITWorld, “Windows unsafe for online banking? Shopping?” led me to this information.

Latest Fedora 11 Fixes Resolve User Issues

Newsletter

This is the first of what I hope to be a fairly regular newsletter intended to inform Millennium Technology Consulting LLC customers of the latest information that may affect their Linux installations. Of course this will also help anyone who reads this newsletter even if you are not one of my customers, but that is OK too.

Latest Fedora 11 Fixes Resolve User Issues

Over the last few weeks there have been many fixes to Fedora 11 including a number of security updates. These have resolved several problems affecting many users.

HP Printer Issues

About a month ago an update to the Common Unix Printing System (CUPS) caused Hewlett-Packard (HP) printers of all kinds to stop working.  The latest fixes have resolved these HP printer problems. After installing these updates your HP printers should work again.

Audio

Some issues with streaming audio playback have also been resolved. These issues have been around for a while and caused audio dropout during playback as well as just hung (stopped) playback of multimedia video streams, such as Flash video playbacks on web sites like CNN.

VirtualBox and USB

And, apparently, between these Fedora fixes and some upgrades to VirtualBox, some problems that prevented USB devices from being used inside virtual machine guests of all operating system types have also been resolved. This should eliminate the need to provide work-arounds to access USB devices from within the guest operating systems.

This affects anyone who needs to use USB connected devices in a guest operating system.

iPod and iPhone

I have been working with some customers to get iPods and iPhones working within Linux and have made some serious progress on this. Although some functionality exists with available Open Source applications such as Amarok and Banshee, there are some significant limitations not the least of which is the inability to download and use iTunes.

Now that issues with access to USB devices within a VirtualBox guest operating system have been resolved, I have found that my iPod (and presumably iPhones) can use the iTunes application very easily from within a virtual machine.

Scheduling Updates

If you are one of my customers, I will contact you in the next few days to schedule a time to perform the upgrade and make any other changes required to make things work correctly. If you are an iPhone or iPod user, this will include setting up your iTunes application in a Windows virtual machine using VirtualBox.

London Stock Exchange Moves to Linux

The London Stock Exchange (LSE) has announced that it will be dumping its $65 Million (US) Microsoft based trading system, TradElect, in favor of the Linux and Solaris based MillenniumIT system. In fact they bought the entire MillenniumIT company for only $30 Million which is a real bargain.

Although some have said that the LSE’s experience with the MS .NET trading system was positive, the Linux and Solaris based system is easier to install and use and executes trades over six (yes 6) times faster than the old system. That is 0.4 milliseconds for the MillenniumIT system vs 2.7 milliseconds for the Microsoft system. In an environment where milliseconds is money, that is a huge advantage.

The other aspect of this is that this leaves the TradElect trading system with only one customer which is currently considering the switch to MillenniumIT as well. Of course they cannot buy the company because the LSE has already done.

Read more details in the IBSJ News.

Microsoft’s grinning robots or the Brotherhood of the Mac. Which is worse?

Here is a lovely bit of satire which I found hilarious and enlightening. Enjoy!

http://www.guardian.co.uk/commentisfree/2009/sep/28/charlie-brooker-microsoft-mac-windows

About Linux Distributions

Although many of you have heard of Linux I know that you are not necessarily familiar with it or the term distribution. This post is intended to answer the question of what a distribution is and how it affects you.

What is a Distribution?

A Linux distribution, or “distro” as they are called by many Linux aficionados, consists of several main components packaged together in such a manner as to be easy to distribute and install. A Linux distro may be distributed on CD, DVD, USB thumb drive, or, via the Internet as an ISO image of one of those media, from which a bootable CD, DVD, etc., can be created.

Mainstream Linux distributions usually contain the major components described in the table below.

Hundreds of Distributions

There are literally hundreds of different Linux distributions. The Wikipedia article on the term Linux distribution states that there are over 600 Linux distributions and that over 300 of them are under active development. Each distribution contains a different combination of libraries, utilities and application programs, depending upon its intended usage.

The good news is that most distributions are designed for very specific niches and most people considering the use of Linux at home or in the office only need concern themselves with a very few.

Choosing a Distribution

Whether working with a consultant or on your own, it is important to understand what you intend do do with the computers on which you will install Linux. Developing a complete set of requirements for each computer or class of computers in your business, such as servers, development workstations and desktops, will be a key step in in this process.

Your choices will be driven by functionality, security, stability, application availability, interoperability, ease of installation, maintenance, cost and other factors. In some cases your choices will be numerous as multiple distributions may meet your requirements and in others you will be left with only one or two distributions from which to choose.

When using a consulting firm such as Millennium Technology Consulting LLC, we can assist you in making the choice of distributions.

Linux+ Training in Charleston

I will be teaching a 4.5 day Linux+ training class in Charleston, SC, the week of September 21.

CompTIA Linux+ is a vendor-neutral certification, generic across distributions, targeted to individuals with a minimum of six to 12 months of practical Linux experience. The CompTIA Linux+ exam covers fundamental management of Linux systems from the command line, user administration, file permissions, software configuration and management of Linux-based clients.

This class is preparation for that exam using Fedora Linux. Even if you do not take the exam this is an excellent training class for relatively new Linux administrators.

The class will be held at DTC Charleston, a local training center.

1064 Gardner Road
Suite 212
Charleston, SC 29407

Sales: 843-402-0983
Main: 843-225-3494
Toll-free: 866-705-4522
Fax: 775-370-0477

Email: martha_nye@dtccharleston.com

If you are interested in attending this class, please contact DTC.

The Value of Certifications

Certifications are all the rage. Many people have them and many companies require at least one when hiring technical personnel. Most certifications are worthless and some are valuable.

Rote Memorization

Many certifications, like the Microsoft ones, are simply a matter of memorization. That is not to say that there are not some very good Microsoft certified techs out there, but the certification has nothing whatsoever to do with whether they are any good or not.

I have worked in a number of jobs where I had to interview candidates for hiring. The vast majority of the candidates who claimed to have Microsoft certifications could answer basic questions about the OS, but really had no clue about how to go about doing problem determination and the problem resolution. When faced with even a simple example of a problem, they were completely unable to even state the first step they would take to resolve a problem, or even worse, would suggest approaches that would do more harm than good.

You can memorize a bunch of facts but that does not teach one how to perform a task. In the computer industry that task is all about identifying and resolving problems.

Performance Based Testing

I have taken a few performance based tests over the years and most people have taken at least one. The common driving test is a performance based test. If you cannot drive, you don’t get a license. And I really don’t think the test is hard enough. Too many people who should not be driving seem to pass. But that is a different rant.

My Pilot’s license was a three part test. The first part was a very technical standard test consisting of multiple choice and fill in the blanks type questions. This was to test my basic knowledge of flying, navigation, FAA rules and other aviation skills. The second part of the test was the “oral,” in which the check pilot quizzed me on many aspects of flying, weather, instruments, navigation and more FAA rules. He then had me create a flight plan and checked it over. The third part was the flight test. This is where a prospective pilot gets to demonstrate his or her capability to actually safely fly an airplane. If you cannot do this, no matter how well you do on the other parts of the test, you cannot get a pilot’s license.

Performance based tests like Cisco and Red Hat are the best tests in the IT industry for ensuring that certificate holders are actually qualified to work on those systems. When I took the Red Hat test there were three sections; one was a standard 50 question test and two were 2.5 hour performance based sections. One section tested how well I could find and resolve problems and the other was to install Red Hat Linux on a computer to meet a set of specifications.

The Red Hat test is now a single section and is completely performance based. Red Hat dropped the written section a few years ago because no one ever failed the test based on the results of that section. The two remaining sections were combined into a single installation and troubleshooting section just a couple months ago.

Aside from my pilot’s license, my Red Hat certification is the one of which I am most proud. It is also the one that is most meaningful. If someone has passed this examination then you can be certain that they have a pretty high minimum skill level and can actually perform problem solving and administrative tasks in the real world.

My Mostly Worthless Collection

I have lost count, but I currently hold between 16 and 18 certifications. Some are worthless because the products that the certification is for are no longer current.

Take my several OS/2 certifications. Who uses that any more? I got half of those certifications because I wrote the multiple guess tests myself while I worked for IBM and later as an independent contractor. A couple of the tests were actually pretty good, but no test that is strictly a classic “written” test, even if given on a computer, can really tell whether a person can actually track down a problem let alone fix one.

I also have some certifications for old Dell and IBM hardware that have long since been best suited to use as boat anchors.

And of course I have my Red Hat certification. That was an exhausting seven hour test in which I had to actually demonstrate the capability to think and perform problem determination as well as resolve problems and perform an installation. It was difficult and I did not pass on my first try.

True Value

One of the most qualified people I have ever hired did not have any certifications. She knew the answers to all of the technical questions we asked during the interview, and she was able to discuss at length the process she would use to resolve certain real world problems we posed as part of the interview.  I hired her and she turned out to be one of the best technical people I have ever worked with. I have also worked with people who had only simple written test certifications who could not resolve even simple problems.

I have never worked with anyone who has passed a performance based certification test who could not perform at least the tasks required by that certification and in most cases they were far more capable than just the minimum required to pass the test. Performance based certifications are one good way to differentiate between candidates when hiring, or when looking for a consultant. They are not the only point on which you should base your decision. You should be careful not to eliminate perfectly good candidates just because they do not have a certification.

Forget about using written tests of any kind as a yardstick. They are totally useless.

The true value is in the person not the certification.

John McCLean; Open Source and Inclusivity

There is an article in today’s News & Observer about John McClean, an incoming freshman at Duke University. He has an interesting view of Open Source Software and relates it to the inclusiveness and openness taught him by his parents, who are both pastors in the United Methodist Church.

Time for Housecleaning

How is this for coincidence? After yesterday’s post, The Pain of Moving to a New OS, today’s morning paper has an article, Brace for bumps in Windows upgrade,  about how painful it will be to move from Windows XP, which most people are still using, to Windows 7.

It seems that you will not be able to upgrade from XP to 7. You will have to back up your data and do a clean install of Windows 7, then restore your data. And all of those programs you have downloaded or installed over the many years on XP? You will have to be lucky to find all of the old CDs or download and install them again.

For older hardware, there will also be the usual issues with lack of drivers as well as just plain lack of the guts needed to run this new version of Windows compared to XP. Microsoft even touts Windows 7 as a “cleaned up” version of Vista. Not a very auspicious marketing statement.

More Gain for your Pain

If you are considering an upgrade from Windows XP, check with Millennium Technology Consulting LLC first. If you are expecting pain anyway, you might as well get the maximum gain. Linux can significantly reduce the overall version to version upgrade pains in the long run, as well as being more stable, more resistant to malware, far more secure and free to boot.

The Pain of Moving to a New OS

There will always be some level of pain associated with moving to a new operating system. This is true whether the upgrade is from Windows X to Windows Y, from Windows to Linux, or from one version of any Linux distribution to another such as upgrading from Fedora 10 to Fedora 11, or from one Linux distribution to another such as moving from Fedora to Ubuntu or the other way around.

Most of the time the results far outweigh the pain of the upgrade. Other times, not so much.

Points of Pain

These pain points that are due to moving from one OS to another are usually the little things but they can be time-consuming and frustrating.

The real problems for end users and their points of pain usually revolve around screen resolutions, font sizes, documents that don’t look like they did before because the formatting has changed with the new office suite. There can also be issues with getting printers webcams and other peripheral devices to work. But these are issues for the administrator and over which the end user has no control. End users have no desire to deal with these things; nor should they need to. All of this should be taken care of in the background by the system administrator.

New programs for file management, trying to find the location of menus or documents that are now in a different location after the upgrade, a somewhat unfamiliar desktop landscape and new features and concepts such as multiple desktops can also be hurdles to overcome. These are also issues for the administrator, but these can be dealt with through some level of training on the new environment.

Secrets to Success

It is important for you, our prospective customers to realize that although there are many benefits to Linux and Open Source Software, there can be pain in making the change from proprietary software that costs money to Free Open Source Software. However all of the potential issues that exist when considering a move from proprietary to Open Source Software can be mitigated with a few simple steps.

Planning

As with any major endeavor, proper planning is essential to success when upgrading to Open Source Software. This starts a thorough review of your current computing environment including available hardware and a complete inventory of the programs used in your business. Any industry or task specific software or hardware you use should also be noted.

Preparation

Preparation for any major undertaking is key. When considering an upgrade to Free Open Source Software, testing of your potential new computing environment should be part of the plan. This may include setting up a pilot project with a small number of employees or a separate test lab in which potential problems can be discovered and resolved before they become an issue for everyone.

This preparation  stage of the project should also include ensuring that your employees are kept fully informed of the potential changes. Many people need time to adjust to changes and are better prepared if they are informed in advance that these changes will be forthcoming. In fact these are some of the most important people to have participate in the planning and preparation of the upgrade.

Communication

Constant and consistent customer communication is also an important factor in a successful upgrade of any kind. Whenever issues are encountered, whether during the planning, preparation or implementation phase, you should be kept informed by your consultant. The very word consultant comes from the Latin and means “to discuss.” Your consultant should do just that; you should always be aware of the current status of the project. The consultant is there to discuss and inform you of the options and you should make the decisions.

Training

Training is an important factor in a successful upgrade. I have seen many projects fail because the end users, the employees were not trained on the new software or computing environment. While it is not possible to provide training to cover every aspect of this type of upgrade, training should cover the important every day tasks that people perform on their computers. This familiarizes them with the new environment and reduces the stress of having something new just dumped on them. If possible, initial training should be done prior to the upgrade so that everyone will be ready for the change when it does take place. Additional training should be scheduled for after the upgrade to reinforce learning in the new environment.

Training applies not only to end users but also to your in-house IT staff if you have any. You may be surprised to find that your IT staff already has some knowledge of Linux and Open Source computing.

Documentation

A computer project is not complete until it is fully documented. Yes, this takes time and adds to the initial cost of the project. Proper documentation will save a great deal of pain later. Problems will occur later and proper documentation is important for all concerned because it defines the environment that was created by the upgrade. That documentation allows any consultant or your own staff to have a complete understanding of your new environment as a basis for troubleshooting or further upgrades.

Expertise

Lastly you should choose a company whose expertise is with Linux and Open Source Software, not one whose expertise lies elsewhere and for whom Linux and Open Source is just an afterthought as it is with many companies out there today. When you select Millennium Technology Consulting LLC to plan and implement your upgrade to Open Source Software you have chosen a company for whom Linux and Open Source Software is all we do.

Contact us at Millennium Technology Consulting LLC for a demonstration of Free Open Source Software.