|
|
Perspectives on a recent SMH news article "Is internet banking safe?" |
|
Date: 12 December 2007 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=8500 Today we noticed an article "Is internet banking safe?" that mentions AusCERT and cobbled together a raft of Internet Banking related bits and pieces. The first reference to AusCERT was: "AusCERT, our national computer emergency response team, says that by the time malware is out on the internet, 60% of it can't be detected by anti-virus software." This point is from the 2006 Australian Computer Crime and Security Survey which stated: "Testing of malware developed for the purposes of stealing personal information and account credentials has revealed that, on average, 60% are not detectable by anti-virus software at the time they are discovered in the wild." Which was the average of AV product effectiveness in statistics published by CERT.br. At the time, this made headlines all over the place, without making it clear that the sample set was of malware predominately targeting Brazilian internet users, not to mention that any attacker with half a brain would test their malware prior to release to ensure a low detection rate. The second reference to AusCERT was after the writer appeared to confuse Windows Vista's BitLocker drive encryption with the User Access Control functionality: "AusCERT's computer security analyst Rob Lowe also points out that BitLocker does nothing to prevent malicious code being installed on your system." My actual response was: I thought it was a shame that article doesn't actually acknowledge that Vista's UAC has improved the security of home user's PCs, but instead misrepresents the functionality of BitLocker encryption. It also belittles Microsoft's efforts (which I personally consider significant) in tackling phishing and malware based fraud. I'll still continue to do my banking online and be more wary of journalists... Rob |