Can digital certs fend off Trojan attacks?

Can digital certs fend off Trojan attacks?

Summary: Special Minister of State Gary Nairn this week released a paper entitled 'Responsive Government - A New Service Agenda', which details how e-government services will be "improved" over the next four years.If and when these services are delivered I hope that during a security emergency they will offer better advice than the Australian Tax Office did this week.

SHARE:

Special Minister of State Gary Nairn this week released a paper entitled 'Responsive Government - A New Service Agenda', which details how e-government services will be "improved" over the next four years.

If and when these services are delivered I hope that during a security emergency they will offer better advice than the Australian Tax Office did this week.

On Monday, the ATO restricted access to its Web site for certain users who had been infected by a password-stealing Trojan.

The ATO tells users that if they use a digital certificate to access the site instead of a user name and password, the Trojan is less likely to be able to steal their "portal details".

If you use digital certificates to access the Tax Agent Portal, and you've disabled your user ID and password access, the risk of a Trojan virus compromising your portal details is reduced.

How?

I tried finding out how the ATO thought that using a digital signature could reduce my chances of being infected by a Trojan. Three days and numerous phone calls later all I had was a government spokesperson telling me that they take these kinds of incidents "very seriously".

At the time of writing, the warning and the advice is still online.

If you take your system security seriously I advise you to keep your patches up to date, install a decent antivirus and anti-spyware application and wait for Nairn's 'Responsive Government' to emerge.

Topics: Malware, Government, Government AU, Microsoft, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Huh?

    How are they saying your chances of being infected by a trojan are less if you use digital certificates? What they are saying is a trojan infection is less likely to steal the details you use to interact with the them (ie. username and password) if you use a digital certificate instead.
    anonymous
  • Antivirus and antispyware are all very well...

    Antivirus and antispyware are all very well, but they are reactive, and are not going to catch the latest exploit. I guess you are aware that the window of time between an exploit being discovered and used is getting smaller all the time? Digital signatures simply do not rely on keyboard entry but use challenge / response - so they are not vulnerable to trojan keystroke loggers.
    anonymous