Online security doesn't come cheap - it's free

Online security doesn't come cheap - it's free

Summary: Sometimes, fixing a problem means giving Linux the boot

TOPICS: Security

One of the demonstrable advantages of free open source software is its superior support for innovation. You can have a bright idea in the morning, code it up over lunch and distribute it to millions by tea-time — and if that doesn't work, do the same again tomorrow. And you can do exactly what you need to make it work.

Take the omnipresent problem of online security, especially in the context of retail banking. Phishing attacks, keyloggers, root kits are all out to get you and your account details: when checking a bank balance starts to feel like a bad Star Trek script, we have a problem. It is trite but true to point out Windows' central role in all this — as Microsoft says, if everyone switched overnight to Linux the bad guys would follow in a trice.

So you need not only to replace an operating system, but harden the system against malware patches. Sounds a big deal. It turns out to be almost trivial, as Australian company Cybersource realised.

The perfect candidate is a live Linux CD, which starts each day as pristine as the moment it was created. A bank can send out as many as it likes, configured how it likes, and all the customer has to know is to turn their computer off and on again with this in the drive before getting down to work. Knoppix knows about PC hardware, desktop software and booting — a competent Linux hacker could produce a demo secure CD in an afternoon.

It's instructive to consider how Windows might offer a similar solution. There is no version that will boot to the desktop from CD — if a bank wanted one, it would have to petition Microsoft to create it. There is no version that runs the bare minimum of necessary services, nor may we mortals dare to create one. There is no MS licence model that supports any of this, again unless the company chooses to create it. And if a security patch is needed — no system is perfect — guess who has to do it?

In short, an innovator looking to solve the problem of online banking security has no option. There is something profound in the realisation that a small Australian company can produce a far more effective solution than one of the world's largest and richest companies, purely because it has demonstrably better tools at its disposal. And there's a corollary. If you want to be the next Bill Gates, you won't get there writing Windows software.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Actually, there is a build-your-own Windows LiveCD (you can find the tools here: ), but it's a third partyproduct with no support/endorsment by microsoft, and is harder to do/copy LEGALLY that a GNU/Linux or BSD LiveCD

    PS: I've never thought that I would defend Microsoft ;)
  • It is a limited version that supports 8 concurrent processes. It is designed as an enviroment to compete with WinPE in the PXE space, not WinXP. Please do a little research.
  • Hey, don't sh*t on him because he's stating a (true) fact - a Windows bootCD exists, and as you say is very limited. The point is, it is not provided, endorsed or even allowed in any way by M$ and as such unusable in a context such as the article's. It's a last-resort tool for security 'specialists' unaware of Linux Live CDs and NTFS support in Linux.

    It was worth mentioning, and in fact strenghtens the article in the fact that M$ COULD do it, but they don't, and they don't permit it. Only Linux/BSD allow it.
  • I think bootable CD is not a good idea for a security measure simply because it's not convenient. Say, here is a CD for Bank A, and here is another CD for Bank B, and ... where is my CD for local e-government? As you know there are several embedded versions of Microsoft Windows, and good old bootable Windows Emergency Floppy. It's quite easy for Microsoft to release bootable Windows CD, but they didn't. They might feel it's not practical, I suppose.
  • Ya know eventually there is gonna have to be CD format that is going to have to be settled upon. Think of it as what we think of floppies as today. I can remember many years ago when all it took was to make a bootable floppy was just to pop it into the drive and type:
    sys c: a:

    on the command prompt. And this is what we call progress? Anyways ever since Windows '95 there has never been a convenient way of making a bootable substitute other than having the OS boot from your hard drive. And then along comes a nasty virus, it screws up key Windows binaries. You've got a report due tomorrow and your laptop just crashed! Whats the old MS standby line(that is in the absense of third party utilities)?

    MS:"Reformat your hard drive! You backed up your data right?"
  • The Windows Boot CD by Bart Lagerweij is based on the windows Pre-installation environment... good luck running your 3d games in there. :)