Online security doesn't come cheap - it's free

Sometimes, fixing a problem means giving Linux the boot
Written by Leader , Contributor

One of the demonstrable advantages of free open source software is its superior support for innovation. You can have a bright idea in the morning, code it up over lunch and distribute it to millions by tea-time — and if that doesn't work, do the same again tomorrow. And you can do exactly what you need to make it work.

Take the omnipresent problem of online security, especially in the context of retail banking. Phishing attacks, keyloggers, root kits are all out to get you and your account details: when checking a bank balance starts to feel like a bad Star Trek script, we have a problem. It is trite but true to point out Windows' central role in all this — as Microsoft says, if everyone switched overnight to Linux the bad guys would follow in a trice.

So you need not only to replace an operating system, but harden the system against malware patches. Sounds a big deal. It turns out to be almost trivial, as Australian company Cybersource realised.

The perfect candidate is a live Linux CD, which starts each day as pristine as the moment it was created. A bank can send out as many as it likes, configured how it likes, and all the customer has to know is to turn their computer off and on again with this in the drive before getting down to work. Knoppix knows about PC hardware, desktop software and booting — a competent Linux hacker could produce a demo secure CD in an afternoon.

It's instructive to consider how Windows might offer a similar solution. There is no version that will boot to the desktop from CD — if a bank wanted one, it would have to petition Microsoft to create it. There is no version that runs the bare minimum of necessary services, nor may we mortals dare to create one. There is no MS licence model that supports any of this, again unless the company chooses to create it. And if a security patch is needed — no system is perfect — guess who has to do it?

In short, an innovator looking to solve the problem of online banking security has no option. There is something profound in the realisation that a small Australian company can produce a far more effective solution than one of the world's largest and richest companies, purely because it has demonstrably better tools at its disposal. And there's a corollary. If you want to be the next Bill Gates, you won't get there writing Windows software.

Editorial standards