Do you make online financial transactions from a Windows computer? If so, you may want to re-visit that decision.
It's a given that almost all malicious software targets Windows. In my opinion, while it is possible to secure a Windows computer, the process is too hard, too time-consuming and/or technically over the head of most people.
A recent article at WashingtonPost.com described multiple organizations whose bank accounts were emptied by malicious software on their Windows computers. In one case, the Clampi Trojan sat undetected for a year on the computer of the Controller of a small business, before it decided to make withdrawals from their bank account.
According to recent news reports, "Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks." Businesses don't have the same safeguards as consumers from this type of theft. Both articles describe serious losses and lawsuits.
In response to this, I wrote Defending against the Clampi Trojan, which applies to all Windows based malicious software (malware). In short, the advice boils down to this:
Is this more time and effort than you have available? Is the technical know-how necessary to carry out all these steps above you?
Here's a test of technical competence. Try to run the Secunia Online Software Inspector. It's a Java applet and requires Java version 6. If you have an old version of Java, don't know what version of Java you have or can't get Java version 6 installed, then you fail.
If the scan runs but finds out of date, vulnerable buggy software installed on the computer, you also fail. For extra credit, try to get a perfect score with the "thorough system inspection" option turned on.
I suspect that a large percentage of Windows users will fail. Anyone who fails should not do online financial transactions on a Windows machine. Consider instead, Macs and Linux, my preference being Linux.
Windows is like an ocean full of sharks. Do you really want to swim where the sharks swim, even if you take some defensive measures? Macs are like a swimming pool, no sharks. But, the Mac pool is deep and often neglected. Linux also offers a swimming pool, but it's shallower and better maintained (more later) than the Mac pool.
According to a recent blog posting by Graham Cluley of Sophos, AV-Test.org is detecting more than a million unique malware samples a month. That's a lot of sharks.
Another factor to consider is that really malicious software hides and hides well. If a Windows user thinks their computer is infected because it's acting strangely, then they're in luck, the infection is not particularly sophisticated. It's when nothing appears to be wrong that you may be most at risk. Software that wants a Citibank password from you is not going to announce its presence.
The sophisticated hiding techniques were a big reason behind my recent series of Best Way to Remove Viruses articles that focused on booting from a CD and scanning for malware from outside the suspect/infected system.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.