Operating systems, banking, and security. Oh boy.

Perhaps you’ve seen this article in the Washington Post. Therein, their resident security person (blogger? reporter?), Brian Krebs, gives some advice about how to avoid getting pwned when you want to do some online banking. The advice? Use a Linux LiveCD to do your online banking.

Throwing in Knoppix or running Ubuntu live is a great way to get around this problem. Although I’m sure it’s possible to exploit the OS while it’s running in memory, the current operating system installed base climate means that the odds are enormously against it, even when you set aside the added security of a GNU/Linux OS running ephemerally, in read-only mode.

Ultimately, however, I have such mixed feelings about this situation. Among the worst outcomes I see is that people get really paranoid about doing anything with computers because it could screw them over. That’s bad for everybody in the computing industry, and, frustratingly, it doesn’t have to be that way.

I’ll admit that insinuating anything about the way things “should” be is a recipe for trouble. I may work in the software industry, but let’s face it: I’m mostly self taught, and I don’t know shit relative to plenty of people. Furthermore, speculating about how things “should” be is a lousy practice— that way lies madness or, if you prefer, wank. It’s a losing proposition.

What I mean to say is that computers don’t have to be this terrifying thing that they are, and yet I’m feeling a bit paranoid about my own machine even reading this. And I consider very computer literate!

At any rate, reading this article left me wondering: what’s the endgame, here? It’s a question I’ve become fond of asking about many situations (e.g. the healthcare debate in the United States). The situation regarding mainstream computer security is clearly untenable.

Linux offers something of a solution, but the user experience is brittle and don’t see anybody heading in that direction anytime soon. Perhaps news like this combined with similar advice from banks will push people in that direction. Mostly, I doubt it.

In my opinion, Mac OS X offers the best compromise, but only as long as it remains obscure. After that, it’s anybody’s guess. Sure, they’ve got a leg up in that they’re running BSD. Beyond that, I think they’re largely untested due to the fact that it’s vastly more efficient to exploit Windows machines.

As with so many things, this is one area in which only time will tell. In the meantime, maybe I’ll reconsider relegating Linux to a headless machine. I’ve got some spare parts lying around, after all. How much is a socket 775 motherboard these days?