Fwd: [Krebs on Security] New Comment On: Using Windows for a Day Cost Mac User $100,000

Henry Hertz Hobbit hhhobbit at securemecca.com
Wed Jun 9 20:44:41 MDT 2010


When I said I am swamped, I MEAN IT!  Five years ago the Microsoft
Windows malware situation looked like this (the water is the


Now it looks like this:


The stick is a Macintosh on the left and Linux on the right.

But I have found in my reading that approximately 90% of people
using Mac OS-X at home are running their machines from their
admin accounts.  This is bad news!

MACINTOSH!  If somebody wants me to give a run-down on how bad
it is in your monthly meetings let me know and I will oblige.
I usually go through 6-12 Windows malware samples per day.  When
I submit then to ClamAV I chuckle when they pre-select Unix/Linux.
WHAT LINUX MALWARE?  It is there but I only have two, and only
one is relevant.  When I give new samples to VirusTotal to scan
I usually get back only 6/40 detects if they perturb their binaries
and 0/40 when they re-write their code every one to six weeks. Now
you should understand those pictures are not an exaggeration.  I
have had two family members whose PCs running Windows got infected.
The problem is getting worse, not better.

-------- Original Message --------
Subject: [Krebs on Security] New Comment On: Using Windows for a Day
Cost Mac User $100,000
Date: Wed, 9 Jun 2010 16:16:17 -0400
From: Krebs.on.Security <dev-null at krebsonsecurity.com>
To: hhhobbit at SecureMecca.com

There is a new comment on the post "Using Windows for a Day Cost Mac
User $100,000".

Author: Sean
So, as a small business owner, I have taken Mr. Krebs advice very
seriously, and I now do all of my business' online banking using a Linux
LiveCD, on a second computer that resides right next to my main Windows
machine on my desk.

This works fine, generally, and although it is clunky and less
convenient, it is still more convenient than  mailing bills at the post
office or getting in the car every day and driving to the bank to check
up on my account balance.

HOWEVER, even with all these steps, I have caught myself inadvertently
trying to use my Windows machine to log into my bank account several
times, simply because I was "not thinking" about what I was doing.  Sort
of like putting the milk back in the cupboard instead of the fridge.

In my REAL-WORLD experience as a small business owner, even the dual
machine / LiveCD solution is easily defeated by 10 seconds of doing
"something stupid" accidentally.  It's like keeping a loaded handgun on
your desk with the hammer cocked.

Call me stupid if you want - but I still think it is way too easy to
screw yourself during a moment of not thinking straight.

More information about the PLUG mailing list