Letter #5: Lose Internet Explorer to solve spyware problems
Reader: Pierre J. Lavelle
Computer Professor, Solutions Architect, Lead Auditor BS 7799
Rio de Janeiro, Brazil
Environment: For my work computer, I use Solaris with the Mozilla Firefox Web browser. For my two home computers, I run Windows 98 and SuSE Linux, and use Firefox on both.
Security dilemma: Long ago, I quit using Microsoft Internet Explorer and Outlook. The ongoing security problems this pair presented justified my decision. In my opinion, using anything other than IE and Outlook is the best solution to the spyware problem.
Both products were designed to support marketing purposes. ActiveX is exactly what advertisers wanted, but by its very nature, it's perfect for spies and thieves. Then you have Outlook's automatic execution of arbitrary attachments -- an insane idea. Even if you try to switch it off, there are ways clever artists can use it.
To protect myself from phishing scams, I do all of my Internet banking from the Solaris or Linux platform (never from Windows). Me paranoid? I think everyone else is over confident.
I also never return to a site that asks to download ActiveX content. I have already stated in writing to my bank's marketing director that if our site ever asks to download any executable (as unfortunately some others Brazilian banks do) I will switch my account to another bank. Forget about strengthening IE. You can't block the sun with a sieve.
Antispyware solution: No tools are needed at work. Spybot-Seach & Destroy and Lavasoft's Ad-Aware are used at home.
I use both Spybot and Ad-Aware hoping that one will uncover the other's mistakes. I know I can't rely on any one product to be truly secure. Even good samaritans like Spybot and Ad-Aware are doubtful.
At work we don't need any specialized tools. A Solaris utility keeps an eye on all the binaries and scripts. If anything executable changes, appearing or disappearing without due reason, alarms sound.
The reason why Pierre hasn't upgraded to Windows 2000 or XP: A long time ago, I bought Windows 3, then I bought 3.1, then I bought 95 and finally I bought 98. Each time I thought that was the end of it. How stupid I was. I tried 98 SE and came back to 98. I tried Millenium and came back to 98. I tried 2000 and came back to 98 again because all of those upgrades wouldn't work with a lot of the software I had purchased. XP requires more machine than I have and it is too expensive. There's no way I can afford it with my Brazilian salary. Pirated goods are not an option for respected professors. When Microsoft stops supporting Windows 98, I will kiss it goodbye, erase its hard drive and build another Linux partition on it.
For more letters to the editor, click for the complete series.