Well now this is interesting

10 years working in IT for financial services and I have to confirm you are correct.

Recently for internal systems networked, alot of financial institutions and central banks are using Trusteer (not the end user Rapport thing but full on internal threat detection). This works based on detecting threats and intrustions rather than viruses.

Cross boarder transactions over SWIFT are generally not internet connected but run over SWIFTNet which is a parellel IP network to the internet but not the internet (not a VPN on the internet). As well as being a completely seperate network, it uses 4 layers of VPN and tunnelling within itself but whether the banks connect a SWIFTNet connected system simulaneously to the internet is up to them.

Actually, working with so many back office banking systems I can confirm that many systems cannot run any antivirus because it either doesn't exist for the platform they use or - more commonly - is not compatible with other banking system software and running antivus actually causes serious system performance issues.

Recognising that there is a losing battle going on, alot of security for financial services focuses on data compliance and making most data heavily masked and segrated from the more comprehensive whole which is generally better locked down. But breaches to happen and banks do periodically notify customers that personal data may have been stolen (mine has). But unless they assume your identity, they cannot simply initiate transactions to clear out your account.

Given that 90% of all hacks still have a social engineering aspect them, alot of security is based around diligence and best practices. Until recently, in Japan it was common for only 1 terminal per department to be internet connected.

In business, Sophos, which is also not perfect I am sure, but has been effective and trouble free for us, centrally managed and safeguards 10 servers, circa 200 desktop PCs, and 5 MACs.

At home on my own PC, nothing, and never have.  Not that I recommend this, not at all.  And yes, I've had to deal with maybe three little blighters in the last 20 years of PC computing (at home this is), but I have dealt with them manually, and that's my choice.  It is certainly not without risk.  I just have had bad experiences the home user targeted versions of Norton and relatively recent times, hence my view on that specifically.  

Those are my views, those are my choices, and nothing more.  I would not expect. or recommend following my lead.  Although, at enterprise level, I think Sophos is pretty good, and would consider their home user options if I wanted something of that nature, but I can't recommend from direct experience in that capacity.

A guy in the anti virus software industry, Michael St. Neitzel, said what anti virus is effective or not effective pretty much depends on where you are in the world.  He meant that a Chinese anti virus was more suited to the Chinese market because it dealt with threats found mainly amongst and targeted to, Chinese users.

Anti Virus will stop what it has definitions for and maybe stuff that it's heuristics flags up but it can't stop what it doesn't recognise to be a virus or malware.

As posted above, it's the social engineering aspect that's likely to be your biggest danger.  Clicking links in phishing emails or slightly dodgy websites, having auto-run switched on on your PC.  You can use add-ons like 'No Script' in Firefox that wont allow website scripts to run without your permission, whether that's for you or not depends on how much clicking you like to do.

There's also sandboxes where you can open emails or programs inside them and if there's malware they should stay in the sandbox.  Again, if your anti malware software doesn't recognise it's malware there's not much you can do.

I've had over the past 3 years Norton, Avast and now Kaspersky plus Malwarebytes and think they've only flagged a couple of things in those 3 years. That doesn't mean my system is clean though.

Anti viruses can't scan what they don't have access to...

http://www.kaspersky.com/about...r-of-cyber-espionage

So many half truths and mis-leading opinions.

I too work in IT for an industrial sized financial institution. This means nothing.

Most data theft is the same as physical document theft. Usually performed by an employee who prints information or the equivalent. Very rarely does anyone gain internet access to any system and if they do then it will be at a document level.

I will perform internet financial transactions on any trusted system whether it has security or not. Of the three banks that I use, two are challenge response systems that are pretty un breakable and the third is only susceptible to screen scraping.

I have recently (last month) had my UK Barclaycard hacked. I very very strongly suspect that this was a result of internal security breaches by Sainsbury online shopping (I think that because of the fact that they can't charge until dispatch that the credit card details are not secure). 

I'm not sure how much this has to do with Andy though.

Bananahead originally wrote:

"So many half truths and mis-leading opinions.

I too work in IT for an industrial sized financial institution. This means nothing".

It would be interesting to know to which half truths and misleading opinions you refer. I agree that simply working in an IT Department in a financial institution does not lend a huge amount of credibility to arguments here, unless of course some of that work touched on, or at least occasionally touched on, as in my own case, the field of Internet Security.

It appears that many of us on this forum work in, or have very recently worked in IT Departments in 'Industrial sized' financial institutions. Count me in as well!

I agree with your assertion that the vast majority of data theft or Internet fraud is as a result of misuse or misconduct by a very small number of employees (in the case of data theft) or as a result of unsuspecting individuals being taken in by the many phishing and spamming threats that are now unfortunately only too common.

I also agree that the response challenge systems that are used by the largest of our financial institutions offer a very high level of protection, and I too am happy to perform financial transactions on many trusted systems (using my credit card), However, I do so in the knowledge that my own PC is relatively safe. I certainly would not do so if I wasn't confident that my own PC was well protected.  

Would you?

Commiserations about your Barclaycard problem. These things can still happen no matter how computer literate or safety conscious we are. I once (5 or 6 years ago) had a similar breach on one of my credit cards while I was visiting the States. Of course the credit card company (possibly also Barclaycard - I can't remember now) identified the fraud very quickly, froze my card and made good any financial loss. 

My point has been to say that many people, in particular those whose personal data or financial transactions have not yet been compromised, are probably blissfully unaware of the very dangerous internet world out there. 

I personally would not run an Internet connecting PC containing valuable personal data, without being sure it was adequately protected.    

A little knowledge and experience is a dangerous thing. I try not to take mine too seriously.

I don't think that Kaspersky is perfect. I see that Norton tests very well and when I used to run it it did me no harm.

I do wonder if the PC OS companies had been allowed to build security into their core systems if we might be in different security place today. Let's blame the EU.

I get almost no spam emails at work and zero phishing.

Some common sense goes a long way. If a company that you don't use sends you an invoice as an attachment then simply delete it.

Oh the Barclaycard hack is a triviality. The burglary last week was much worse. And then waiting for the insurance company to decide if we are insured or not puts the cherry on top ( the policy has a clause about door security that I don't think we comply with - if I had known I would have done something ).  Fortunately only the plasma screen and a case of wine were stolen but we have today placed an order for a more secure door. Expense we don't need.

Anyway. I make a trip to the UK each Easter to visit my parents. Two or three years ago I arrived to the usual "please can you have a look at the PC" to find that Kaspersky wasn't running. Of course my dad had decided two weeks before not to renew the subscription and had disabled it instead because it doesn't do anything anyway. Of course they didn't know half of the license key or passwords for online access. A fun couple of days that made for. I left him with clear instructions to buy a new license but he had a friend who persuaded him that free was good enough. Fortunately they only make credit card purchases

Trying Andy with 'the Naim app' on a Win7/64 PC and having some issues. Can anyone advise please? Running Andy. App installed fine. Auto-discovery of the ND5XS player didn't work. Manually added the player and it then it's found okay. However UPnP discovery for the NAS isn't working. Tried running in XP compatibility mode. Rebooted 2 or 3 times. Uninstalled and reinstalled Andy and still no joy. MediaMonkey4 running on the same PC DOES find the NAS so I know it's not the PC. Any suggestions please?

You need to enable compatibility mode in the Upnp input settings in the Naim application, this resolved the discovery issue for me. 

Richard 

Cheers... Will try that when I get home :-)

Interesting

http://arstechnica.com/gadgets...n-most-desktop-oses/

I'm not using Andy, I installed 'Arc Welder' by google which is working flawlessly once your turn compatibility on, the onluy issue being working out how to use it without swipe, 'esc' takes you back a page!

Sorted.... A restart of the app and now working. No I can be even lazier and not have to get up off the settee every hour!

I like Norton;  it provides a useful income stream for me. 

I fix people's computers after Norton has messed them about.

(PS - you wouldn't catch me loading it on any computer of mine, though)

Although this setup works I've had to stop using it. It slows the PC down so much that it's just about impossible to do anything else on the computer at the same time. A pitty but there you go. Maybe, one day, Naim will write a proper PC programme. The other option is Naim goes open source with the control commands so some keen users can write something ;-)