New banking code cracks down on out-of-date software

So which is it?

"...if they have out of date anti-virus...protection..."

or

"...do not have up to date anti-virus...software installed..."

I have no anti-virus software of any kind installed (guess why I don't need it), so the second applies to me, but not the first.

However, your point is well made, since users of Macs and Linux don't need such software.

"Robin T Cox" wrote

Hahahahahahaha!!! Think on...

Not quite true as it stands. It's not that using a Mac means you don't need such software: you could be running Windows on a Mac, in which case you do need it.

But you won't need such software so long as you don't run Windows.

"Alec McKenzie" wrote

Do you really think that you don't need antivirus software when running Mac OS, after reading the articles below?...

--------

Also see here, a Mac virus discovered over 2 years ago:-

Extract: "Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked..."

What else would you expect from companies trying to sell you "anti-virus" software?

The fact remains that the *only* known cases of a running Mac OS X being infected with a "virus" are those cases where the user infected his system deliberately.

If and when a case of unintentional infection occurs, the writer of the virus will become world-famous overnight.

No problem. The code is just saying if it does happen to you, you will be responsible for any losses.

The bigger isssue is that people don't know/understand what security measures they have/have not installed & activated. The problem is that it is not like checking a door is locked (i.e. it is not physically obvious). And what is the definition of "up to date"..?

If you are referring to the Banking Code, March 2008, it says no such thing. Have a look and see what it actually says.

In message , Robin T Cox wrote

Why do banks want you to install spyware software on your machine? The prefix 'anti' seems to be missing?

I assume that the banks will not accept responsibility for losses if the customer uses an ISP that is transferring data to Phorm

Or if the customer accesses their account from an internet café.

That might be a fatal assumption.

No doubt the banks will take the view that it's down to the customer to choose an ISP that protects their online account, i.e. that protects the bank.

I fail to see how a code of practice prepared by the Banks, can be legally enforcable upon customers. Whether a customer is cupable is for a court to decide, not for the banks to decide.

tim

Are any of the banks offering security features - like RSA securid protection or even detection methods such as quick notification of attempted transactions.

What the banks *can* decide is how they choose to interpret the Ts&Cs which govern the customer-bank relationship.

The code of practice merely sets out when the customer may presume to be "safe" from an adverse interpretation, and when the customer may need to be prepared to take his bank to court.

If the bank isn't using a secure web site, change bank, not ISP :-)

As far as I know, phorm isn't trying to break https. Yet.

Maybe, but in practice when you are trying to reclaim money from them, it's amazing how difficult they can become, and how long it can take - whatever the legal rights and wrongs may be - to get your money back. Take the current situation re unfair charges, for example. The banks have succeeded in putting a complete brake on court action, whilst continuing to make the charges irrespective of the legal rights and wrongs.

Phorm is Spyware. If an ISP is in partnership with Phorm it will be up to the customers to prove that their web usage is NOT being reported to third party to ensure they are not responsible for all losses on their on-line bank or credit card accounts.

Haven't some ISPs been lying about their involvement with Phorm?

Alan wrote: ...

One definitely at least, it would seem. One probably.

I tried raising this issue with one online bank. They showed a complete and utter lack of understanding of the issue I was trying to raise.

But again, if the link is encrypted - https - there /shouldn't/ be a problem. As far as I am aware, https has not yet been broken, so phorm should be able to spy on the datastream all they wish and be none the wiser. But they promise not to anyway, so that's doubly OK. Have you ever dealt with a company with such clear trustworthiness credentials?

:-)