On Fri, Feb 15, 2008 at 1:29 PM, David Lowe <[EMAIL PROTECTED]> wrote: > conditions the statement that I would be 'negligent' (and therefore > unprotected) if I did not use 'the recommended protective software and > operating system'. The terms did not explain what is 'recommended'.
Nor do they define what is meant by "unprotected" :-) IANAL of course, but basically you can put whatever you want in a "contract" -- if what you put in there is stupid rubbish, it will be unenforceable; i.e. they won't be able to get a court to punish you for it ... > me that as long as industry standard anti-virus programs are being used (ie > Norton or AVG or similar) then this is fine. Continue to be mischievous then. "Linux" is your anti-virus program, and it is "better" than Norton or AVG. > Also, do not allow your > operating system to automatically save your password." That's good advice in general. Regardless of the keystore being used, you generally shouldn't let your OS automatically provide sensitive passwords. It would be adequate security for your blogging software or something like that, or logging on to slashdot ... A manually invoked keystore is better than an automated one :-) See KeePass or PasswordSafe (fine Open Source projects) for examples. > - Does one need AV protection in a Linux environment? A guarded "yes"; but generally "no". > - Is Yuri right that Linux is inherently more secure for internet > banking? A guarded "yes"; because security for banking isn't the same as security for preventing viruses &c. > - Or is the security really a function of the choice of web browser? No; but the choice of browser is a major part of the process. > - How good is the security in Linux applications that save your > passwords? Would the use of these tools contravene their t&c's? Linux doesn't have anything to do with it :-) An Open Source application is "more secure" than a closed source application in the sense that the code is examinable, not in the sense that it must automatically be better, or indeed must have been examined. But PasswordSafe and KeePass are probably fine; and they are cross-platform. An OS or browser-provided keystore is generally "for your convenience" and represents the minimum amount of protection that is probably appropriate for banking data. -jim
