Linked by Thom Holwerda on Tue 24th Oct 2006 20:57 UTC
RISC OS NetSurf users are reeling from HSBC's shock decision to suspend their accounts because their RISC OS computers are allegedly infected with spyware. The high street bank has confused the open source browser NetSurf with a strain of PC malware going by the same name, and has locked their customers out for security reasons, it is believed. Punters say they were forced to turn up at their local branch with photo ID and sign a form promising to use Microsoft Windows XP with anti-virus software installed before they could access their money again.
Order by: Score:
Stupidity
by sbenitezb on Tue 24th Oct 2006 21:15 UTC
sbenitezb
Member since:
2005-07-22

This is all about people stupidity. They don't know anything except the Windows and then ban those that think different. Like a world of clones that behave just exactly. I would without any doubt take all my money and go elsewhere.

Reply Score: 5

Pathetic
by twenex on Tue 24th Oct 2006 21:31 UTC
twenex
Member since:
2006-04-21

Nothing to add.

Reply Score: 4

???
by eantoranz on Tue 24th Oct 2006 21:32 UTC
eantoranz
Member since:
2005-12-18

So, they ask you to use XP because you could have spyware installed in your computer instead of another OS? It's like asking someone to get into the oven to prevent them from overheating!!!! Why don't they provide their costumers with LiveCDs instead and then BE sure (instead of make sure) there's no spyware involved? Oh, right.... free software... it's made by al-qaeda programmers, right? Unbelievable!!! If I had plenty of money and were their customer (which I don't do both) I'd sue them (and a few others).

Edited 2006-10-24 21:34

Reply Score: 5

It's just weird
by Buck on Tue 24th Oct 2006 21:38 UTC
Buck
Member since:
2005-06-29

I wonder how they handle internal security and availability if they cannot even distinguish between a worm and a browser? Uh... And I wonder how many more banks are in the same boat. There's a risk you're trusting your money to the clueless...

Reply Score: 4

Very funny --- but obviously clueless...
by nathan_c on Tue 24th Oct 2006 21:52 UTC
nathan_c
Member since:
2005-07-12

Yeah - if I had accounts there, I'd be moving them fast! It says a lot about the bank's security when they grant or deny access to their site based on the user-agent name the client is providing! Whoever sold them that system is a genius. ... ha. - but they're probably raking in the cash right now, so I shouldn't bash them too much. ;-)

Reply Score: 2

Ronald Vos Member since:
2005-07-06

It says a lot about the bank's security when they grant or deny access to their site based on the user-agent name the client is providing!

In all fairness, it doesn't need to be the user-agent. If Netsurf handled some security certificates wrongly, that could also send off alarm bells.

Reply Score: 2

Soulbender Member since:
2005-08-18

"If Netsurf handled some security certificates wrongly, that could also send off alarm bells."

Handling certificates "wrongly" would only cause errors on the client and not on the server.

Reply Score: 1

It's everywhere you look
by brewmastre on Tue 24th Oct 2006 22:10 UTC
brewmastre
Member since:
2006-08-01

Finding out that companies have security department like this is not much of a shock. I used to work for the US DoD and we has 'Security Experts' that told us that we couldn't have handheld GPS units because terrorist might be able to intercept our communications. Mistaking a browser for a worm isn't much of a stretch. Kinda makes you feel good about our money and our national security

Reply Score: 4

What about user-agent
by holywood on Tue 24th Oct 2006 23:03 UTC
holywood
Member since:
2006-09-25

Maybe they can change their user-agent to bypass browser check.

Reply Score: 2

RE: What about user-agent
by kmarius on Wed 25th Oct 2006 06:21 UTC in reply to "What about user-agent"
kmarius Member since:
2005-06-30

Yes, but a better solution would be to change banks :-)

Edited 2006-10-25 06:21

Reply Score: 2

Jesus
by Bit_Rapist on Wed 25th Oct 2006 01:10 UTC
Bit_Rapist
Member since:
2005-11-13

Its a people problem but my god, asking you to use XP to avoid malware?

Thats like asking someone to strip down buck naked in the artic to stay warm!

I'm sorry but for the people with the locked accounts thats just an insult.

Reply Score: 1

Interview
by Lu-Tze on Wed 25th Oct 2006 01:22 UTC
Lu-Tze
Member since:
2006-01-10

It would be interesting if some Tech magazine interviewed their "IT guy", preferably someone higher up in the ladder like the CIO or his/her immediate underlings. Once they are ridiculed a bit in the press, they might come up with a less boneheaded approach. Just wishful thinking...

Reply Score: 2

RE: Interview
by sbergman27 on Wed 25th Oct 2006 02:51 UTC in reply to "Interview"
sbergman27 Member since:
2005-07-24

"""Once they are ridiculed a bit in the press, they might come up with a less boneheaded approach."""

But that's not what would happen. The bank would make some statement that they can only support certain platforms in the interest of their customers' security and people would buy it. Then for balance, the tech mag would have a short interview with someone from McAfee, who would explain how all platforms have malware, and that a massive increase in virus problems for RISC OS in particular might be just around the corner.

Edited 2006-10-25 02:54

Reply Score: 4

RE[2]: Interview
by twenex on Wed 25th Oct 2006 03:50 UTC in reply to "RE: Interview"
twenex Member since:
2006-04-21

But that's not what would happen. The bank would make some statement that they can only support certain platforms in the interest of their customers' security and people would buy it. Then for balance, the tech mag would have a short interview with someone from McAfee, who would explain how all platforms have malware, and that a massive increase in virus problems for RISC OS in particular might be just around the corner.

How right you are!

Reply Score: 1

what a joke ...
by gnemmi on Wed 25th Oct 2006 02:55 UTC
gnemmi
Member since:
2006-08-17

Itīs incredible .. if you think it carefully, the problem doesnīt stop at their IT department it involves their legal department too ..

See .. criminal figures aside (and they are there ...), forcing you to consume another product in order to be able to get the benefits of the first product you payed for (let alone TWO other products like XP + AV) constitutes a violation of consumerīs rights ... at least in half of the civilized world ... and if it doesnīt ( and believe me: it should ) then itīs considered a monopolistic behavior in every single legislation that I know.

So there you go .. those poor people are letting their money be handled by a bank that not only has a crappy IT dep., it also has a joke of a legal department !

Reply Score: 1

Wow ....
by Rayz on Wed 25th Oct 2006 04:47 UTC
Rayz
Member since:
2006-06-24

That's the funniest foulup I've read in a long time. How clueless can an IT department possibly get?

Are they really demanding that folk change to Windows, or is someone just making that bit up?

Fortunately, the solution is simple; these days you can change banks almost as fast as you can change underwear.

Reply Score: 1

RE: Wow ....
by alcibiades on Wed 25th Oct 2006 05:35 UTC in reply to "Wow ...."
alcibiades Member since:
2005-10-12

The article says:

"HSBC say they will only support Internet Explorer and Netscape on Microsoft Windows, Apple Mac or GNU/Linux systems."

So I doubt whether they really can be demanding that you change to Windows. Or if someone at a branch did, it was probably out of personal ignorance, not a matter of policy.

Reply Score: 2

Perfect timing
by Innominandum on Wed 25th Oct 2006 06:44 UTC
Innominandum
Member since:
2005-11-18

This article was perfect timing for me. I was actually just on their website less than 2 minutes ago. I was planning on going to a branch to open an account with them tomorrow.

Then I came here and saw this. Phew. Dodged a bullet there.

Reply Score: 1

Good job
by Soulbender on Wed 25th Oct 2006 08:37 UTC
Soulbender
Member since:
2005-08-18

So they confused a Windows *executable* with the *User-Agent* of a non-Windows browser. That's competent security analysis right there people. Surely these guys are worth every penny they're paid.
Now you also know why so few actual security experts use online banking.

Reply Score: 1

Hehe
by miro on Wed 25th Oct 2006 12:12 UTC
miro
Member since:
2005-07-13

Both of my banks support firefox and ie and will tell you to download one of them if you access their ebanking site with some other browser. But if you feel lucky they will let you in (hey it's your money:).

On a side note years ago I tried ebanking with firefox and got a "Error 2, don't hit refresh" error. I didn't use it again until a woman in bank assured me that they do support firefox now:)

(Btw I'm a konqueror user, and it works with both very well).

Hehe living in middle (ok eastern:)) europe.

Reply Score: 1

Happy ending?
by flypig on Fri 27th Oct 2006 01:03 UTC
flypig
Member since:
2005-07-13

Looks like there may be a happy ending to this story for Netsurf+HSBC users:

http://www.drobe.co.uk/riscos/artifact1723.html

Personally I'm pretty quick to be cynical about companies, especially when it comes to supporting minority platforms (I'm a RISC OS+Netsurf user myself), but in this case I think HSBC deserve some credit for the way they handled it.

Reply Score: 1