NetSurf users are reeling from HSBC’s shock decision to suspend their accounts because their RISC OS computers are allegedly infected with spyware. The high street bank has confused the open source browser NetSurf with a strain of PC malware going by the same name, and has locked their customers out for security reasons, it is believed. Punters say they were forced to turn up at their local branch with photo ID and sign a form promising to use Microsoft Windows XP with anti-virus software installed before they could access their money again.
This is all about people stupidity. They don’t know anything except the Windows and then ban those that think different. Like a world of clones that behave just exactly. I would without any doubt take all my money and go elsewhere.
Nothing to add.
So, they ask you to use XP because you could have spyware installed in your computer instead of another OS? It’s like asking someone to get into the oven to prevent them from overheating!!!! Why don’t they provide their costumers with LiveCDs instead and then BE sure (instead of make sure) there’s no spyware involved? Oh, right…. free software… it’s made by al-qaeda programmers, right? Unbelievable!!! If I had plenty of money and were their customer (which I don’t do both) I’d sue them (and a few others).
Edited 2006-10-24 21:34
I wonder how they handle internal security and availability if they cannot even distinguish between a worm and a browser? Uh… And I wonder how many more banks are in the same boat. There’s a risk you’re trusting your money to the clueless…
Yeah – if I had accounts there, I’d be moving them fast! It says a lot about the bank’s security when they grant or deny access to their site based on the user-agent name the client is providing! Whoever sold them that system is a genius. … ha. – but they’re probably raking in the cash right now, so I shouldn’t bash them too much. 😉
It says a lot about the bank’s security when they grant or deny access to their site based on the user-agent name the client is providing!
In all fairness, it doesn’t need to be the user-agent. If Netsurf handled some security certificates wrongly, that could also send off alarm bells.
“If Netsurf handled some security certificates wrongly, that could also send off alarm bells.”
Handling certificates “wrongly” would only cause errors on the client and not on the server.
Finding out that companies have security department like this is not much of a shock. I used to work for the US DoD and we has ‘Security Experts’ that told us that we couldn’t have handheld GPS units because terrorist might be able to intercept our communications. Mistaking a browser for a worm isn’t much of a stretch. Kinda makes you feel good about our money and our national security
Maybe they can change their user-agent to bypass browser check.
Yes, but a better solution would be to change banks 🙂
Edited 2006-10-25 06:21
Its a people problem but my god, asking you to use XP to avoid malware?
Thats like asking someone to strip down buck naked in the artic to stay warm!
I’m sorry but for the people with the locked accounts thats just an insult.
It would be interesting if some Tech magazine interviewed their “IT guy”, preferably someone higher up in the ladder like the CIO or his/her immediate underlings. Once they are ridiculed a bit in the press, they might come up with a less boneheaded approach. Just wishful thinking…
“””Once they are ridiculed a bit in the press, they might come up with a less boneheaded approach.”””
But that’s not what would happen. The bank would make some statement that they can only support certain platforms in the interest of their customers’ security and people would buy it. Then for balance, the tech mag would have a short interview with someone from McAfee, who would explain how all platforms have malware, and that a massive increase in virus problems for RISC OS in particular might be just around the corner.
Edited 2006-10-25 02:54
But that’s not what would happen. The bank would make some statement that they can only support certain platforms in the interest of their customers’ security and people would buy it. Then for balance, the tech mag would have a short interview with someone from McAfee, who would explain how all platforms have malware, and that a massive increase in virus problems for RISC OS in particular might be just around the corner.
How right you are!
It´s incredible .. if you think it carefully, the problem doesn´t stop at their IT department it involves their legal department too ..
See .. criminal figures aside (and they are there …), forcing you to consume another product in order to be able to get the benefits of the first product you payed for (let alone TWO other products like XP + AV) constitutes a violation of consumer´s rights … at least in half of the civilized world … and if it doesn´t ( and believe me: it should ) then it´s considered a monopolistic behavior in every single legislation that I know.
So there you go .. those poor people are letting their money be handled by a bank that not only has a crappy IT dep., it also has a joke of a legal department !
That’s the funniest foulup I’ve read in a long time. How clueless can an IT department possibly get?
Are they really demanding that folk change to Windows, or is someone just making that bit up?
Fortunately, the solution is simple; these days you can change banks almost as fast as you can change underwear.
The article says:
“HSBC say they will only support Internet Explorer and Netscape on Microsoft Windows, Apple Mac or GNU/Linux systems.”
So I doubt whether they really can be demanding that you change to Windows. Or if someone at a branch did, it was probably out of personal ignorance, not a matter of policy.
This article was perfect timing for me. I was actually just on their website less than 2 minutes ago. I was planning on going to a branch to open an account with them tomorrow.
Then I came here and saw this. Phew. Dodged a bullet there.
So they confused a Windows *executable* with the *User-Agent* of a non-Windows browser. That’s competent security analysis right there people. Surely these guys are worth every penny they’re paid.
Now you also know why so few actual security experts use online banking.
Both of my banks support firefox and ie and will tell you to download one of them if you access their ebanking site with some other browser. But if you feel lucky they will let you in (hey it’s your money:).
On a side note years ago I tried ebanking with firefox and got a “Error 2, don’t hit refresh” error. I didn’t use it again until a woman in bank assured me that they do support firefox now:)
(Btw I’m a konqueror user, and it works with both very well).
Hehe living in middle (ok eastern:)) europe.
Looks like there may be a happy ending to this story for Netsurf+HSBC users:
http://www.drobe.co.uk/riscos/artifact1723.html
Personally I’m pretty quick to be cynical about companies, especially when it comes to supporting minority platforms (I’m a RISC OS+Netsurf user myself), but in this case I think HSBC deserve some credit for the way they handled it.