I wanted to do Internet banking went to my banks web page and was told that only Internet explorer 5.0 and above and Netscape 4.72 were supported. I phoned the 0800 bank number requested to speak to an IT security expert and explained I use Ubuntu with the Swiftweasel browser and how could I login? I was very abruptly told they do not support Open Source OS`s and i would have to use a different OS if I wanted to do Internet banking. I went to the add-ons in my browser installed user agent switcher activated explorer and went about my Internet banking without a problem. At this stage I felt embarrassed for the IT security "expert". My question is this?
Why are banks and other secure institutions so afraid of open source OS`s? As far as I understand iptables is a lot more secure than MS Windows where you need firewalls and who knows what to patch all the security leaks but this is the system they want you to use?
Is it not true that most cellphone software is open source but you can do phone banking with it?
Any explanations from non "banking IT security experts" would be appreciated

Not all banks are OS specific: Natwest does their online banking based upon browser and since firefox is supported access in linux is simple enough (and this is explicitly stated if you try to get on with another browser)

As a guess I would say it is because supporting more browsers means more work which means more expense

Use IE4Linux--it is usually a good enough implementation to fool and work very well with many banking sites.

As to why bank IT only supports IE? Because their IT staff are too lazy to write good code. FYI-some banks don't even support Safari (i.e. they will not work on OSX at all).

The "It security expert" also very clearly stated they do not support open source OS`s such as Ubuntu. I understand the browser issue but surely Ubuntu must be officially accepted as an OS?

Let that stand as a testament to the "security" of online banking. I've never done it and never will (unless and until it evolves into a sysem with acceptable security).

Stay away. very away :o

Royal Bank and Scotiabank both are OS independent for online banking. They just require IE or FF or Opera or...you get the idea.

The "It security expert" also very clearly stated they do not support open source OS`s such as Ubuntu. I understand the browser issue but surely Ubuntu must be officially accepted as an OS?

Does Ubuntu have an officially supported InternetExplorer browser on it? Does any FOSS OS have IE included and officially supported?

That is why FOSS OSes are not supported.

The "It security expert" also very clearly stated they do not support open source OS`s such as Ubuntu. I understand the browser issue but surely Ubuntu must be officially accepted as an OS?

That doesn't mean that they won't let you use Ubuntu or other Linux. It simply means that if something doesn't work properly, then their IT people won't help you out. You have to find the answer on your own, such as through these forums. (You probably already know more than them about Ubuntu, anyway.)

I had a problem with Firefox not displaying a couple of buttons on one banking website and got that response from the bank's IT. (I never did find out what caused the problem, but I tried Epiphany and everything worked.) Later on, I changed banks (for other reasons) and have had no problems.

Surely the banks have a responsibility to their customers to make sure that the private data relating to their customers' accounts is secure. They should stop making excuses that are based on FUD (e.g. "open source is more susceptible to hacking")

There are ways that banks can reduce the chance of unauthorised access to accounts. In addition to the usual login/password approach, one of the banks I visit for online banking uses a combination of captcha and a random question to which only I should know the answer which must be answered using a virtual keyboard. t

I'm curious about another thing: one of our house's mobile phones, on a CDMA network, has a Java application I downloaded some time back that lets me access one of my accounts - how secure are these things?

I'm curious about another thing: one of our house's mobile phones, on a CDMA network, has a Java application I downloaded some time back that lets me access one of my accounts - how secure are these things?

Impossible for me to say, depends on what kind of encryption it uses, however by it's nature transmitting data over a radio is less secure then going through a cable.

If my bank suddenly required me to use a less secure OS, the alarm bells would go off, and I'd switch banks so fast it'd make a tellers head spin.

Try a few of these workarounds

Get Opera and try it on that.

If that doesn't work, download Firefox 3.5 for Windows and run it in WINE.

My Credit Union claims it doesn't support Linux, but it works just fine. (They just didn't know that.)

As for Internet banking security, it's actually more secure (less insecure is a better way of putting it) than snail mail banking or even going to the teller/ATM. When it's done by hand, you're handing over the data entry on the internet to a banking employee (actually intranet, as in https). Same process with extra steps. It's the extra steps that make internet banking less insecure.

Have you tried to use the user agent switcher addon? If it would work with Netscape, I see no reason it would not work in Firefox (and derivatives).

If my bank suddenly required me to use a less secure OS, the alarm bells would go off, and I'd switch banks so fast it'd make a tellers head spin.

Most IT workers are mindless MSCE drones that know, "when this error message appears run that script". Most companies don't support linux, BSD, etc. because the IT workers don't want to go through the trouble of actually *learning* what makes a computer tick and that gets passed along to the managers who make the final decisions. It's not a matter of whether it's more secure or not, it's a matter of making the most money with the least effort.

If my bank suddenly required me to use a less secure OS, the alarm bells would go off, and I'd switch banks so fast it'd make a tellers head spin.

You're lucky. 60 miles within any direction of NowHere, there is exactly ONE bank...which bought ALL the other local and smaller banks out.

I wanted to do Internet banking went to my banks web page and was told that only Internet explorer 5.0 and above and Netscape 4.72 were supported. I phoned the 0800 bank number requested to speak to an IT security expert and explained I use Ubuntu with the Swiftweasel browser and how could I login? I was very abruptly told they do not support Open Source OS`s and i would have to use a different OS if I wanted to do Internet banking. I went to the add-ons in my browser installed user agent switcher activated explorer and went about my Internet banking without a problem. At this stage I felt embarrassed for the IT security "expert". My question is this?
Why are banks and other secure institutions so afraid of open source OS`s? As far as I understand iptables is a lot more secure than MS Windows where you need firewalls and who knows what to patch all the security leaks but this is the system they want you to use?
Is it not true that most cellphone software is open source but you can do phone banking with it?
Any explanations from non "banking IT security experts" would be appreciated

their answer is about legal liability, not technology. they can't test everything, so they just test a few target platforms, and issue a disclaimer so that they don't have any liability if something gets messed up. if you loose all your money while internet banking, then they'll just say that you cheated and "hacked" their system, meaning that they owe you nothing, and that they can sue you for breaching TOS.

How does this sound....

Use Windows and IE and you get a promise that if your account gets hacked while using internet banking you will get a full refund from the bank.

Use Linux and the bank will not give any such guarantee whatsoever.

The bank?

Nationwide.

http://www.nationwide.co.uk/security/secure-online-banking/promise.htm
http://www.nationwide.co.uk/troubleshooting/browserSupport/default.htm

Most banks here work with Linux, but none support it officially.

Yeah, often they will work with other browsers, even on linux, but they do not provide support. In other words, they don't guarantee that it will work and their tech staff is not trained to help you out.

Basically someone comes up with a logic tree of conditionals ( if x happens, then go to/do y ) which establishes a protocol for the under-trained tech support that is based on the most common OS and browser combo. If the issue is not addressed by the protocols in advance or added, then good luck. You are either on your own or you have to keep demanding help until someone gets on the line that actually knows something about technology.

You're lucky. 60 miles within any direction of NowHere, there is exactly ONE bank...which bought ALL the other local and smaller banks out.

Is that somewhere near Erewhon?

The Co-0perative Bank supports Firefox/Linux. And they don't invest your money in arms dealers or other unethical stuff. Switch to them!

Most of the sites which block access by certain browsers or OSs use a really Mickey Mouse routine which checks the "user agent" declared by the browser on the computer which accesses them. The agent switcher add-on for Firefox will declare practically any browser/OS combination you want it to. I recently found that http://www.english-country-cottages.co.uk will not allow access from Firefox/Linux. I accessed the site fine however when I set the agent switcher to declare that I was running IE6 on Vista. I wrote to English Country Cottages to complain, and received a friendly reply that suggested that if enough people made a fuss they might do something about making their site available to Linux users.

I suspect that one reason for corporate bias towards MS and against open source software is a belief that if you buy something,and it goes wrong or compromises your data, you have someone you can sue.