31Mar 06
Can digital certs fend off Trojan attacks?
Posted by Munir Kotadia @ 17:29 2 comments
Special Minister of State Gary Nairn this week released a paper entitled 'Responsive Government - A New Service Agenda', which details how e-government services will be "improved" over the next four years.
If and when these services are delivered I hope that during a security emergency they will offer better advice than the Australian Tax Office did this week.
On Monday, the ATO restricted access to its Web site for certain users who had been infected by a password-stealing Trojan.
The ATO tells users that if they use a digital certificate to access the site instead of a user name and password, the Trojan is less likely to be able to steal their "portal details".
If you use digital certificates to access the Tax Agent Portal, and you've disabled your user ID and password access, the risk of a Trojan virus compromising your portal details is reduced.
How?
I tried finding out how the ATO thought that using a digital signature could reduce my chances of being infected by a Trojan. Three days and numerous phone calls later all I had was a government spokesperson telling me that they take these kinds of incidents "very seriously".
At the time of writing, the warning and the advice is still online.
If you take your system security seriously I advise you to keep your patches up to date, install a decent antivirus and anti-spyware application and wait for Nairn's 'Responsive Government' to emerge.
1%
4%
How are they saying your chances of being infected by a trojan are less if you use digital certificates? What they are saying is a trojan infection is less likely to steal the details you use to interact with the them (ie. username and password) if you use a digital certificate instead.