Posted on 08/23/2022 11:12:33 AM PDT by Brian Griffin
On Saturday, my Windows PC went hog wild trying to update itself again. In doing so, it refused to respond promptly. On Sunday, my PC ran hot probably trying to seek out another viral infection. I'm really upset with this Microsoft update nonsense. Today, I noticed that a small dictionary I was keeping by my PC was very warm. The hypocrisy of Bill Gates babbling about global warming while Microsoft PCs waste vast amounts of electricity is truly galling.
In my opinion, Microsoft needs to force credit card (and other financial) account information off Windows PCs so Windows PCs are not an attractive target for thieves and hackers. It also needs to close off all security loopholes, even if that forces many other organizations to have to rewrite software.
I propose that credit card information and processing not be done on Windows PC or a seller's computer equipment. Instead, a mobile phone app would handle payment information processing. Neither Microsoft nor sellers would have internal financial software security worries. Instead, Google via Android and Apple via iPhones (and as usual, the banks) would have the security worries, and software security expenses.
Consumers would no longer enter their credit card information into their Windows PCs. If they tried, they might get a pop-up warning such as "4149 represents the first four digits of a VISA debit card. Do not ever enter financial account information into a Windows PC...."
Instead, Internet purchasers would see a box with say:
BIG RIVER BOOKS on the first line,
the purchase ID on the second line,
the name of the seller's bank (say CHASE) and the bank's ABA routing number on the third line,
and the seller's bank account number & the purchase amount on the fourth.
These seller bank accounts would typically be deposit only, except to the bank and the seller. A large company might utilize several bank accounts to cut its security risk.
If would-be puchasers don't recognize the bank name, they will probably not make the purchase.
The box would get scanned in sort of like a QR code. However, plain text would be used instead for security.
The app (and app maker) would then check the bank name and ABA routing number. An old bank name such as BBT would get blocked by the app, generating say BBT: obsolete bank name, with flags & asterisks, on the mobile phone.
A Northeast regional bank name might cause the app to place:
NY MA VT NH ME on one line and
PA NJ CT RI on the second line
to indicate the bank has branches in such states and that the seller should probably be from one of those states.
The app would then query the bank itself and ask about the account. The bank would provide the app with a response that might include:
the date the account was opened,
the name on the account,
the account type, and
the average 24-hour deposit amounts for certain time periods chosen by the bank, say for last 24 hours and the day a year ago and the day two years ago.
For large sellers, percentages of the last 24 hours might be provided instead.
On say a Black Friday, the bank might use the volume information from the two previous Black Fridays.
The app would display seller bank & bank account related text in various colors such as green, lime green, yellow, orange or red based on perceived security risk.
The would be-purchaser can then decide to pay or abandon the transaction. Internet purchaser payment account information might be set previously on the app or entered on a one-time use basis.
The bank would notify the seller of the payment and purchase ID by at least one means, other means being used to provide security check means. The seller can then ship the item or mark the service or hotel room paid for.
It's ordinary PC buyers like me that spend big money (indirectly) on Microsoft PC software, not Internet sellers of hotel rooms and Jeff Bezos. Microsoft needs to make Windows work well for PC buyers and users again, as its foremost priority. Microsoft needs to fully understand that its PC operating system business is highly endangered. I use my PC to get things done, every day that Microsoft lets me. I use more secure office grade Windows machines (or a Chromebook) to buy about one or two items a year.
And if those happen to be the first digits of a phone number? Address? Some other random data? Well too bad so sad. And let’s keep in mind your demand was to ban ALL financial data. So you also want to stop:
Social Security numbers, which have a standardized length but not much else
Bank account numbers, which have no standardization at all
Check routing code, somewhat standardized
Heck technically your full birth name is financial data, and your DOB.
How in the world are you going to block all that and have computers actually useful for ANYTHING. You’ve basically just declared the OS can’t be used by any business anywhere to do anything that businesses want computers to do.
It’s a dumb idea. Get over it. Get over yourself.
“That means BLOCKED. Not just generating a popup.”
Nudged...Coerced...but not “BLOCKED”
I now know I’m riffling lots of feathers, but if I can’t get things done on my Windows PC in a reasonable time frame I will make my displeasure known.
Really important too: After recovery is done, change all your online passwords as there is the possibility that those have been captured by the malware and could be used by bad actors in the future. I wish I had better news for you.
“You’ve basically just declared the OS can’t be used by any business anywhere to do anything that businesses want computers to do.”
I’ve described a purchase transaction from start to finish.
My system has the great advantage of allowing small businesses to avoid the massive credit card number compromise risk by simply never giving them a credit card number, only a payment verification message.
Same here ... I have a drawer full of unused Windoze install CDs complete with license data. If I need a new system I check out the Dell Outlet for a deal. When it arrives I throw the Windoze stuff in the drawer and proceed to load Ububtu or OpenSuse.
There are very few Windoze apps that don’t have functional siblings on linux. And most of them are free!
“Microsoft needs to force credit card (and other financial) account information off” == BLOCKED
You’re not ruffling feathers, you’re announcing to the world you don’t know what you’re talking about.
“This also explains why your PC is slow and running hot.”
It does so on an intermittent basis.
A bitcoin miner would tend to run constantly and at a 50% CPU usage rate as to not be too noticeable.
I have backed up my PC totally, but I am afraid to rebuild it.
But you’re ignoring what else happens on computers. If you’re BLOCKING financial data you are BLOCKING their usefulness to the business world.
No, your system means a small business CAN’T be run on the computer. And frankly, your system turns someone’s phone number into financial data. So you’re BLOCKING that too.
Just an educated guess, however the browser behavior is what I have seen many times from fake AV programs.
“And let’s keep in mind your demand was to ban ALL financial data.”
If the PC is not secure, then maybe financial data should not be on it.
And if the PC is secure, then no security updates would be needed.
And now we get back to what I said in my first post to you:
Any computer that can have legitimate stuff done on it can have illegitimate stuff done on it. Total security means completely useless.
This is why application writers need to be smart. This is why we encrypt large quantities of data. Because we understand that info can ALWAYS be accessed by some other process or user, so we make it so only we can use the data we stored (well, hopefully, encryption can be broken).
You don’t gain security by making the OS guess as to whether or not the user is entering sensitive information and then not allowing it. You gain security with good coding practices that remembers you’re not the only thing on the computer and nothing else can be trusted.
“No, your system means a small business CAN’T be run on the computer.”
My system would work for BIG RIVER BOOKS, and for small business.
My system eliminates the risk of having to pay thousand$ or even million$ in compensation to credit card companies because the small business’s database got hacked and credit card numbers got stolen.
My system is small business friendly - and small business safe.
In my system, small (and large) businesses never see a credit card number, only a purchase payment verification from their bank.
And small businesses can check their account balance (by existing means) to see that it jives with sales before shipping out product.
“Total security means completely useless.”
You’re not likely to run a bank’s IT department with that attitude.
“You don’t gain security by making the OS guess as to whether or not the user is entering sensitive information and then not allowing it.”
The mobile phone app (not the personal computer OS) would make an estimate - and the would-be purchaser would get the final say by tapping on PAY, on their mobile phone.
No, it wouldn’t. Your system would Big River Books wouldn’t be able to run any financial software on the computer. Including their own accounting software.
Your system renders computers useless for all business.
Actually I work on software that’s used by almost every bank in America. It’s not an attitude, it’s REALITY. Like I explained in the part you didn’t bother to quote:
Anything that can be done legitimately
can be done illegitimately
That’s a simple fact everybody in the IT world understands.
Right, so now your phone number is financial information, which you’re not allowing to be entered into the computer, so we can’t send the payment request to your phone.
And given how many ways phones TALK to the outside world, if you’re thinking there’s any world where they’re more secure than computers you’re an idiot. You’re wanting us to take financial information off a more secure platform and only put it on a significantly LESS secure platform.
Yup, but every single person and business that continues to use windows, continues to like that evil bastard's pockets.
Technically, under my system you still can enter your credit card number, after getting a pop-up and dismissing it.
The users remain in ultimate control.
It’s their choice to take the risk, after fair warning.
No it can’t. AGAIN, YOUR WORDS:
Microsoft needs to force credit card (and other financial) account information off Windows PCs
No financial info on the PC at all. No user choice. THAT’S YOUR SYSTEM. OWN IT. And admit it’s stupid.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.