Bank Tells Linux Users: Get Windows Or Get LostBank Tells Linux Users: Get Windows Or Get Lost

Would you do business with a bank that forces you to take needless security risks? According to many Linux users, that is exactly what Citibank wants them to do.As I discussed in two previous blog posts, using Linux may be the single best way to protect your company against online banking fraud. Using a Web browser launched from a Linux Live CD offers great protection against password-sniffing malware, and it doesn't require giving up an existing Windows OS setup.

Here's the problem: Citibank doesn't want anything to do with customers who use desktop Linux.

Citibank isn't the only culprit in this case, but it may be the single worst offender. Google the terms "Citibank" and "Linux," and the results read like a rap sheet. Many of the complaints date back a year or two, but if you're hoping that Citibank has changed its ways, this blogger's recent experiences suggest that nothing has changed.

One user claims that during a 2008 encounter with Citibank customer service, he was informed that the bank's credit-card account access site only supports operating systems that offer "real security."

Like Windows.

Given the impact that Windows-based malware has on its customers' security, I have to wonder whether Citibank isn't opening itself up to a big ol' class-action lawsuit. At the very least, its policy represents an example of stunning ignorance within an organization should be on the cutting edge of online security.

If I did business with a bank or credit card company that forced me to cut corners on security, I wouldn't stick around for long. And if you're running a small business, guess who pays if something goes wrong and your account is hacked?

According to many Linux users, however, Citibank's ridiculous policy hides an even more ridiculous secret.

Some popular Firefox add-ons allow a user to change their user agent string: a bit of identifying data that their browser sends to the Web server. This includes information like the type and version of the client's Web browser -- and its host operating system.

In this case, a tool like User Agent Switcher allows a Linux user to make a Web server think they are running Firefox on Windows. In this case, as in so many others, the user's Web browser works just fine once the site thinks it is dealing with the "right" host operating system.

It makes Citibank's policy more infuriating, since the company can't even claim a valid technical reason -- however fatuous -- to justify its no-Linux policy.

Online security is hard enough without jumping through these kinds of hoops. You can protect your business far more effectively by using Linux to do online banking and financial transactions. When an ignorant, short-sighted company tries to tell you otherwise, do yourself a favor and take your money someplace else.