I was thinking about a story I saw recently about the recent update to the british banking code
There's a lot of discussion about Internet banking users potentially being liable for fraud if their PCs aren't "secure", as a result of this update.
The code says "Keep your PC secure. Use up-to-date anti-virus and spyware software and a personal firewall."
This leads to comments of "I use Mac|Linux I don't use A-V does that mean I'll be liable"
So what we have here is, failure to communicate...
The BBA appear to be correlating having basic software security packages installed with being secure. What I expect happened is that they needed to give some kind of shorthand guidance and that was the best they could come up with.
The problem is that without more detailed guidance fraud teams in banks may use this as the definition of secure and treat anyone who falls outside it as being at fault, which would put a lot of the more Internet security savvy people in the "not secure" bucket.
Personally I run Linux at home and I don't use A-V as there's no credible threat that it would mitigate for me....


Security Geek, Kubernetes, Docker, Ruby, Hillwalking