Quote from GTS:
An individual has complete control over their computing environment. No need to blame the govt. Every one of us has the ability to secure their systems to the point that virtually no hacker can compromise their systems.
Disagree that everyone has complete control or the ability to secure it. Really, how about the brick layer down the road who is investing his hard earned money and knows bricks and the odd tip he gets from his brother inlaw.
What control and ability does a non security type of IT person really have ? It is non trivial.
You don't need IB to do anything to protect yourself from a cat5 storm - take personal responsibility here. If you have a large account and/or it represents your livelihood then you should have already secured your environment long ago. You need look no further then the mirror for who to blame.
Agree with the responsibility part. Who do you go to if you don't have the skills ? Even if there is someone to go to, how do you even know that you are not buying a piece of paper with a tick and some warm fuzzies attached ?
And when is it 'secure enough' ? The cost of defense needs to be measured against the potential risks and the losses you could suffer from an attack.
Tomorrow a new remote hole in your favourite O/S is discovered that allows remote code execution, these occur all the time. Do you have a policy of constantly monitoring new security advisories and keeping your systems patched and up to date. How many people are this vigilant ? How vigilant and responsive is Microsoft, a major vendor which most users no doubt are using.
Even without these new security devices the odds of your IB being hijacked today is very low. With the security devices the odds become extremely low (which is a good thing)
Is it still possible that even with the security device that a hacker could still make unauthorized transactions? Yes. Is it likely? No.
Which study are you referring to for your odds ?
Really, I don't know what yor background is but the threats are very real. I have spent a good part of my career designing and writing IT security software and systems. The IT security space is already quite large and continues to expand for very <b>real</b> reasons.
Lets put it another way.
If you were in the crime game, wouldn't you be targetting online traders and their brokers ? There is lots of money to be had both directly (account transfers) and indirectly (eg pump and dump). People have large parts of their savings in accounts with their brokers. Its a no brainer, they go where the money is.
Lucky for you I am not in the game. But I will enlighten you to how it works.
Criminals can and do invest in high yeiding attacks. All a criminal needs to do is build some very simple malware to exploit say the TWS trading software, and perhaps some other popular brokers too.
The attacker then waits a few days or weeks for the next remote code vulnerability to be announced in some popular software, browser, email client, windows etc.
They then use one or more attack networks (typically called bot networks) and catch a good number of people who have not kept their O/S and other software up to the very minute. Those newly compromised machines now become part of the attack network and potential victims of any new malware exploits.
The attackers can then deploy their various malware packages to the network of compromised machines, to for example, subvert the IB TWS trading software.
Is it possible ? Definitely undeniably so.
Is it likely ? Yes. IB is spending real time and money trying to stop attackers.
I am not joking. This is how it works, do not underestimate the relative ease of these attacks and the rewards attached.
Asking IB to implement layers and layers of security is not reasonable. These security devices are sufficient. If you are running an ATS and have to opt out of using them then you better know how to secure your own environment.
Yes, it is NOT IB's responsibility to secure your PC, but the devices while a good idea in principle are NOT sufficient on their own.
Access controls, user roles, trading profiles, transaction velocities and limits need to be defined to limit the scope and payoff to an attacker.
