URGENT, Secure Device Required for TWS

[stevegee58]

I'll happily log in using the card on my little accounts.

Since I have 2 accounts, one an IRA and the other a "normal" margin account, this may push me to open a friends and family account to manage them together. i.e. 1 login using the card instead of 2.

 

[tyrant]

How easily are password-capturing Trojans planted into computers? Do we get them easily through surfing the web? Does the free version of Zone Alarm prevent the trojan from working?

Any idea how many % of online brokerage accounts are compromised?

Will the following way of keying in your passwords work?

1) kEY into a Notepad or Word document your username and password but mix it up with other alphabets, then cut and paste into the IB login?

Thanks

 

[stevegee58]

Trojans are generally not planted by simply surfing. Usually someone sends you an e-mail with an attachment containing an executable - the trojan program. If you're not a savvy computer user, you may blindly click on the attachment and bingo, it executes and you're infected.

Now, *if* you use anti-virus software (you *do* right?) it'll detect the attachment as hostile as soon as it arrives and get rid of it.

My kids got their computer infected by using LimeWire (file sharing program) to download illegal music. They naively downloaded files that *looked* like music files but were executables. They clicked on them to play them and bam, infected. Norton wasn't fast enough to get rid of it. Had to re-load WinXP and start from scratch.

Needless to say, I forbade the use of file sharing programs from then on.

My advice: don't trade on the computer that you use for surfing, e-mailing, music playing, and gaming. Trading is serious business. If it's your livelihood, surely you can afford another computer.

 

[gbos]

Quote from tyrant:

How easily are password-capturing Trojans planted into computers? Do we get them easily through surfing the web? Does the free version of Zone Alarm prevent the trojan from working?

Any idea how many % of online brokerage accounts are compromised?

Most times they will install when you mistakenly open an infected email attachment etc. Sometimes (rare) they will install bypassing a hole in the internet explorer or the operating system. A software firewall will protect you in most cases by giving a warning that an unknown application is trying to transmit data.

Will the following way of keying in your passwords work?

1) kEY into a Notepad or Word document your username and password but mix it up with other alphabets, then cut and paste into the IB login?

Thanks

All actions have to go through the operating system. So basically it¢s not difficult for someone to intercept those passwords. To give you an example when you are copying your data on the clipboard the operating system queue will get a message

SetClipboardData ¡your data¢

This message can be read by any application running on your system.

 

[Catoosa]

Quote from petteri:



You should use separate machine (preferably linux) for trading which you use for nothing else. No browsing, no e-mails, no usage of any other programs than trading. How many of us have such machines?

If this separate trading machine is connected to your home LAN with other machines that are used for browsing and e-mail, does that compromise the trading machine?

 

[deviltrader]

Quote from Catoosa:

If this separate trading machine is connected to your home LAN with other machines that are used for browsing and e-mail, does that compromise the trading machine?

Yes, unless you put a software firewall on the trading machine. A hardware firewall only protects the LAN, but if a machine on the LAN becomes infected, all other machines on the LAN are at risk unless they are individually protected.

The other way to protect your trading machine is to never turn it on while other machines on the LAN are running.

 

[optgamvol]

Hey Guys,

The time and effort you guys spent in discussing this would have allowed for using this security device for added security more than 1000 times. (it takes me about 5-10 seconds) to login, once a day).

For those who still dont get it: When taking into account your AND IB's interest then this device is absolutely the cheapest/most convenience/safest way to provide for this added protection. What is so f..... hard to understand? Users have tons of different software to protect them and still it can any time happen that the system is compromised. Also, 99% at IB are not IT experts. So, what is your real problem? I honestly dont get it!!!

 

[siki13]

Quote from deviltrader:

Yes, unless you put a software firewall on the trading machine. A hardware firewall only protects the LAN, but if a machine on the LAN becomes infected, all other machines on the LAN are at risk unless they are individually protected.

The other way to protect your trading machine is to never turn it on while other machines on the LAN are running.

There is one more way which i use ,you buy two routers.
Then you set it up like this.
Modem=>router>computers for surfing etc.=>router(which you plug in to first router)=>trading computer
This way your trading computer is protected from other lan machines .
And btw software firewall does not protect you when you boot up because
its not load up yet.

 

[cstangor]

I have to say that I find this whole security card business very bizarre. I have many accounts with banks, securities firms, insurance, retirement accounts, etc, etc. They have all beefed up security lately in various ways (for instance presenting a graphic image that I have to identify at logon) but none have required me to have a physical card on my person. This just seems so primitive and annoying.

In any case, I think there are two issues:

1. Someone might get our password and log into our account on their TWS... but this problem seems to go away if we use the security card, right?

2 Someone might get into OUR computer after we have already logged on to TWS and trade using our TWS. I see that the idea of using the separate trading computer (no email, internet etc with TWS set to accept only the local IP) is important in this regard. But we still have to access that computer ourselves across the LAN or across the intenet. What is the best software for doing that? I have been using RADMIN, but it has its own logon password. Couldnt' that be stolen?

thank you

 

[petteri]

Quote from cstangor:

1. Someone might get our password and log into our account on their TWS...

Scenario 1 is pretty possible at the moment.

I think possibility of someone planting trojans successfully stealing userids/password from your computer should be under 1% / year but more than 0,05 %/year if you use usual security standards but are not very careful (very careful in IT security = very close to paranoid in real life). Not all the steals lead to loss though.

Scenario 1. is pretty easy to implement and risk of getting caught is not awfully high.

I think scenario 1. poses serious threat in long and medium term.

Quote from cstangor:

2 Someone might get into OUR computer after we have already logged on to TWS and trade using our TWS. I see that the idea of using the separate trading computer (no email, internet etc with TWS set to accept only the local IP) is important in this regard.

Scenario 2. is much more unlikely if we rule out possibility of other person physically using your workstation.

I think it is at least 100 times less probable than scenario 1 unless you run automated trading system or third-party tools.

In IB case third-party add-ons are the most likely source of successful large-scale backdoor attacks. Not public viruses or trojans.

Scenario 2. is hard to implement without implementing it to some "reliable software" and possibility of getting caught is high.

I think Scenario 2. poses medium to small threat at the moment. It is far easier to steal userid/passwd, why bother to make something much more complicated. In future situation can change.