In an effort to fight back against a massive amount of phishing attacks against PayPal, the e-commerce company recently announced that it will soon force customers who want to use its service to upgrade to browsers that have the latest phishing protection, such as Internet Explorer 7, Firefox 2, and Opera 9. Additionally, PayPal also is working diligently with ISP's to filter fraudulent phishing e-mails by dropping messages that lack a valid digital signature. But can you believe that some are crying foul? One of the arguments I came across stated that PayPal was victimizing those people who don't have the computing resources required to upgrade. I found that argument perplexing, but just for fun, I looked up the system requirements for installing IE7. Care to guess what they are? If you guessed a Quad processor XEON, then you're a little off. All you need is a 233-MHz or higher Pentium processor. I'm not sure you could give away a CPU that runs slower than 1 GHz nowadays.
According to PayPal, a significant amount of people are still using IE 3 and IE4. If that's true, then I suspect those people also don't have virus protection on their PC's, and those people are a security threat to all of us.
To me, PayPal is the Wal-Mart of the consumer e-commerce space, and its tight integration with ebay further makes them almost as important as the electric company. For the thousands of retailers that operate on eBay, PayPal is their only conduit for accepting payment, so to the extent that PayPal, and ISP's, can take the lead in securing their systems from phishing attacks, they should be applauded for doing so. PayPal is doing what any good IT department would be doing to remediate a threat, and that is notify you of the problem in advance, give you a small time period to upgrade, and then shove it down your throat if you don't. Today, there's no excuse for not upgrading your browser and keeping pace with security and virus updates. If you're not savvy enough to do these upgrades, then you shouldn't be using PayPal in the first place, and you certainly shouldn't be doing any online banking.Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a ... View Full Bio