Nothing at all unique (or new) about using a "compromised" digital certificate to dupe users into allowing bogus apps to run on a computing device. This has been done before and it will be done again. That is why certificate based security systems have revocation policies, infrastructure, and mechanisms in place to deactivate certificates that have been compromised. Everyone developing applications for any platform that has a certificate based security model, like Windows, OS X, iOS, etc., has been dealing with these issues for more than a decade. This situation is unlikely to change anytime soon.
Of course there are some weaknesses in these systems because customers never want to lose access to their apps even if their apps are potentially compromised or cannot be verified as being authentic. For example, what should the OS/app loader do when the revocation authority cannot be verified due to loss of network connectivity? Denial of service might be the "safe & secure" choice but it will not be a popular choice with many customers. In these cases and others you throw the decision back to the customer (or a policy established by the customer). Humans are often the weakest link, and when they are fueled by the prospect of getting something for "free" their judgement is at-best compromised. Or they are naive and/or stupid.
So let's pay attention to everyone else's problems, and ignore ours. Real smart.
Of course I didn't say that; only that the level of tech pundit rage and hand wringing over an Apple exploit greatly exceeds that of Windows and the same could be said for Android which is a malware designers wet dream.
Of course I didn't say that; only that the level of tech pundit rage and hand wringing over an Apple exploit greatly exceeds that of Windows and the same could be said for Android which is a malware designers wet dream.
Much of Android's supposed malware problem reporting flows from the same "tech pundit rage and hand-wringing" you think is unfairly aimed at Apple. You didn't know that and thought only Apple attracted FUD and overstated headlines?
Much of Android's supposed malware problem reporting flows from the same "tech pundit rage and hand-wringing" you think is unfairly aimed at Apple. You didn't know that and thought only Apple attracted FUD and overstated headlines?
No, that's not true either. Actual studies have shown that mobile devices that run on Android OS are more prone to malware infections - do a google search on 'Malware Infection Rate For Android Devices Measured By Researchers'; that's not tech pundit hand-wringing click bait. However, when tech pundits do write about Android malware, it's gets far less attention as compared to any one OS X/iOS exploit which is given massive media attention regardless of actual risk or threat, ergo this latest crisis.
No, that's not true either. Actual studies have shown that mobile devices that run on Android OS are more prone to malware infections - do a google search on 'Malware Infection Rate For Android Devices Measured By Researchers'; that's not tech pundit hand-wringing click bait. However, when tech pundits do write about Android malware, it's gets far less attention as compared to any one OS X/iOS exploit which is given massive media attention regardless of actual risk or threat, ergo this latest crisis.
Yet the studies never report any actual infections.
No, that's not true either. Actual studies have shown that mobile devices that run on Android OS are more prone to malware infections - do a google search on 'Malware Infection Rate For Android Devices Measured By Researchers'; that's not tech pundit hand-wringing click bait. However, when tech pundits do write about Android malware, it's gets far less attention as compared to any one OS X/iOS exploit which is given massive media attention regardless of actual risk or threat, ergo this latest crisis.
More prone to "malware" than non-jailbroken iPhones? Yes they are. Are "malware" infections prevalent on Android devices? No they're not even including the problematic Russian and Chinese users frequenting questionable 3rd party app stores. If you haven't yet read the article you pointed me to you should. The discussion of what is considered malware should be helpful as should the notes of false flags in both Symantec and McAfee malware databases which the researchers used as reference. http://arxiv.org/pdf/1312.3245v2.pdf
After you read it I think you'll probably agree with my earlier comments about hand-wringing on both platforms
Even though Apple don't need to do this since it's users's fault, but they still proactively mitigate it.
By the same standard, all other operating systems are just as secure as Apple's, and any infections are the user's fault. Since operating systems don't infect themselves, someone must be doing it. So all infections in any operating system are the user's fault. Thus it is not fair to blame Android or any non-Apple operating system for not having better security against malware because the manufacturer "doesn't need to do this" - it is all the user's fault. This is like saying cars don't need seatbelts, airbags or antitheft systems if everyone drives in nice neighborhoods and has good driving records.
Comments
Nothing at all unique (or new) about using a "compromised" digital certificate to dupe users into allowing bogus apps to run on a computing device. This has been done before and it will be done again. That is why certificate based security systems have revocation policies, infrastructure, and mechanisms in place to deactivate certificates that have been compromised. Everyone developing applications for any platform that has a certificate based security model, like Windows, OS X, iOS, etc., has been dealing with these issues for more than a decade. This situation is unlikely to change anytime soon.
Of course there are some weaknesses in these systems because customers never want to lose access to their apps even if their apps are potentially compromised or cannot be verified as being authentic. For example, what should the OS/app loader do when the revocation authority cannot be verified due to loss of network connectivity? Denial of service might be the "safe & secure" choice but it will not be a popular choice with many customers. In these cases and others you throw the decision back to the customer (or a policy established by the customer). Humans are often the weakest link, and when they are fueled by the prospect of getting something for "free" their judgement is at-best compromised. Or they are naive and/or stupid.
So let's pay attention to everyone else's problems, and ignore ours. Real smart.
Of course I didn't say that; only that the level of tech pundit rage and hand wringing over an Apple exploit greatly exceeds that of Windows and the same could be said for Android which is a malware designers wet dream.
This is why I buy Apple products. I love that Apple reacts faster to these things now. I love the walled garden. Lol.
Agreed, Pu. I'm in the market for a new Ext. HD and will be getting Apple's TimeCapsule instead of much cheaper HD's.
Best
Much of Android's supposed malware problem reporting flows from the same "tech pundit rage and hand-wringing" you think is unfairly aimed at Apple. You didn't know that and thought only Apple attracted FUD and overstated headlines?
No, that's not true either. Actual studies have shown that mobile devices that run on Android OS are more prone to malware infections - do a google search on 'Malware Infection Rate For Android Devices Measured By Researchers'; that's not tech pundit hand-wringing click bait. However, when tech pundits do write about Android malware, it's gets far less attention as compared to any one OS X/iOS exploit which is given massive media attention regardless of actual risk or threat, ergo this latest crisis.
Yet the studies never report any actual infections.
More prone to "malware" than non-jailbroken iPhones? Yes they are. Are "malware" infections prevalent on Android devices? No they're not even including the problematic Russian and Chinese users frequenting questionable 3rd party app stores. If you haven't yet read the article you pointed me to you should. The discussion of what is considered malware should be helpful as should the notes of false flags in both Symantec and McAfee malware databases which the researchers used as reference.
http://arxiv.org/pdf/1312.3245v2.pdf
After you read it I think you'll probably agree with my earlier comments about hand-wringing on both platforms
Even though Apple don't need to do this since it's users's fault, but they still proactively mitigate it.
By the same standard, all other operating systems are just as secure as Apple's, and any infections are the user's fault. Since operating systems don't infect themselves, someone must be doing it. So all infections in any operating system are the user's fault. Thus it is not fair to blame Android or any non-Apple operating system for not having better security against malware because the manufacturer "doesn't need to do this" - it is all the user's fault. This is like saying cars don't need seatbelts, airbags or antitheft systems if everyone drives in nice neighborhoods and has good driving records.