Your Smartphone Is Safer Than Your PC — For Now

← Back to Stories (view on slashdot.org)

Your Smartphone Is Safer Than Your PC — For Now

Posted by CmdrTaco on Tuesday August 31, 2010 @07:21AM from the ominous-chords-go-here dept.

snydeq writes "InfoWorld's Galen Gruman reports on the future of mobile security — one that will see a significant rise in exploits as valuable information increasingly migrates to mobile devices. To date, sandboxing and code-signing have helped make mobile OSes relatively secure, when compared with their desktop brethren. But as devices store more valuable information than email, they will become more enticing to hackers currently breaking into Windows PCs. And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use — too many for Google or the carriers to patch securely. And as the PDF-jailbreak vulnerability showed, sandboxing has its limits when it comes to securing the browser — the most likely point of entry for exploits not due to the rise of extensions, helper objects, and plug-ins on the mobile Web."

125 comments

PDF by grub · 2010-08-31 07:25 · Score: 0, Flamebait

I don't need safety, my phone is magical!

--
Trolling is a art,
1. Re:PDF by Yvan256 · 2010-08-31 07:50 · Score: 1
  
  What about anti-wizard software?
2. Re:PDF by emocomputerjock · 2010-08-31 08:27 · Score: 2, Funny
  
  That's what saving throws are for.
3. Re:PDF by kenj0418 · 2010-08-31 08:38 · Score: 1
  
  Wouldn't that void my warranty?
4. Re:PDF by grub · 2010-08-31 08:41 · Score: 2
  
  Your iPhone needs to be made with finely ground unicorn horns, that means only the 3GS and up. The older models were made with pixie dust embedded in the circuit boards.
  
  --
  Trolling is a art,
5. Re:PDF by geminidomino · 2010-08-31 09:35 · Score: 1
  
  Only if you roll a natural 1.
Irrelevant to me by Anonymous Coward · 2010-08-31 07:26 · Score: 5, Funny

I have a stupid phone.
1. Re:Irrelevant to me by Jurily · 2010-08-31 07:55 · Score: 1, Insightful
  
  Agreed. I'd love to see someone hack into my $10 Alcatel.
2. Re:Irrelevant to me by maxwell+demon · 2010-08-31 08:14 · Score: 2, Funny
  
  Give me your phone and an axe, and I'll show you. :-)
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
3. Re:Irrelevant to me by rthille · 2010-08-31 08:14 · Score: 3, Funny
  
  Your bank account is 42910-44937
  You really shouldn't like to your girlfriend like that
  And call your mother more often.
  -The NSA
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
4. Re:Irrelevant to me by Anonymous Coward · 2010-08-31 08:18 · Score: 0
  
  42910-44937? That's amazing! I have the same combination on my luggage!
5. Re:Irrelevant to me by Anonymous Coward · 2010-08-31 08:20 · Score: 1, Funny
  
  Surveillance flatters me. My narcissism knows no bounds.
6. Re:Irrelevant to me by Anonymous Coward · 2010-08-31 08:24 · Score: 0
  
  Got it. You have an iPhone...?
7. Re:Irrelevant to me by pckl300 · 2010-08-31 08:41 · Score: 1
  
  The correct term is 'intellectually challenged' :P
  
  --
  In the beginning, there was null.
8. Re:Irrelevant to me by Jurily · 2010-08-31 09:15 · Score: 3, Informative
  
  your girlfriend
  You know this is Slashdot, right?
9. Re:Irrelevant to me by marcello_dl · 2010-08-31 10:24 · Score: 1
  
  Ummm what if you are with an axe and demand the phone and the password? Maybe we are not considering some oldschool attacks :D
  
  --
  ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
10. Re:Irrelevant to me by rthille · 2010-08-31 18:00 · Score: 1
  
  not only did I screw up on that, but I typo'd 'lie' as 'like'!
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
11. Re:Irrelevant to me by DeskLazer · 2010-09-01 04:56 · Score: 1
  
  I like how this got modded as 'informative' instead of funny.
Well, there is always the secure option. by Minion+of+Eris · 2010-08-31 07:31 · Score: 1

If you want safety and security - use a BlackBerry. Just ask India!

--
Please don't dominate the rap, Jack, if you got nothin' new to say.
This is why I prefer my BB by PhuFighter · 2010-08-31 07:31 · Score: 1, Interesting

.. over my iphone..and putting off getting an Android. The BB may be clunky, but I've a lot more confidence in it (so far) than iOS4/iPhoneOS 3.
1. Re:This is why I prefer my BB by MozeeToby · 2010-08-31 07:37 · Score: 1
  
  Like the article says, Android is becoming a big target these days and yet no one has found any significant exploits to its security model. Everything that I've read seems to think that it is as bulletproof as a modern, complex OS can be. That isn't to say that there won't be the occasional flaw but it is almost certainly orders of magnitude more secure than a certain piece of software that runs on a few billion computers around the world (including, I suspect, the majority of Slashdotters).
2. Re:This is why I prefer my BB by jedidiah · 2010-08-31 07:41 · Score: 2, Interesting
  
  The problem with all of this nonsense is that there seems to be the implicit
  assumption that Windows is the yardstick. Windows is the single worst thing
  out there. Even all of the other desktop OSen are much less of the problem.
  Clearly the dividing line isn't "desktop OS' versus 'mobile OS'.
  They are really more alike then they are different.
  So it used to be "PCs are bad, flee to Macs and you will be safe".
  Instead now it's "PCs are bad, flee to iPods and you will be safe".
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
3. Re:This is why I prefer my BB by RyuuzakiTetsuya · 2010-08-31 07:48 · Score: 2, Funny
  
  my iPod nano's never had a virus, a worm or a trojan, but a Greek dude with a bad cold did sneeze on it once.
  
  --
  Non impediti ratione cogitationus.
4. Re:This is why I prefer my BB by jgtg32a · 2010-08-31 08:09 · Score: 0
  
  The iPods were shipping preinstalled with a virus for a while.
  
  http://www.pcworld.com/article/127565/ipod_virus_fallout.html
5. Re:This is why I prefer my BB by negRo_slim · 2010-08-31 08:16 · Score: 0, Troll
  
  Windows is the single worst thing out there.
  Or more likely, your simply inept.
  
  --
  On the Oregon Cost born and raised, On the beach is where I spent most of my days
6. Re:This is why I prefer my BB by dc29A · 2010-08-31 08:21 · Score: 2, Insightful
  
  Windows is the single worst thing out there.
  Or more likely, your simply inept.
  Ah ... the irony!
7. Re:This is why I prefer my BB by Anonymous Coward · 2010-08-31 08:29 · Score: 0, Informative
  
  If I were to go on security alone, I'd go with BB, then Windows Mobile. After that, the N900, and after that, the iPhone then Android.
  Android really needs file encryption to be able to be a useful candidate in the enterprise market. RIM devices have this, Windows Mobile has had it since 6.0, and the iPhone has encryption for a few things. Android only encrypts apps on the SD card.
Are variants a bad thing? by DrXym · 2010-08-31 07:34 · Score: 4, Insightful

And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use -- too many for Google or the carriers to patch securely.
So if an exploit occurs it will likely only affect some handsets as opposed to every handset.
1. Re:Are variants a bad thing? by John+Hasler · 2010-08-31 07:56 · Score: 4, Insightful
  
  So if an exploit occurs it will likely only affect some [Android] handsets as opposed to every handset.
  But the scary news stories will omit that little detail.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:Are variants a bad thing? by node+3 · 2010-08-31 07:58 · Score: 1, Flamebait
  
  And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use -- too many for Google or the carriers to patch securely.
  So if an exploit occurs it will likely only affect some handsets as opposed to every handset.
  And if a fix is created, it will only be applied to some handsets as opposed to every handset.
3. Re:Are variants a bad thing? by djdanlib · 2010-08-31 08:02 · Score: 3, Insightful
  
  So we'll all be depending on multiple carriers' good patching practices, to make sure the patch for foolib-1.2.3-r4 gets pushed to all their Frobnitz Model 200 phones that they released two years ago and have since deprecated and replaced with Model 201, 220, 240, and 250, now with more shiny (but everyone still gets them because they're free with a new contract.) And by the way, it's going to be on your data bill. Call me pessimistic, but I don't think it'll happen in a timely fashion when someone discovers a vulnerability.
  Crackers compete over who can own the most boxes just so they can have bragging rights. Oh look, such-and-such group disabled e911 for 20,000 people, why hasn't OUR group done that yet? We'd better do something even bigger so we can be elite again. Someone will find the loose rivet in the armor, and it'll be like a colonial land grab for a few months until the patch gets distributed.
4. Re:Are variants a bad thing? by PitaBred · 2010-08-31 08:05 · Score: 1
  
  Man, am I glad that I got a Nexus One. This kind of thing is the reason that Google pushed to get people to buy phones separate from the carriers. Too bad the carriers are too strong.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
5. Re:Are variants a bad thing? by CastrTroy · 2010-08-31 08:22 · Score: 1
  
  The reason that people get phones from their carriers is that they get a discount on their phone when they buy it from the carrier and sign a contract. The problem is, is that you can't buy your own phone, and have a cheaper rate plan. The rate plan is the same price regardless of where your phone came from or whether or not you are on a contract. So you actually have to spend a lot more money to get a phone from someone other than your carrier.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
6. Re:Are variants a bad thing? by Anonymous Coward · 2010-08-31 08:29 · Score: 0
  
  I think the implication that variants are bad is due to the fact that it leaves patching up to the carriers. There has already been controvery because some carriers are refusing to update phones that are less than a year old to Android 2.2.
  Yes, geeks with such new-yet-abandoned phones can seek out and install the updates from third parties. I remind you that geeks are not in the majority, and most people will just blithely keep using whatever version of mobile OS is on their phone, secure or not-- i.e., the exact same way they use their Windows PCs, chock full of spyware, missing patches, and with antivirus whos trial version stopped working a month or two after they got their computer.
7. Re:Are variants a bad thing? by mlts · 2010-08-31 08:38 · Score: 1
  
  Most likely Google will throw the kill switch and the offending app gets purged from devices.
  Assuming the malware didn't get root access, of course. If the user does allow it through su, all bets are off.
8. Re:Are variants a bad thing? by PitaBred · 2010-08-31 08:44 · Score: 1
  
  Look at T-Mobile: http://www.t-mobile.com/shop/plans/Cell-Phone-Plans.aspx?catgroup=Individual&WT.z_shop_plansLP=individual
  The Even More Plus plans mean you buy the phone, and then pay the service at a lower rate.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
9. Re:Are variants a bad thing? by Belial6 · 2010-08-31 08:49 · Score: 1
  
  T-Mobile gives you a better rate if you bring your own phone.
10. Re:Are variants a bad thing? by tlhIngan · 2010-08-31 08:52 · Score: 3, Insightful
  
  So we'll all be depending on multiple carriers' good patching practices, to make sure the patch for foolib-1.2.3-r4 gets pushed to all their Frobnitz Model 200 phones that they released two years ago and have since deprecated and replaced with Model 201, 220, 240, and 250, now with more shiny (but everyone still gets them because they're free with a new contract.) And by the way, it's going to be on your data bill. Call me pessimistic, but I don't think it'll happen in a timely fashion when someone discovers a vulnerability.
  It's already happened on Android. Manufacturers are out making their latest rev and they ignore the bugfiles to their current line of phones. Or they do and pass it onto the carriers who may or may not force an update. Of course, if said update will remove things like root and custom ROMs, they'll probably push it.
  But phones getting abandoned at whatever Android version they shipped with are already happening - I think the early Samsung phones were promised 2.0, but ended up with 1.6 only with an official letter. And others are stuck with 2.1 with no upgrade to 2.2. The only good part is these phones often are early models and easy to root and recover, so unofficial ROMs exist. But later ones may not be so lucky.
  Really, the only Android phone that's not under carrier control is the Nexus One, which gets updates straight from Google. The wierd thing is, why can't Google pull an Apple? The iPhone gets updates from Apple, leaving out the carrier middleman, even if the user is paying a contract on the iPhone.
  Google's big enough, let's see it happen and end all this Android loaded with crapware stuff.
11. Re:Are variants a bad thing? by Anonymous Coward · 2010-08-31 09:02 · Score: 0
  
  Wrong. See T-Mobile. (Yee, they're the only one in the US, so your point broadly applies to the US market as a whole. But the prevalence of people buying subsidized phones even on T-mobile suggests there's more to it.)
12. Re:Are variants a bad thing? by goarilla · 2010-08-31 09:09 · Score: 1
  
  so you can do what ? build a cross platform compiler, patch the nexus one's source
  ( if you can get it), and be more secure (patchwise and services wise) than those
  'upstream carriers' ?
  
  unlimited access is nice for adding features or doing different things with them ... not
  so for locking down the (purpose-specific) system-util for better security on your OWN.
13. Re:Are variants a bad thing? by 2names · 2010-08-31 09:12 · Score: 1
  
  And if a fix is created, it will only be applied to some handsets as opposed to every handset.
  
  Well, DUH! That's because not every handset will need it.
  
  --
  "I'm just here to regulate funkiness."
14. Re:Are variants a bad thing? by Sancho · 2010-08-31 09:15 · Score: 3, Informative
  
  The wierd thing is, why can't Google pull an Apple? The iPhone gets updates from Apple, leaving out the carrier middleman, even if the user is paying a contract on the iPhone.
  Because Android is an open platform. The carriers take Android, mold it to fit their needs, and put it on their phones. Google, or rather the Open Handset Alliance, doesn't have any say on it. That's how carriers can get away with modifying the source of the Hotspot app to only work if the customer pays extra.
  This is the downside to GPLv2. The Tivoization loophole means that carriers can do this, release the source, and you still can't (necessarily) modify the source and put it on your phone.
  Google started taking steps to address some of this by moving more of their apps to the app store, but you still have issues with system libraries and the kernel. Without root, an app can't update these.
15. Re:Are variants a bad thing? by beakerMeep · 2010-08-31 09:57 · Score: 3, Insightful
  
  Indeed. And as the Apple PDF exploit showed, Android is in trouble.
  
  --
  meep
16. Re:Are variants a bad thing? by SoftwareArtist · 2010-08-31 10:31 · Score: 1
  
  I wouldn't be surprised if this eventually leads to a decrease in customization/fragmentation/whatever you want to call it. Handset vendors insist on customizing the OS because they want to "differentiate themselves". So they stick on a custom UI, a bunch of their own apps, etc. But they're already discovering the downside to this: the more they customize, the more they're stuck maintaining themselves. Look how many phones don't even have Android 2.1 yet, much less 2.2. They're discovering that it takes a lot of work to port their customizations to a new OS version. The situation will become a lot worse when malware writers start to actively target Android and Google starts to regularly issue security patches. Integrating and testing those patches on a timely basis will become a huge burden for them. At that point, they may start deciding, "Just shipping stock Android wouldn't be such a bad thing after all."
  
  --
  "I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
17. Re:Are variants a bad thing? by node+3 · 2010-08-31 11:50 · Score: 2
  
  And if a fix is created, it will only be applied to some handsets as opposed to every handset.
  Well, DUH! That's because not every handset will need it.
  But not every handset that needs it will get it, which is the whole premise of this article.
18. Re:Are variants a bad thing? by Anonymous Coward · 2010-08-31 12:14 · Score: 0
  
  So wait, Apple's model is actually good?
  Maybe we should appreciate Apple a bit more. It defends us against the evil telecom industry.. Thank god.
  Too bad they're only a slightly lesser shade of evil, but oh well.
19. Re:Are variants a bad thing? by exomondo · 2010-08-31 12:44 · Score: 1
  
  build a cross platform compiler
  Why would you need to do that?
20. Re:Are variants a bad thing? by ADRA · 2010-08-31 14:12 · Score: 1
  
  Open handset or not, Google does make approvals for their platform which is the only way that their own 'proprietary' apps like market and maps get shipped to phones.
  
  --
  Bye!
21. Re:Are variants a bad thing? by cowbud · 2010-08-31 15:31 · Score: 1
  
  As the latest DLL vulnerability has shown, Mac OS X is in trouble.
22. Re:Are variants a bad thing? by bm_luethke · 2010-08-31 16:14 · Score: 2, Interesting
  
  "The wierd thing is, why can't Google pull an Apple? The iPhone gets updates from Apple, leaving out the carrier middleman, even if the user is paying a contract on the iPhone."
  Partly because it isn't that easy - these things are often using custom drivers or require custom kernels to run. Yea, some of it is junk but much of it isn't. How are they going to update a bug in Motorola's GPS driver? Or even *why* would they? Lets face it if you had a custom bit of hardware that you had a linux driver on would like Ubuntu to push a new kernel to your device because it can? Nope, especially if that device was a core operational feature. It would be a nightmare to push an upgrade and break phones - it isn't like these upgrades are within the Dalvik VM - those apps can fairly safely be updated across everything, low level upgrades not so much.
  If Android and the phone versions of Linux mature enough to have a true Open Source following we may get something like Linux is today. That is a lot of hard work by volunteers to make drivers for every major phone out there. Now some phones will still have restrictive boot loaders and such, but not all (and I will bet most) will not. It *can* happen but will require Android and it's linux underpinnings to stop it's rapid development and give volunteers time to get things in place - that isn't going to happen for some time. There is a devoted following right now making root exploits and custom roms - many times those custom roms are truly not wanted by the manufacturer but such is life in the open source world. When that happens we can run supported builds while under maintenance (or our carrier contract) and re-build with a Canonical build afterward :)
  There *will* come some point where the technology matures enough that there just isn't that many updates. Compare development in the early 2.x tree of the Linux Kernel to how stable the current 2.6 tree is - heck compare just the 2.4 to the 2.6! At some point we will also not really feel the need to upgrade hardware either - PC manufacturers are hitting that and simply reducing quality so you have to re-buy nearly the same thing every few years. Further I think our phones are marching towards becoming our general purpose machines. As that happens the market will force some level of stability and customability on it too as people *can* realistically reverse engineer things and write an community driver for it.
  Further it isn't even like Apple is immune to the issue - ask people with anything before a 3g how they like their current crop of updates with iOS 4 - chances are you are going to get some grumbling there. Then ask the iPhone 3 users who saw a significant slowdown after the update and you can see that even when you only have *one* hardware specification how hard it is to do. Even with the lockdown Apple has they can't do it to the point people want to make them out to have achieved - they only achieve that *if* you have compatible hardware which is true with Androids too. It's even arguable which is the larger group affected - only *some* older android users are whilst *all* older iPhone users are.
  Ultimately the more freedom one has the more responsibility one has. This includes things like making sure you purchase upgradeable hardware and know how to do it. The more locked down a system is the less you have to worry with it but also the less you can deal with it when it occurs. Apple chose the latter route, Google chose the former. I think Google will win for a number of reasons - the above being one (Apple could win handily if they simply opened up the app store and ability to install unsigned software - but I do not think they will as long as Jobs is at the helm).
  
  --
  ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
23. Re:Are variants a bad thing? by goarilla · 2010-08-31 21:12 · Score: 1
  
  i should have said: acquire a nexus one's build toolchain.
24. Re:Are variants a bad thing? by tepples · 2010-09-01 06:51 · Score: 1
  
  Look at T-Mobile
  Has T-Mobile fixed the lack of coverage that it had a few years ago? And with the Nexus One officially out of stock at Google.com and not available from T-Mobile, where would a non-developer buy one?
25. Re:Are variants a bad thing? by PitaBred · 2010-09-01 10:57 · Score: 1
  
  As for coverage, it depends. I used it for work for a couple years and got service in every city I went to consult in, as well as through most of Alaska. Their 3G and general coverage isn't great across the whole of the US, but it's great in most metro-ish areas.
  You can buy most any phone that T-Mobile offers outright instead of leased, as far as I know. The Nexus One was just a failed Google experiment. You can also buy various other phones unlocked online.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
Example: iPhone by rshxd · 2010-08-31 07:34 · Score: 0, Insightful

Send it a .pdf and you can get root access aka jailbreaking it.
1. Re:Example: iPhone by jgagnon · 2010-08-31 08:04 · Score: 1, Funny
  
  Send it flowers or candy instead and you might get lucky...
  
  --
  Remember to maintain your supply of /facepalm oil to prevent chafing.
And the first ones out of the gate will be easy by elrous0 · 2010-08-31 07:35 · Score: 3, Insightful

People have such a false sense of security about their smartphones right now that the first virus or truly inventive hack is going to have a frickin' field day. iPhone users are particularly cocky about how secure their phone is (and Apple isn't exactly a speed demon when it comes to security patches for their OS's either).

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:And the first ones out of the gate will be easy by Anonymous Coward · 2010-08-31 07:58 · Score: 0
  
  Except that virus != trojan. Most users don't seem to know the difference, but I would expect a Slashdot user to know better.
2. Re:And the first ones out of the gate will be easy by node+3 · 2010-08-31 08:03 · Score: 4, Insightful
  
  People have been saying this about the Mac for a decade now, too. I'm glad I didn't hold my breath waiting for this supposed apocalyptic day of comeuppance...
3. Re:And the first ones out of the gate will be easy by jgagnon · 2010-08-31 08:06 · Score: 1
  
  Does that little fact really matter when someone's phone is still compromised once all is said and done? And couldn't a trojan open the door to viruses and rootkits?
  
  --
  Remember to maintain your supply of /facepalm oil to prevent chafing.
4. Re:And the first ones out of the gate will be easy by Anonymous Coward · 2010-08-31 08:22 · Score: 0
  
  Look at Sophos' Facebook group and the typical Mac snobbery of "I don't get viruses" when a virus alert is posted by Sophos.
  If Sophos didn't cry wolf so often, this might not be the case.
  "Theoretically dagnerous obscure proof-of-concept exploit developed! OMG you must buy our product NOW or your Mac will explode!"
  Yeah, can't imagine why Mac users don't take security warnings seriously
5. Re:And the first ones out of the gate will be easy by Anonymous Coward · 2010-08-31 08:23 · Score: 0
  
  Virus = you don't do shit and your device gets infected.
  Trojan = you need to be dumb enough to type your root password to an unknown application that has no business asking for your root password in the first place.
  That's far from a little fact and yes it really does matter.
6. Re:And the first ones out of the gate will be easy by recoiledsnake · 2010-08-31 08:35 · Score: 4, Funny
  
  The real reason is that malware authors cannot afford Macs :)
  
  --
  This space for rent.
7. Re:And the first ones out of the gate will be easy by mrwolf007 · 2010-08-31 09:28 · Score: 1
  
  *cough* sure*cough*
  Less threats, sure. But far from completely secure.
8. Re:And the first ones out of the gate will be easy by Anonymous Coward · 2010-08-31 11:03 · Score: 0
  
  I think the difference is that Mac/iPhone users will somehow see this as a feature. That recent PDF exploit that allowed iPhone users to jail-break their phones comes to mind--few seem to mind a random website could root their phone so easily if it could get tethering working...
9. Re:And the first ones out of the gate will be easy by node+3 · 2010-08-31 11:48 · Score: 0, Troll
  
  *cough* sure*cough*
  Sounds like you're coming down with something there PC.
  
  Less threats, sure. But far from completely secure.
  Please quote where I said Macs are "completely secure".
  That list you linked to is bogus. There are no viruses for Mac OS X AT ALL. And there are only a handful of actual trojans/malware, none of which is widespread, and none of which is of the level of concern where a Mac user should feel compelled to run anti-virus/anti-malware software.
  If this is your idea of Mac's comeuppance, you're really stretching it.
10. Re:And the first ones out of the gate will be easy by node+3 · 2010-08-31 11:49 · Score: 1
  
  It's worse than that. There are some people who are actually upset with Apple for fixing this security flaw.
11. Re:And the first ones out of the gate will be easy by mjwx · 2010-08-31 12:56 · Score: 1
  
  People have been saying this about the Mac for a decade now, too. I'm glad I didn't hold my breath waiting for this supposed apocalyptic day of comeuppance...
  I wish you held your breath waiting for the supposed day where there were enough Mac's to make that apocalyptic day viable.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
12. Re:And the first ones out of the gate will be easy by Anonymous Coward · 2010-08-31 15:27 · Score: 0
  
  Wow, someone just used the word "iPhone" and "security" in the same sentence! What's next? Holding the phone a certain way so it will make calls? ROFL
13. Re:And the first ones out of the gate will be easy by bm_luethke · 2010-08-31 17:15 · Score: 2, Insightful
  
  And it hasn't been because of some great security model either - there has been now for weeks an iOS exploit that if you open a correctly formed (or rather malformed) PDF it silently roots your phone and installs any software it wants on your phone. It has access to *everything*. You can not tell me that is "good security". The Mac isn't any better either.
  It hasn't been an issue for one of several reasons.
  One is that no one had taken advantage of it beyond jail breaking phones. One needs to think through the implications of *that level* of an exploit out in the wild for this long and it not being taken advantage of. There is no *technical* reason why it couldn't this day be used to send your e-mail, browser history, all forms your fill out, pretty much everything you do to someone and unless you monitored your traffic and only used your own wifi would you know for certain. For the most part I think the macs have been in this category - if you are going to spend that effort it is better spent elsewhere.
  Next is that exploits do not make news unless they are large enough. Windows exploits are often scripts that almost anyone can run and almost anyone does. iOS ones are more likely going to be one off custom scripts that may gather 10000 credit card numbers - unless someone has an anti-apple leaning (or anti-android if it happens on that platform - nothing remotely Apple centric here) it just isn't news. If I were to guess - and I think I'm more correct than not - there are a number of malformed PDF's out there that do just that. There just aren't any that propagate themselves through e-mail to everyone in your users list and thus make the news.
  Lastly - and most unlikely - is that there is some conspiracy to silence it. Too many places out there that can say it for this to be true.
  Ultimately there is going to be a major worm or virus out there for one of the main hand helds - RIM, Google, or Apple. They are becoming too much a general purpose machine. Whichever one gets it first will loose a great deal of market share for a while while the other two crow about how wonderful they are. They aren't and never have been. Android is more open to attacks on older phones, Apple more open to attacks on all their phones, and RIM is somewhere in between. Apple and RIM can probably handle it quicker but you are more bound to them deciding it is worth fixing and doing so. Lastly what the OP said is true - Apple and RIM users often seem to think they are immune to this. Both phones have some fairly major exploits that have happened and went further than they should because of this.
  Such is life in our industry - number of known bugs, number of known exploits, and number of exploited users are irrelevant when talking about how secure a system is. There is a saying: security through obscurity isn't security. This has certain logical implications - one of those is that not being secure means you have a lot of *known* bugs (thus not obscure). It also implies (but doesn't logically prove) that just because you haven't had one means you are secure - it means there are MANY other factors there.
  Were I to bet I would say Android will get the first followed closely by Apple simply because they are the two big players in the consumer market (corporate being fairly locked down) and the fact that there are more older Android out there means more known issues. Though given how Apple has responded to the PDF remote exploit I wouldn't give much more than even odds on it either. There have been more than a few truly serious exploits on Apple systems go out that were either never exploited (and you can supply your own reason for this given the length of time a number of these exploits remained live) or were not generally reported on. You response when one takes the whole PDF remote exploit into account more or less validates with the OP was saying - that I left my alarm off, all the doors and windows open on my house, and I put a big sign in yard that told people of this fact yet I wasn't robbed doesn't mean I was secure. That you think you are is *exactly* what he/she was posting about.
  
  --
  ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
Android less secure? by cyber-vandal · 2010-08-31 07:36 · Score: 4, Insightful

Windows is an easy target because it's a huge badly-secured monoculture. How does having several different versions of Android to attack make it similarly insecure?
1. Re:Android less secure? by bsDaemon · 2010-08-31 07:39 · Score: 0, Troll
  
  Because the article author has an iPhone and wants to feel (even) better about himself?
2. Re:Android less secure? by Microlith · 2010-08-31 07:39 · Score: 3, Interesting
  
  I don't think it makes it more insecure so much as harder to close the holes. Handset vendors and carriers, for a long time, have worked with devices that generally could not be exploited in such a fashion, and probably don't have any means of getting such fixes out to their users within an acceptable time frame.
3. Re:Android less secure? by Anonymous Coward · 2010-08-31 07:42 · Score: 0
  
  Android's weakness will be the carriers taking forever to push out a patch to their specific flavor of Android. Will the carriers ban your phone after they stop officially supporting it and you rooted it to apply patches?
4. Re:Android less secure? by jedidiah · 2010-08-31 07:43 · Score: 1
  
  ...what I want to know are what are these similar mistakes that Android or PhoneOS is supposed to be making?
  HELL: what similar mistakes are Linux, Solaris, MacOS and FreeBSD supposed to be making?
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
5. Re:Android less secure? by Anonymous Coward · 2010-08-31 07:46 · Score: 0, Troll
  
  Windows is an easy target because it's a huge badly-secured monoculture. How does having several different versions of Android to attack make it similarly insecure?
  Its not that its badly secured, it is more secure than any other operating system, simply because everyone uses it, for most hackers breaking through a Windows computer is almost muscle memory simply becuase they do it so much, now linux it has its potentials to be hacked but why hack the same thing we use to hack windows, its all about the number of deployed systems. Prime example, in 2006 Mac OS X had 3 known viruses written for it, no one chose to hack it, now look, Snow Leopard has antivirus embedded in the OS. Read a few more books before you decide to make such a half-assed bold comment like that.
6. Re:Android less secure? by bsDaemon · 2010-08-31 07:52 · Score: 4, Insightful
  
  The mistake of letting users interact with them. Users are the number one security flaw in any system.
7. Re:Android less secure? by jonescb · 2010-08-31 08:04 · Score: 2
  
  Ah yes, the old security by obscurity argument. If these "hackers" were worth their salt they'd be doing something a bit more sophisticated about exploiting Linux servers than slamming them with botnets with DDOS/brute force attacks.
8. Re:Android less secure? by node+3 · 2010-08-31 08:06 · Score: 2, Funny
  
  The mistake of letting users interact with them. Users are the number one security flaw in any system.
  Sure, a daemon would say that, wouldn't it?
9. Re:Android less secure? by jgagnon · 2010-08-31 08:09 · Score: 1
  
  The root of the problem: people make really crappy users. Robots and animals are a far better choice.
  
  --
  Remember to maintain your supply of /facepalm oil to prevent chafing.
10. Re:Android less secure? by node+3 · 2010-08-31 08:12 · Score: 1, Troll
  
  it [Windows] is more secure than any other operating system
  Um...
  
  Prime example, in 2006 Mac OS X had 3 known viruses written for it
  Wrong. There are *no* viruses for Mac OS X. There are a handful of trojans, none of which are even remotely wide-spread (even adjusting for OS X's relative install base) and all of which require the user to enter in their admin password (a huge governor which helps limit the rate at which malware can spread).
  
  Snow Leopard has antivirus embedded in the OS
  Wrong. Snow Leopard checks for a handful of trojans/malware. There are no viruses for Mac OS X. Embedding anti-virus would be pointless, unless you just want to be nice and scan for Windows viruses.
11. Re:Android less secure? by Anonymous Coward · 2010-08-31 08:16 · Score: 0
  
  yes. yes they will
12. Re:Android less secure? by Seth+Kriticos · 2010-08-31 08:17 · Score: 1
  
  Though Linux is not exactly visible on consumer PC's, it still runs on the majority of servers around the world.. targets you'd normally count as even more attractive as they are connected 24/7 and not even hidden behind NAT's, presenting a wide and valuable targeting space. Your argument is invalid, come up with something that is founded on some real data please.
13. Re:Android less secure? by Wiarumas · 2010-08-31 08:30 · Score: 1
  
  Security through software proliferation?
  
  --
  I will bend like a reed in the wind.
14. Re:Android less secure? by CastrTroy · 2010-08-31 08:36 · Score: 1
  
  No, they aren't behind NATs, but if properly configured, they are behind secured firewalls, making them a lot harder to break into. And even if you do break into them, they are a lot harder to do anything with, because they are behind a firewall. Really the reason that Windows PCs are so much more vulnerable is because they have idiots operating them. Once the user opts to run a program, the program can pretty much do anything with that machine. All you have to do is promise smiley faces, and you'll have millions windows users actively downloading your application, and running it. It doesn't even matter if it flashes warnings saying that the app requires admin privileges. The user will happen just click on Next/OK/Yes until program is successfully installed, without reading a single thing. Once the user opts to run a program, there's not much any operating system or virus software can do. Even if you aren't running as admin, you can still have your program re-run every time the user logs in, and you can still cause quite a bit of damage, either by deleting the users files, or by sending the users data out to a server so some hacker can find interesting data.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
15. Re:Android less secure? by akadruid · 2010-08-31 08:40 · Score: 3, Interesting
  
  Windows is a high value target, which was once crippled by it's backwards compatability with DOS and low skilled userbase. Microsoft, whatever their flaws, have some properly clever people and serious vested interest in addressing this problem, and they've finally put out a release that is fairly secure out of the box and somewhat usable - while still providing fairly timely security patches for a 10 year old release. Which is why the most serious threats are now coming from widely deployed software from less responsible companies (Adobe).
  Android is the exact opposite. Very few smartphone manufacturers care enough to issue regular updates for their phones, especially once you get outside of the US market. Even on the US market, most smartphones have had exactly one update: from 1.5/1.6 to 2.0/2.1 usually. No monthly security updates, and nothing at all for obsolete phones over 12 months old. You'd better hope that nobody else has the time to look at your phone that your carrier has forgotten about.
  
  --
  "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
16. Re:Android less secure? by mlts · 2010-08-31 08:44 · Score: 1
  
  The "mistake" that non-Windows platforms make is the fact that developers on that platform actually value what they are developing on. There isn't any of that on Windows, and Windows devs feel free to crap where they sleep.
  Platform loyalty is important. Not many programmers on Windows would go out of their way to deal with the latest worm or Trojan (unless it fattened their wallets, of course), but on other platforms, almost everyone would ensure that it would be stopped. Mac devs don't like viruses (especially older ones which dealt with that crud in the pre OS X days), so would actively find a way to stop it until Apple put out an official patch. Linux distros would have patches out in minutes to hours.
17. Re:Android less secure? by hedwards · 2010-08-31 09:08 · Score: 1
  
  Wouldn't it be easier to buy a black turtle neck and smile like a smug git, oh wait...
18. Re:Android less secure? by hedwards · 2010-08-31 09:09 · Score: 1
  
  OTOH, stay away from those sipping birds, nothin' but trouble.
19. Re:Android less secure? by Anonymous Coward · 2010-08-31 09:10 · Score: 0
  
  That's not half of it...
  According to TFS, Android is the most like the desktop PC. Now I was under the impression from my Mac fanboi friends that the iPhone runs OS X with only a different GUI -- either they're wrong, or the proposed justification for why Android is less secure than iOS is wrong... Mac-baiting aside, and moving to platforms that I actually know something of, I can assure you that Maemo and Meego are much more like a desktop PC running a typical GNU/Linux OS than Android is, and as I understand it WebOS is somewhat closer as well.
  But none of the mobile OSes is at all close to that infested XP box next door, which is the image TFS (and, I presume, TFA) was trying to project... Makes the whole argument fall to bits on inspection, because who would complain if their phone were "as dangerous as" Mac OS X or Linux PCs?
  ,
20. Re:Android less secure? by hedwards · 2010-08-31 09:14 · Score: 1
  
  I suspect that part of the problem with Windows is that MS doesn't enforce the kind of cleanliness and neatness of code that some of the competitors do. Granted all OSes have some cruft and scariness in places, but most of the ones that are known for stability have long since shaped up and enforced something along the lines of style I'm sure that most modern projects of any size and reliability have something similar to work from. The more uniform the style is and the better the adherence the easier it is to find bugs that might be hiding security problems.
  
  The other thing is that it's very difficult to get a look at the Windows source code legitimately, without being paid to work on it. Whereas with Linux or *BSD if you have a bug you've got the option of fixing it yourself or if you don't have the time or expertise you can usually find somebody who's willing to do so for a price. Frequently is thrilled to get to fix the problem on somebody else's dime.
  
  Beyond that, backwards compatibility has to be careful considered and engineered otherwise you can easily end up in the situation where a vulnerability exists due to legacy code or the model itself is prone to exploitation.
21. Re:Android less secure? by smolloy · 2010-08-31 09:15 · Score: 1
  
  Replying to undo incorrect moderation...
22. Re:Android less secure? by hedwards · 2010-08-31 09:16 · Score: 1
  
  Not really, it increases the likelihood that a vulnerability will be found, but decreases the likelihood that the vulnerability will affect a large number of phones. I suspect that it's ultimately a wash. More possible holes but likely fewer devices that contain said holes to exploit.
23. Re:Android less secure? by bit01 · 2010-08-31 09:40 · Score: 1, Insightful
  
  The mistake of letting users interact with them. Users are the number one security flaw in any system.
  No, this is a myth perpetuated by second-rate programmers and system administrators to cover up their own incompetence.
  The number one security flaw is incompetent programmers and administrators not designing their systems for their target audience.
  e.g. Putting executable content into documents by default when it is almost always not needed or wanted. It's not rocket science.
  ---
  Anonymous commercial speech = fraud
24. Re:Android less secure? by 99BottlesOfBeerInMyF · 2010-08-31 10:02 · Score: 1
  
  According to TFS, Android is the most like the desktop PC. Now I was under the impression from my Mac fanboi friends that the iPhone runs OS X with only a different GUI -- either they're wrong, or the proposed justification for why Android is less secure than iOS is wrong...
  First, iOS is a variant of OS X, but with all the software signed, vetted(weakly), and in sandboxes as a requirement. Those are all optional and used for a small subset of software on the desktop version of OS X. By analogy, both the NSA document portal (running SELinux and strictly maintained) and my former company's remote development wiki are running Linux. That doesn't mean the OS is the important factor as to whether they are both secure or not.
  The way Android handsets are most similar to security plagued desktop computers is that in both cases commercial companies are using an OS from another vendor and installing it on their commercial offerings without any pre-established method for end users to freely and easily keep their own OS up to date without help. The average person will buy a phone, install software, and if their hardware vendor does not push security updates upon them (some will for a period of time, some won't ever) their system will become out of date and vulnerable to many know exploits, just as Windows XP is today.
  
  ...Makes the whole argument fall to bits on inspection...
  I don't think so. You've predicated your argument upon how close in lineage and application compatibility the OS is to existing desktop OS's. If you don't make said assumption the argument makes a lot of sense. Also the potential solutions begin to make more sense, ranging from finding hardware vendors that vet and maintain their users systems for the life of the handset to placing OS and security updates into the hands of either Google or an independent body that is concerned about end users more than short term cost cutting.
25. Re:Android less secure? by SleazyRidr · 2010-08-31 10:34 · Score: 0, Offtopic
  
  Usually when I mess up my moderation, I try to play it off by overusing some already overused /. meme.
  For instance, in this situation, I would have posted something along the lines of 'I, for one, welcome our security-flaw-noticing daemon overlords.'
  
  --
  Is 1563649 a prime number?
26. Re:Android less secure? by Anonymous Coward · 2010-08-31 11:28 · Score: 0
  
  What I find ironic is that the blackhats in Russia and China get unfettered access to the source code to develop any exploit they care for, while people who depend on Microsoft stuff for their security don't get this ability.
  Why does Microsoft make the playing field so unfair for the white-hats? This by itself is a good reason to move to an open source platform -- at least everyone knows what is going on.
27. Re:Android less secure? by Anonymous Coward · 2010-08-31 12:14 · Score: 0
  
  Mac-baiting aside...
  You, sir or ma'am, are a master baiter.
28. Re:Android less secure? by barleypop · 2010-09-03 05:32 · Score: 1
  
  "the most serious threats are now coming from widely deployed software from less responsible companies (Adobe)."
  FAR less responsible...
29. Re:Android less secure? by cyber-vandal · 2010-09-04 23:14 · Score: 1
  
  I've read lots of books. I've also been using Windows since 1995 and granted while it's not the disaster it once was it's still more of a mess than it needs to be. Mac OS is a shit example. It's still not a tenth of the target Windows is even though it now has a tenth of the market.
Wrong by gmuslera · 2010-08-31 07:45 · Score: 1

In my case, my desktop is safer than my PC. Even if i run linux in both (Ubuntu in my desktop, Maemo in my N900) the difference is more regarding physical security than logical one.
1. Re:Wrong by Anonymous Coward · 2010-08-31 08:25 · Score: 0
  
  In my case, my desktop is safer than my PC
  and my sofa is safer than your desktop.
Different environment. by Anonymous Coward · 2010-08-31 07:56 · Score: 0

The only reason why this is true so far is that "the desktop" has been an unhealthy monoculture of a notoriously shoddy system, that couldn't, or when it could often as not wouldn't because "it wasn't a priority" sayeth the vendor, fix its problems at all, nevermind in a timely fashion. Widespread worst practices compounded the problem and equal developer unwillingness to address that compound the problem. I am quite happy this is much less the case in mobile computing, and for that reason alone we should keep multiple systems alive. Android, symbian, and so on. We need that diversity as much as we need open systems.
One might hope that now we know better, but whether we will do better is something else entirely. My guess is, we won't. It's been a long standing problem in the industry, commented years ago on by the late E.W. Dijkstra. And we have done little to nothing to fix it.
it's almost like we did a complete reboot by alen · 2010-08-31 07:56 · Score: 1

The PC was invented before the internet and the security model was set up to allow everyone to do almost anything
the smart phone was made for the internet and manufacturers seem to be locking them down. completely opposite of the PC
1. Re:it's almost like we did a complete reboot by Microlith · 2010-08-31 08:15 · Score: 1
  
  the smart phone was made for the internet and manufacturers seem to be locking them down. completely opposite of the PC
  Except you're being put in the position of an unprivileged user even if you buy the device outright, and the carrier/handset vendor is retaining the position of "system admin" and treating you like a potential hostile.
  I wouldn't mind if, like the Nexus One or N900, you could assume root via a few non-trivial but non-PITA steps, but they seem determined to force you to exploit your own property just to retain ownership.
2. Re:it's almost like we did a complete reboot by Anne+Thwacks · 2010-08-31 08:50 · Score: 2
  
  Fair enough - a week of playing with my new HTC desire has left me feeling pretty hostile to my carrier!
  I am particularly hostile: because I cant login as root! I also want to open a terminal window and SSH into my servers.
  
  --
  Sent from my ASR33 using ASCII
3. Re:it's almost like we did a complete reboot by Sax+Maniac · 2010-08-31 09:28 · Score: 2, Interesting
  
  ConnectBot lets you ssh anywhere without rooting. As for root, it's not as useful as it seems once you have CyanogenMod installed.
  
  --
  I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
4. Re:it's almost like we did a complete reboot by ADRA · 2010-08-31 14:20 · Score: 1
  
  Smart phones came from dumb cell phones. Appliances that you had no control over. If anything, Cell Phones are going the way of the open architecture. Give 5-10 years and we'll probably have the same environment for development as we do for PC's. This is amplified by the fact that there's so much competition right now to get developers onto their platforms. The more you entice them, the easier you need to make the system to development on. Short-sided market driven decisions in OS and API design can cause long term impact on systems security.
  
  --
  Bye!
5. Re:it's almost like we did a complete reboot by RMH101 · 2010-08-31 20:26 · Score: 2, Interesting
  
  Head over to xda-developers.com and install a rooted ROM. It's pretty easy, and they're very nice. Tend to be faster, more featureful and more stable than OEM if you pick the right one. I like AuraxTSense 7.1 on my Desire. It also adds open VPN, which is pretty nice.
Marketing by Kupfernigk · 2010-08-31 08:01 · Score: 3, Interesting

Apple is trying to attack Android, which is growing in marketshare much faster than the iPhone. So they are trying to encourage the view that a monoculture is a virtue, and the various flavours of Android are somehow fracturing the market. (One phone to rule them all...)
Personally I think this is complete nonsense. Android runs on a lot of devices - soon to be added is the Toshiba AC100 netbook, so it will run on everything from entry level phones to small computers - which involves numerous changes in UI arising from optimisation and features. But the underlying architecture should make it possible to ensure that things are properly partitioned to give a robust security model, and Google isn't exactly short of brainpower. I suspect that just as we had the Microsoft trolls trying to minimise reports of Windows security issues, here we have Apple trolls trying to find narratives to attack Android.
And no, I don't use Android.

--
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
1. Re:Marketing by mlts · 2010-08-31 09:04 · Score: 1
  
  Devil's (or more exactly Apple's) advocate here:
  From a QA perspective, having eight devices to have to test on (four iPhones, iPad, iPad 3G, two iPod Touch models) is a lot easier than checking to see if your device works with different displays, resolutions keyboards, trackballs (physical and virtual), status lights, cameras, and so on.
  One mistake on your Android app, and your app's review status starts going deep in a hole with tons of "Force closes on the Blarf, refunded." on the Marketplace review sheet.
Intel buying mcafree by Ryanrule · 2010-08-31 08:42 · Score: 1

Intel clearly sees this as a huge future market, and were willing to drop several billion to get a good place in it. Your phone doesnt have a security chip? You fucked.
1. Re:Intel buying mcafree by hedwards · 2010-08-31 09:21 · Score: 1
  
  Chips can be cracked and worked around, at least for any computer that most people would be willing to buy. I personally wouldn't be willing to buy a desktop that was as locked down as my PS3 for computing, even if it did make it really, really tough to run unsigned code. Hardware measures like the NX-Bit and virtualization features do however go a fair distance towards the goal, the problem ultimately is that as the hardware and software gets better, the user will even more than now become the major target of the attacks. One of the very serious problems today is that DRM frequently requires special exceptions be added to the security software in order to run, opening up the possibility of somebody slipping a trojan or other piece of malware into that file.
Insecure by phorm · 2010-08-31 09:03 · Score: 1

Yes, if a large portion of those version are old, with known exploits, and unpatched...
Any less secure than other phones? Maybe not compared to some, though Apple is actually fairly "pushy" when it comes to the "there's a new update for your phone/itunes/whatever" thing.
What pisses me off is companies like Motorola. My phone has known bugs with known fixes, but since it's a Milestone and not a Droid, I can't upgrade the firmware myself, and they've yet to have an NA release date for Droid 2.2. Eventually, I'm sure they'll just abandon the phone and leave it un-patchable in favour of the newer model, Jerks.
My next phone will still likely be Android, but likely an HTC (or another brand that's not evil, no more moto for me).
Tech media has no clue about true security by hellfire · 2010-08-31 09:06 · Score: 2, Interesting

I keep hearing a lot of theories about security from the tech media like they know security. The problem is that security is a great way to scare up hits and freak people out so it's useful to write articles pandering in one direction or another, but there's rarely any true science to the articles, no figures, no statistics, no hard examples. This is because all that is boring and doesn't get hits, but it's what it takes to truly determine what is and what is not secure. Nothing is 100% secure, but then again we have this false sense of how architectures and security work. It's just BS.
This is the same kind of argument about how pundits spread the myth Macs are not any more secure than windows because hackers aren't targeting it. There's no evidence to back that statement up, and there's no evidence that Android less secure just because there are various flavors. In fact that can make it harder because one hack might not work on multiple flavors. That's even one of Androids problems now, that it's sometimes difficult to get a single app to work on multiple Android OS devices. You could then posit that the iPhone is easier to hack because the OS is so similar and the number of iOS devices in the wild is much higher than Android. But that's BS too because the iPhone is such a locked down system that in order to install anything you have to go thru the iTunes app store gatekeepers. The other way in is thru Safari, but that's really the only other way, and well now we know the security of Safari is BS because of that hole that they found in iOS 4 they used for jailbreaking. But compared to windows and compared to each other, which of these has had more critical vulnerabilities? The article gives me nothing.
Despite all this positing, it comes down to number of hacks, and what the hacks are. I could not truly begin to tell you which handhelds are more secure than others because no one, including this article, has any facts. The article eludes to "security circles" but who knows who those people are.
I think we should ban security articles from Slashdot unless they have a certain level of scientific statistics or hardcore evidence. Most articles about computer security on slashdot are not news for nerds, they are news for "platform fanboi weenies who want to start a flame war about which platform is more secure."

--
"All great wisdom is contained in .signature files"
1. Re:Tech media has no clue about true security by geminidomino · 2010-08-31 10:22 · Score: 1
  
  My old palm phone is the most secure handheld in existence... at least once I ran it over with my motorcycle. =\
2. Re:Tech media has no clue about true security by Anonymous Coward · 2010-09-02 22:52 · Score: 0
  
  Though when an expert the guy who won pwn2own two years runnimg states Windows is more secure than Mac, it's hard to argue he doesn't know what he is talking about. He did also say than even though Windows is more secure he feels Mac is safer because of its lower profile.
  But in general I think your point is valid.
One print page for InfoWorld article. by antdude · 2010-08-31 09:19 · Score: 2, Informative

http://infoworld.com/print/135570 ... You're welcome! :)

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
wasn't the PDF jailbreak on iPhone by Anonymous Coward · 2010-08-31 11:08 · Score: 0

It is kind of funny that one needed to resort to an iPhone bug to support an article talking about how Android is unsafe...
iOS is probably more like the desktop than Android by rafial · 2010-08-31 12:13 · Score: 1

"And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC"
This seems like a very dubious claim to me. From my perspective, iOS seems much more similar in architecture to the desktop than Android.
iOS apps are native compiled, written in dialect of a language that is famous for buffer overruns (C), and the userland is a modified version of a desktop operating system.
Android, while also based on a desktop OS (Linux) at the kernel level, has much of the application code (and all third party apps) running in a manage VM environment, which while not invulnerable, seems much less likely to fall victim to poor coding practices. The exceptions would be of course apps that embed native libraries (I'm guessing these are the exception, not the rule).
Re:iOS is probably more like the desktop than Andr by mjwx · 2010-08-31 13:04 · Score: 1

This seems like a very dubious claim to me.
To me as well.

From my perspective, iOS seems much more similar in architecture to the desktop than Android.
But not for this reason. Android has a lot in common with Linux desktops, far more then IOS has in common with OSX desktops but unlike OSX, Linux does not make serious security concessions for "Just Working".

But what will ultimately decide what platform will be targeted will be two factors. First the ease of finding an exploitable vulnerability, in this regard I'd say IOS is as vulnerable as Android, if not more so (meaning neither is particularly vulnerable) but the ratio of Jailbroken(rooted) to Vanila devices is far higher on IOS then Andriod because Jailbreaking is touted as a solution to lack of basic functionality.

So the deciding factor in all of this would be the number of devices, right now there are more IOS devices in the wild then Android devices. Further more the userbase of IOS tend to to understand computer security issues (hence Apple's "Just works" marketing) so it makes more sense to target IOS for now. Eventually Android will overtake IOS but as so many Iphone Fanboys like to point out, there are dozens of Android models and four major versions of Android running (1.6, 2.0, 2.1, 2.2) so IOS will remain a bigger target for some time.

--
Calling someone a "hater" only means you can not rationally rebut their argument.
I don't think so, Tim... by SudoGhost · 2010-09-01 20:30 · Score: 1

My Smartphone is safer than most PCs because most PCs run Windows. Windows is designed so that all programs share a common registry. The problem in that lies in the fact that just about anything can modify that same registry.

I don't see my phone (Android) having that problem. The only thing I foresee happening realistically any time soon is by means of social engineering, as opposed to other methods.