Fake Antivirus Scams Spread To Android

← Back to Stories (view on slashdot.org)

Fake Antivirus Scams Spread To Android

Posted by timothy on Sunday January 1, 2012 @09:38AM from the spreading-the-joy dept.

SharkLaser writes "Fake antivirus scams have plagued Windows and Mac OS X during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users."

42 of 236 comments (clear)

Min score:

Reason:

Sort:

Antivirus as a sign of failure by bonch · 2012-01-01 09:42 · Score: 5, Insightful

I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows is the day the platform has failed and missed the whole point of mobile operating systems. The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities. Mobile operating systems are an opportunity to use a computer just to get things done, not to maintain the computer. That's what was so refreshing about the experience of the using the iPad and why it was such a surprise success to everyone including me.
1. Re:Antivirus as a sign of failure by 0100010001010011 · 2012-01-01 10:09 · Score: 4, Informative
  
  Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely.
  You mean like Android? No matter what the adoption rate of Linux or even OpenBSD, you're still going to have dumb users. When you need 'sudo' to install a new app. That same command can be used to install anything.
2. Re:Antivirus as a sign of failure by buchner.johannes · 2012-01-01 10:15 · Score: 5, Insightful
  
  Which is why sudo is being replaced by a policy-based system (some users may have package install rights, network configure rights etc.).
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
3. Re:Antivirus as a sign of failure by chrb · 2012-01-01 10:18 · Score: 3, Informative
  
  When you need 'sudo' to install a new app.
  
  You don't. There have been GUI application installers on Linux for over a decade.
4. Re:Antivirus as a sign of failure by Overly+Critical+Guy · 2012-01-01 10:21 · Score: 5, Funny
  
  "Apple iBaulbes"...check.
  "fscking"...check.
  "Linux/FLOSS"...check.
  "Jeebus"...check.
  Ayn Rand quote in sig...check.
  Are you some kind of Linux stereotype character actor?
  
  --
  "Sufferin' succotash."
5. Re:Antivirus as a sign of failure by Anonymous Coward · 2012-01-01 10:33 · Score: 4, Insightful
  
  Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely, as I've been able to FOR THE LAST TWO DECADES!
  Two decades ago, you had to edit XF86Config just to get your scroll wheel working, and you could fry your monitor if you entered the wrong clock rats. Linux on the desktop has been a disaster up until just a few years ago, and it still has yet to catch up to the big boys. It's a server/embedded OS. There's nothing wrong with that!
  Also, /facepalm at the downmods of the OP.
6. Re:Antivirus as a sign of failure by Goaway · 2012-01-01 10:41 · Score: 5, Insightful
  
  Which does absolutely nothing when computers on average have one user.
7. Re:Antivirus as a sign of failure by 0100010001010011 · 2012-01-01 11:18 · Score: 3, Insightful
  
  Yes. Why didn't Android devs put full thought into having ACLs and the such? I think something like solaris's pfexec! Perfect. I mean the average android phone has probably what, 100, 1,000, 10,000 concurrent users?
8. Re:Antivirus as a sign of failure by PopeRatzo · 2012-01-01 11:21 · Score: 2
  
  Are you some kind of Linux stereotype character actor?
  I'm pretty sure you won't find a lot of Ayn Rand fans among Linux users who have graduated.
  
  --
  You are welcome on my lawn.
9. Re:Antivirus as a sign of failure by PopeRatzo · 2012-01-01 11:31 · Score: 2
  
  and it still has yet to catch up to the big boys
  Why does Linux need to "catch up to the big boys"?
  I'm surprised to see this point of view infect so many Slashdot users: The only thing that can possibly validate any tool you use is that a large percentage of the world has to use the exact same tool. Gibson and Fender are the two of the largest, best-known guitar manufacturers on the planet. If I have guitar hand-built by the finest luthier in East of the Mississippi, should I feel bad because my guitar was not made by one of the "big boys"?
  Last time I checked, there wasn't a lot that can be done with OSX or Windows that cannot be done on Linux. Except maybe get the Vista 2012 Antivirus hostage-ware or spend $3500 on a medium-powered desktop.
  You just don't have to judge yourself based upon whether or not you do what the rest of the world does. Even in technology.
  Especially in technology.
  Android works great if you're not an idiot. iOS works great if you are an idiot. Quick: which do you choose?
  I'll stop back later for your answer. Please show your work.
  
  --
  You are welcome on my lawn.
10. Re:Antivirus as a sign of failure by Luckyo · 2012-01-01 11:37 · Score: 2
  
  You can give person freedom, and he may kill himself by being stupid.
  You can put the person in a straightacket into a padded room and not be as worried.
  Or you can find middle ground rather then painting everything black and white.
11. Re:Antivirus as a sign of failure by stephanruby · 2012-01-01 11:44 · Score: 4, Insightful
  
  I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows...
  That day occurred when Outlook would run malicious scripts by default found in received email messages, that had access to the entire OS/hard drive, without any needed user intervention.
  For Android, I'm not sure that day has arrived yet, the article is derived from the press release of an antivirus company. Of course, it's going to imply that you absolutely need to buy *their* product (instead of using a little bit of street sense).
  Now never mind that Google already has the capability of uninstalling malware from Android that was previously downloaded from their Market (or that you can already download a "Kid Mode" launcher to prevent your kids from installing anything, or just press a button to reset your phone to wipe everything and restore it to its factory settings). Does McAfee think it can act much faster than google in identifying and removing malware? Personally, I doubt that. And never mind that an Android user actually has to locate and tick the checkbox for installing apps from unknown sources (which AT&T doesn't let you do anyway), and then has to accept the permissions to install the application in the first place.
  It's not like on the iPhone/iPad where you just need to go to a web page with some jpeg image on it and then your iDevice is magically rooted, and then the iPhone user is free to install any type of malware he wants (McAfee or no McAfee). That's one of the reasons that the McAfee anti-virus software on iOS is even more useless on iOS than on Android, since it can't run in the background and it can't even be scheduled to run at different times. On iOS, it couldn't prevent you from going to a malicious site even if it wanted to.
12. Re:Antivirus as a sign of failure by Psicopatico · 2012-01-01 12:19 · Score: 2
  
  I have guitar hand-built by the finest luthier in East of the Mississippi
  But... does that run Linux?
  
  --
  Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
13. Re:Antivirus as a sign of failure by tqk · 2012-01-01 13:36 · Score: 2
  
  Speaking of classy ... how do you feel about niggers?
  I'm sorry, but your version of reality hasn't been supported since about half way through the 19th century. You need to upgrade to civilized-stable to expect continued support.
  So, what do you think about goldfish?
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
14. Re:Antivirus as a sign of failure by PopeRatzo · 2012-01-01 14:34 · Score: 2
  
  But... does that run Linux?
  It's a handheld guitar, it runs Android.
  
  --
  You are welcome on my lawn.
15. Re:Antivirus as a sign of failure by w0mprat · 2012-01-01 15:43 · Score: 4, Insightful
  
  Before anyone claims iOS is "secure" and free from malware, Chris Miller, a security researcher managed to get a malicious app APPROVED by Apple, then go on to demonstrate it taking over a phone. IMHO Apples process helps but, actually lulls users into a false sense of security, which undoes some of the benefits. Security has always been 90% a user education problem. Apples actually made some of that worse.
  
  (Nevermind that objective-C is an obscure language and Apple just could feasibly review every single line of code. It's not logistically possible.)
  
  Android has a pretty sophisticated security model, compared to anything running the desktop space. Actual root never needs to be given up for a huge range of modifications to the system. There's policy based access so users can see and restricted what apps will have access to. Apps also run in their own userid and can be restricted from accessing the users data. Brilliant stuff.
  
  So if the platform has malware on it, and it's the most secure thing out there in the mainstream... then what is wrong?
  
  Due to it's popularity Android is a juicy target for the malware ecosystem, and like natural ecosystems, it'll adapt to any hardened defenses if there's nourishment to be had. Google was silly to not fully anticipate this.
  
  For now there is no actual need for anti-virus anti-malware tools on Android for most users. But as always, the problem is a user education problem.
  
  --
  After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
16. Re:Antivirus as a sign of failure by BasilBrush · 2012-01-02 00:25 · Score: 2
  
  only TWO choices
  Only two huh?
  
  COMPLETE control
  Must be complete huh? Partial control isn't possible?
  I'm afraid you're is the fallacious argument of "false dilemma"
  
  Sorry but Linux isn't a magical woobie that keeps nasty old viruses away, its an OS just like any other and TFA proves that given enough users it WILL get pwned just like any other OS. We are talking millions of lines of code folks, and guys that make serious bank when they find a flaw in that code, this really shouldn't be surprising to anyone but the same type that thought because Apple "thought different" they were immune to all bugs too. We have a term for that, its called "magical thinking" and while its made several companies rich with sales pitches like "Just use (insert product) and never have to worry about security again!" IRL it simply doesn't work. there is no magical OS, no magical pill, that will make all flaws disappear and give all users degrees in Internet Security.
  Strange then that OSX has less viruses after 11 years than Android has after 3. And iOS doesn't have any.
Walled gardens.. by wbr1 · 2012-01-01 09:47 · Score: 4, Interesting

I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.

--
Silence is a state of mime.
1. Re:Walled gardens.. by buchner.johannes · 2012-01-01 09:57 · Score: 3, Insightful
  
  I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.
  You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk. It's not mutually exclusive.
  For instance you can install packages from repos in Linux, yet you can also download and install source packages with {./configure&&make&&make install;} if you don't mind the risk of screwing up your system. There is no need to lock out users from their phones.
  Maybe you didn't mean "walled gardens" but cared-for repos anyway.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
2. Re:Walled gardens.. by vlm · 2012-01-01 10:18 · Score: 2
  
  I'm a total noob to android (happily on Republic Wireless for like 8 days now) but even I know that on the market page, the requested permissions will be whacked out (like why would Uno need access to send SMS messages?). The other thing on the market page, unless you're the lucky first user, is you'll have low reviews and comments complaining about how the app is a SMS spam sender etc etc.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
3. Re:Walled gardens.. by macs4all · 2012-01-01 11:35 · Score: 3, Insightful
  
  You aren't putting your data at risk, unless you are sharing your android phone with some idiot. The user that is smart enough to download from sources he trusts, check the reviews, watch for unnecessary permissions etc... is not at risk from these scams.
  So, I can either just click a link on the iOS App Store and KNOW all that stuff has already been done for me, or waste two hours scouring the internet just to figure out whether some stupid egg timer app is going to sell my soul to the Ukraine right?
  
  I don't know about you; but my time is worth a lot more than that.
  
  The curated collection approach is not perfect; but it sure seems to work out quite well in the real world, where the rest of us live...
  
  Which I believe anyone who is not completely delusional would agree has not been the case so much for the Android "Wild West" approach. Note, for example, that Apple has never had to exercise its "Kill Switch" option for an App already in the Wild; whereas Google has had to do so on several occasions.
4. Re:Walled gardens.. by shellbeach · 2012-01-01 11:52 · Score: 4, Informative
  
  So how does one know? All of this pontificating about dumb or lazy users doesn't really help. How do I distinguish a download of Uno, for example, that has embedded malware from one that doesn't?
  One word: permissions. When you install an app on Android, you will be prompted with the permissions the app is requesting, and asked if you want to install it. You, the user, have a very good breakdown of exactly what an app can do before it gets installed. And for sending SMSes, it's extremely clear -- the permission is described first as "Services that cost you money" and will then list that it can send SMS messages. It should be obvious that Uno has no need to be sending SMSes on your behalf.
  So anyone who gets burnt by these schemes would have to (a) search for a dodgy "free" version of a popular paid app and (b) install it even when there was a warning that it was going to potentially send costly SMSes. I know there are suckers born every minute, but you'd have to be a really, really cheap and stupid one to get hit by this.
  Of course, potentially Google should have predicted this and included an "Allow always/allow once/reject" prompt the first time a third-party app attempts to make a phone call or send an SMS. It's probably not a bad idea ...
5. Re:Walled gardens.. by chrb · 2012-01-01 14:09 · Score: 5, Informative
  
  the iOS App Store and KNOW all that stuff has already been done for me
  Malicious app penetrates iTunes store to test security Miller's malware was on the Apple app store for over 2 months, so clearly the Apple store is vulnerable to the same sort of shenanigans as the Android market.
  
  Apple has never had to exercise its "Kill Switch" option for an App already in the Wild
  From the BBC article: "Apple declined to comment. It also removed the app and barred the developer from its store."
6. Re:Walled gardens.. by shellbeach · 2012-01-02 18:28 · Score: 2
  
  All the developer has to do to get around this is to add "The app is also able to sync with other phones using SMS" to the description. Then the careful user compares the permission list with the description and accepts it.
  No, the careful user asks him/herself, "why on earth does an app need SMS capability to sync? I don't want to install software that sends out SMSes!" and doesn't install the app.
  The stupid user, OTOH, goes right ahead and installs it. The question is, how much should we be protecting people from themselves?
McAfee by symbolset · 2012-01-01 10:05 · Score: 2

I had hoped being owned by Intel would class up their act. Apparently not. Doubtless they sell a cure for this "threat".

--
Help stamp out iliturcy.
1. Re:McAfee by Smurf · 2012-01-01 11:11 · Score: 2
  
  The only reference to McAfee in TFS is this: "According to McAfee, almost all new mobile malware now targets Android." It also contains the only link o a FA that mentions McAfee.
  Thus I deduce that in you opinion, the fact that McAfee made such an assertion is a classless act. That means that you think that McAfee is either lying or bending the truth to suit them best. Or, in other words, you have data than contradicts the last graph of TFA (i.e., the bar plot showing the distribution of malware among mobile platforms).
  I will give you the benefit of the doubt, so please feel free to link to that data. Because it's not classy at all to claim that other people are lying unless you have reason to believe that's the case.
Still going on by Pop69 · 2012-01-01 10:25 · Score: 4, Insightful

The weekly/monthly stories that try to implant into peoples minds.

Android = Linux = Malware

Users are stupid whatever OS/Hardware they use, they will click on shit like this just because it pops up and they've never bothered to educate themselves about what it really means.
1. Re:Still going on by gstrickler · 2012-01-01 12:00 · Score: 3, Insightful
  
  And that's why "walled gardens" are safer for the vast majority of users.
  
  --
  make imaginary.friends COUNT=100 VISIBLE=false
2. Re:Still going on by frank_adrian314159 · 2012-01-01 13:37 · Score: 4, Insightful
  
  ... they will click on shit like this just because it pops up and they've never bothered to educate themselves...
  We have decades of observed behavior showing that users will not "educate themselves". As such, any consumer-facing system that requires users to "educate themselves" is de facto broken and, frankly, poorly designed.
  
  --
  That is all.
Bad Statistics by chrb · 2012-01-01 10:27 · Score: 2

"Number of new fake malware" is not that same as "number of malware infections". With the right tool you can generate an infinite number of malware variants. The statistic from McAfee includes every single individual file that contains some malware - this is like saying that, for an old school virus that infects .exe files on Windows, that every single infection counts as a different "unique malware instance". And if one of these is uploaded to an app store - even an app store that nobody uses, even for a "unique malware instance" that nobody ever installs - then it gets counted by McAfee. The equivalent in the iPhone world would be counting all malware in every random Cydia repository on the web. Obviously there is a big difference between a random repository on the web, and something being distributed by the official repository.
What would actually be useful is to know the number of malware instances that have made it on to app stores that people actually use (eg the official one), how many people installed them, and how long it was before the app was removed. But obviously this number would be much lower, and so generate far fewer page hits.
Re:Couple of years? by stephanruby · 2012-01-01 10:38 · Score: 5, Informative

McAfee should know, it's one of them too.
Their free trial virus scanner does the same thing, it's just slightly more subtle about it. I appreciate the fact that it helps clean up cookies, and I hate ad-network cookies as much as the next guy, but labeling each ad-network cookie as a separate infection is only designed to oversell what it does, and alarm non-technical users into ponying up more money for their over-priced software.
And eventually, their software behaves just like most malware anyway. It nags you every year for you to pay to resubscribe. It continually runs in the background slowing down your computer in everything it tries to do. And it ends up stealing a good portion of screen real estate away from a non-sophisticated user, who usually doesn't know how to remove it from his/her internet browser.
Not to mention that on a mobile device, it will also suck the battery dry.
"A sign that Android has arrived?" by erroneus · 2012-01-01 10:42 · Score: 2

Nah, not really... but I couldn't think of a better title.
Put something nice in the hands of the ignorant, and they will muck them up. It's what they always do. What's more, you let the greedy carriers and manufacturers decide when and how you can get updates and fixes, you'll find they won't be coming to your rescue.
I hate to say it since I'm an Android user myself, but these things have the advantages of a PC in that you can get any software you want onto these things. But they have an incredible weakness in that users can't casually "reload" the machine to clean them up.
I think it's time Android makers came up with a way for users to wipe and reload their devices as an alternative to processor and battery sucking anti-malware. We know they won't though... that'd open the doors to an even more fiendish group of people -- the firmware hackers!! If they leave things unlocked too much, they will lose a few bucks from people removing the bloatware from their phones and enabling features the carriers were careful to disable.
Re:Too open for its own good by Andraax · 2012-01-01 10:48 · Score: 2, Insightful

The reason iOS devices don't need anti-malware solutions is because all of the programs that run on that platform are from a secure and curated Apple App Store.
You know, we can make all computer systems secure by forcing people to only get software that has been screened by the government. And we can eliminate all sources of terrorist communication by forcing all telephone calls, email, letters, etc, to go through government "approval" censors. And we can eliminate fraud in the banking system by only allowing transactions that are pre-approved by the government. And we can improve car safety by only allowing people to buy cars supplied by the government.
And I wouldn't want to live in that world.
Re:Too open for its own good by LostCluster · 2012-01-01 10:51 · Score: 3, Insightful

Yeah, but where would the fake webpage buy its traffic from? Apple controls in-app ads, and Google censors its search ads all the time. A fake antivirus website that nobody visits is not a problem at all.
How would that work? by SuperKendall · 2012-01-01 10:52 · Score: 2

So, wait... If my "scam" website uses referrer headers to target iOS instead of Android browsers, then all of a sudden Android is the secure one right?
No, because even if you target iOS what will happen? Exactly nothing, because your virus-laden app is not in the app store.
Android has a lot more avenues of attack, including real applications - and many users who have purposefully allowed external downloads (even the Amazon market tells you to disable that block).

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Re:Too open for its own good by macs4all · 2012-01-01 10:54 · Score: 4, Insightful

Walled Gardens are the TSA Security Theater of the mobile space (coming soon to a PC near you!)

Not hardly.

When you talk about the TSA, there are literally hundreds of examples of the TSA not catching "banned items". WIth the iOS App Store, there have been what, one or two completely benign "breaches" in three years?

Hardly a fair comparison.

And, when compared with the track record of Android, even in the supposed "official" Android App Store, you would be bat-shit crazy to seriously suggest that Apple's curating of the App Store is "theater".
Actually, no. by SuperKendall · 2012-01-01 10:57 · Score: 2

You know, we can make all computer systems secure by forcing people to only get software that has been screened by the government.
You mean like an App TSA?
Yeah THAT would sure be a great idea.
No, the reason why Apple's security works is not JUST the app screening. It's defense in depth - app screening, sandboxing (prevention of hidden SMS), disallowing externally loaded apps without jailbreaking.
Also the real reason the screening does anything at all is not because Apple is so great at screening for security issues (they are not nor can anyone be) but because you have to go through the process of making an identity Apple trusts enough to allow app submission with. That's way too much effort for way to little payout since Apple could and would quickly pull any app found to have a real virus of some kind, and again even if you can get a malicious app in the store what could it really do?
The Apple (and Microsoft BTW) model works best for end users really because users that do not know any better are protected, while technical users who can handle the responsibility or removing layers of security can jailbreak and side load any apps they like.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Wrong, not with "phones and tablets" by SuperKendall · 2012-01-01 11:02 · Score: 2

The implication of this article is that the same mess is going to start happening with phones and tablets,
No.
The implication is this IS happening on Android phones and tablets. not just any "phones and tablets". WP7 and IOS both have enough controls in place that average users will not be affected much at all by viruses, for all sorts of reasons.
Android has made it too easy for average non-technical users to download apps from anywhere, for those apps to fundamentally change the system in ways the user may not comprehend. And so they are suffering the fate of those who would bring the sins of the past forward into smaller devices.
Technical users or those with technical friends can still easily open up iOS and WP7 but at least it's a more conscious and directed choice.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Walls go two ways by SuperKendall · 2012-01-01 11:08 · Score: 2

You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk.
If anyone can step over it, it's not a wall.
You seem to imply that any Android app store is a walled garden. An App Store is not what makes a wall, the wall is not only what lets applications into a collection of apps but the reach they have beyond once they get in.
Curated collections alone are not enough, you need to also have many layers of system security to bring any kind of meaning to the "wall" of the garden.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
the weekly A/V scam by Fuzi719 · 2012-01-01 11:28 · Score: 5, Interesting

It seems every week there is another "Oh Nos! Android is infested with malware!" article extolling the virtues of Apple and claiming all Android phones MUST install some A/V app or else your hair is going to fall out, your dog will get pregnant and your lawn will turn brown. Every one of these articles can be traced back to one of the major A/V vendors (who just happen to have a convenient Android A/V app for sale) or Apple. It is all FUD and BULLSH*T. Are there malware out there for Android? Yes. Is it widespread in the US? No. I've worked with Android phones for years, work with several administrators in corporate environments who service hundreds of Android phones, know dozens of friends with Android phones. I have NEVER encountered a single bit of malware. Not once. The few bits of malware that have gotten into the system in the US were quickly taken care of by Google. Tell me, have any of you EVER seen this "widespread malware" out in the field?
Re:Couple of years? by causality · 2012-01-01 13:16 · Score: 2

I appreciate the fact that it helps clean up cookies, and I hate ad-network cookies as much as the next guy
That's a job better performed by tools like Adblock Plus, a comprehensive /etc/hosts (or equiv.) file, various cookie management add-ons (or your browser's blocklist), session cookies only, and other measures that target the actual issue. That is much more effective and makes a great deal more sense than using a virus scanner for something that is not a virus.

--
It is a miracle that curiosity survives formal education. - Einstein
Key is "not derivative" by SuperKendall · 2012-01-01 13:52 · Score: 2

Wait, so are you saying that a Windows derivative is more secure then a Linux derivative?
No. The key is that WP7 is a green-field effort (or near to it). That's why it's actually pretty secure and well designed unlike so many other Microsoft products...
Linux is inherently pretty secure. The underlying system in Android is pretty secure, but then they built layers of services atop that that are too easily accessed by other applications (like SMS).
You can build an insecure system on top of anything... the most solid bedrock can be a fine pedestal for a house of cards.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley