Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?
There are 0day ring0 exploits floating round for both windows desktops and linux installs (many more for windows though).
But you haven't posted one link to an android application escaping ring3, they are all privilege escalations within ring3
ergo Android security > windows and linux security. ring0=critical ring1/2=serious ring3=minor
ergo, you have only posted "minor" android security issues.
Wail bitch and moan that your beloved windows in an inferior malware infested heap of shit all you want, I'm still waiting for this "Hammer Drop Tyme & nuclear eulogy forthcoming", right at this moment you are still firing blanks.
NOT ACCORDING TO 90++ links of security issues occurring on it I posted
Entirely subjective. you see 90 odd links demonstrating insecurities.
Anyone who can afford decent consumer electronics and so owns an Android device sees 90 odd links that don't and won't affect them.
would be exposed as hiding behind security by obscurity for years now (because a 1.19% marketshare @ BEST/MOST on PC desktops where the "easy meat users" are the exploit them, it had none - wasn't worth attacking)
Here, Linux is far ahead of Windows Operating System: Web Server market share of Linux is more than 71% and Microsoft Windows share is only around 16%.
Therefore your argument that Linux is somehow some "obscure" OS that no one uses doesn't hold water.
The only place it seems to have any relevance is in terms of the applications used by users on these operating systems. But here Android is lightyears ahead of both windows and linux, simply because its application model is secure by design, but nix and windows only offer userspace, and your "90 odd links" show nothing more than some reversion back to the level of security offered by userspace.
In short, you posted 90 odd links showing Android is at least as secure as the most secure windows and linux installations.
ROFL. Top link Andriod FAQ. Q.Is android secure A. Yes,The security and privacy of our users' data is of primary importance to the Android Open Source Project. We are dedicated to building and maintaining one of the most secure mobile platforms available while still fulfilling our goal of opening the mobile device space to innovation and competition.
Why do you need to have a remote shell on a smartphone for?
I use one on the tablet so I can control it while its connected to the HDTV using my phone.
You also avoided answering IF there are security guides for security hardening ANDROID phones... well??
I doubt there are many articles about it, there is only really one thing you need do, which is only install software on it you trust to use your phone.
ANDROID IS VULNERABLE TO SERIOUS ATTACKS & HAS BEEN THUS ATTACKED WHERE IT IS WEAK,
Which apparently is the user rather than the OS.
JUST LIKE WINDOWS HAS BEEN... period/fact!
ROFL You still haven't explained why,
choosing to install software on a mobile phone that can: Read contacts Make phone calls read emails and send SMS messages read documents view webpages and watch videos
In any way constitutes a "serious security vulnerability"
But to say this is "just like windows" (for all its remote code exploits)........ The only person in denial here seems to be you.
Once a Linux gets a "majority market-share" on ANY platform? It will be attacked & its security "vulnerabilities" on said platform exploited
Well, it was "attacked", and by the looks of your "90 links", with quite some furore.
But no one seems to of actually found a serious vulnerability yet, given despite your efforts you still haven't found a single vulnerability that can get past "Step 1:Don't install new software on it (other than ones you write yourself)".
I have to love the irony of the man sat on the bus full of Palestinian suicide bombers telling a tank driver his armour isn't thick enough so he doesn't wouldn't want to ride in the tank anyway.
You're a perfect example of cognitive dissonance imho.
It's like I told you - check that mp3 out about securing smartphones, & when the presenter asked HOW MANY OF THE AUDIENCE (mostly hacker/cracker - or - security types) HAD SMARTPHONES? It was a MINORITY... & I am telling you WHY - the tech isn't "security-mature" yet is why!
But as we've already established, securing an android phone really couldn't get any easier, and is no different than an ordinary phone.
Step 1. Don't install any new software on it (other than stuff you write yourself).
Which is why "I won't get a smartphone cos it's to insecure", really means "I won't get a smartphone cos I can't afford it".
> I posit that there is nothing inherently bad with any speech
Excellent. Let me know your credit card numbers. I'm sure you won't mind if broadcast them to the entire internet - it's just speech. Also, there's no such thing as "imaginary property". You suffer no loss from my telling them to everyone - you are still in possession of the numbers after I do, so this is not theft.
As I said elsewhere, it isn't missing built in IPSEC, its just that Cisco don't have a standards compliant VPN solution, and haven't released a 3rd party app to allow people invested in their hardware to connect to their routers over secure VPN.
Take it up with Cisco.
The reason WHY is most of us are waiting for the time they MATURE MORE on the SECURITY FRONT is why - I won't, because of THAT alone to be blunt about it.
If security issues of ANY kind happened on ANDROID? It's an ANDROID (thus, a Linux problem) problem.
Wow, that has to be the most feeble attempt at constructing an argument I have seen in a long time.
Firstly, we've already established none of your 90 odd links relate to hacked linux, all they show is despite significant effort by hackers to target Android users, they have not escaped Linux userspace, and the best they can do is bypass some additional permissions created by the Dalvik VM in applications the user chooses to install. And even then they are easy to remove using stock application management settings.
But its just not true, the link just tells you exactly which settings on a stock android installation to connect to a L2TP/IPSEC VPN, the link I gave is just for an encrypted VPN provider that supports Android. I use it to connect to home, just checked and my router says the connection is: ( msparks ) L2TP 3DES-SHA1 Auth Data is encrypted.
Which is great, because it lets me visit all the pron and whatnot on my phone (which are otherwise blocked on the 3G network), along with giving me full access to JANET on my phone.
I believe what's missing is a cisco client, because cisco VPN's do not abide by any particular standards, and cisco haven't released a VPN client for android.
Folks lost money by it being stolen from them on ANDROID smartphones, & YOU SAID IT WASN'T SERIOUS? Please, that's *almost* as serious as it gets (only lives threatened is more serious)).... apk
No more due to an "Android security problem" than 401 scams are due to an "email security problem".
"secure by design" requires strong security built in from the start surely?
Will save a fortune later on "hardening" if it is designed well from the start.
Something i've been playing with for a while is the honeypot idea.
Basically, lock everything important behind everything you can think off, wall after wall after wall. But then at the webserver end stick a non hardened honeypot - with shed loads of intrusion detection built in.
Then, any IP that drinks from the honeypot gets a network wide ban (I catch 5 or 6 IPs a month from malformed URLs alone).
I still can't get my head around how you can think an OS hat exposes an informed sensible user who sticks with FOSS to zero risk can have "serious security flaws".
Slashdot Mirror
And they are still better off than if they bought an iPhone.
Even if it was true.
But my guess is your source is about as reliable as the morons who told you Android has no IPSEC.
Seem like you are getting a bit desperate now.
Entirely subjective.
you see 90 odd links demonstrating insecurities.
Anyone who can afford decent consumer electronics and so owns an Android device sees 90 odd links that don't and won't affect them.
Exploiting a websever is a much higher value target than a normal user, what marker share does linux have in the webserver market:
http://www.thegeeksclub.com/windows-linux-os-secure-easy
Even in the more accurate studies of the "ultra high value" fortune1000 companies Nix holds a very strong market share:
http://www.port80software.com/surveys/top1000webservers/
Therefore your argument that Linux is somehow some "obscure" OS that no one uses doesn't hold water.
The only place it seems to have any relevance is in terms of the applications used by users on these operating systems. But here Android is lightyears ahead of both windows and linux, simply because its application model is secure by design, but nix and windows only offer userspace, and your "90 odd links" show nothing more than some reversion back to the level of security offered by userspace.
In short, you posted 90 odd links showing Android is at least as secure as the most secure windows and linux installations.
ROFL.
Top link
Andriod FAQ.
Q.Is android secure
A. Yes,The security and privacy of our users' data is of primary importance to the Android Open Source Project. We are dedicated to building and maintaining one of the most secure mobile platforms available while still fulfilling our goal of opening the mobile device space to innovation and competition.
I use one on the tablet so I can control it while its connected to the HDTV using my phone.
I doubt there are many articles about it, there is only really one thing you need do, which is only install software on it you trust to use your phone.
If only windows were that simple.
Why would you use a remote shell to break your own sandbox?
Hang on, did you just say windows 2000 and XP isn't secure?
Why is the ability to control a completed isolated sandbox on your phone (or someone who you allow) remotely "bad"?
Does a security hardened windows not allow a remote shell?
How do you manage it remotely?
But we've been through these two already.
The first is the results of a security audit (rather than 0day vulns) to secure the operating system, the second is not an "exploit" any more than:
http://sourceforge.net/apps/mediawiki/tigervnc/index.php?title=Welcome_to_TigerVNC
But for some reason you are ignoring the fact it is making as vulnerable a target as a tank is to a young boys rocks.
Yawn.
Which apparently is the user rather than the OS.
ROFL
You still haven't explained why,
choosing to install software on a mobile phone that can:
Read contacts
Make phone calls
read emails
and send SMS messages
read documents
view webpages
and watch videos
In any way constitutes a "serious security vulnerability"
But to say this is "just like windows" (for all its remote code exploits)........
The only person in denial here seems to be you.
Confirmation bias.
Well, it was "attacked", and by the looks of your "90 links", with quite some furore.
But no one seems to of actually found a serious vulnerability yet, given despite your efforts you still haven't found a single vulnerability that can get past "Step 1:Don't install new software on it (other than ones you write yourself)".
I have to love the irony of the man sat on the bus full of Palestinian suicide bombers telling a tank driver his armour isn't thick enough so he doesn't wouldn't want to ride in the tank anyway.
You're a perfect example of cognitive dissonance imho.
Although, in your case, I suspect it's more like "I won't get a smartphone cos mummy won't buy me one"
But as we've already established, securing an android phone really couldn't get any easier, and is no different than an ordinary phone.
Step 1. Don't install any new software on it (other than stuff you write yourself).
Which is why "I won't get a smartphone cos it's to insecure", really means "I won't get a smartphone cos I can't afford it".
What a wonderful strawman you built there.
As I said elsewhere, it isn't missing built in IPSEC, its just that Cisco don't have a standards compliant VPN solution, and haven't released a 3rd party app to allow people invested in their hardware to connect to their routers over secure VPN.
Take it up with Cisco.
You mean you/they are too poor to pay twice.
I can't imagine why that would be.
Wow, that has to be the most feeble attempt at constructing an argument I have seen in a long time.
Firstly, we've already established none of your 90 odd links relate to hacked linux, all they show is despite significant effort by hackers to target Android users, they have not escaped Linux userspace, and the best they can do is bypass some additional permissions created by the Dalvik VM in applications the user chooses to install. And even then they are easy to remove using stock application management settings.
And then to top it all off you finish with a blatantly false claim.
Here is a screenshot of the "IPSec solution integrated into stock ANDROID" settings screen.
https://sc1.checkpoint.com/sc/SolutionsStatics/sk63324/AndroidL2TP.png
But its just not true, the link just tells you exactly which settings on a stock android installation to connect to a L2TP/IPSEC VPN, the link I gave is just for an encrypted VPN provider that supports Android.
I use it to connect to home, just checked and my router says the connection is:
( msparks ) L2TP
3DES-SHA1 Auth
Data is encrypted.
Which is great, because it lets me visit all the pron and whatnot on my phone (which are otherwise blocked on the 3G network), along with giving me full access to JANET on my phone.
I believe what's missing is a cisco client, because cisco VPN's do not abide by any particular standards, and cisco haven't released a VPN client for android.
No more due to an "Android security problem" than 401 scams are due to an "email security problem".
PICNIC = Problem In Chair Not In Computer
Its not "3rd party", its part of the standard install.
So you don't even have an Android phone then.
Yawn, not true.
https://www.vpnreactor.com/android_l2tp_ipsec.html
Hmm, yes but.
"secure by design" requires strong security built in from the start surely?
Will save a fortune later on "hardening" if it is designed well from the start.
Something i've been playing with for a while is the honeypot idea.
Basically, lock everything important behind everything you can think off, wall after wall after wall. But then at the webserver end stick a non hardened honeypot - with shed loads of intrusion detection built in.
Then, any IP that drinks from the honeypot gets a network wide ban (I catch 5 or 6 IPs a month from malformed URLs alone).
Java
[almost] end of story.....
Yeah, I also like the "Red Black" concepts and wikipedia has quite a nice article on
http://en.wikipedia.org/wiki/Secure_by_design
I still can't get my head around how you can think an OS hat exposes an informed sensible user who sticks with FOSS to zero risk can have "serious security flaws".