if the systems I listed here that were breached here (any of the links I've been posting that dealt in ANDROID security issues
That's the point of "APK in computers can run software shocker"
And on balance, so far they have all appear to be Apple paid up Fear, Uncertainty and Doubt (FUD). Designed to make people think being able to run their own software on computers is in some way a bad thing.
Take a lot more than "Chinese make nasty applications" to make me want to give up the right to decide what software is installed on my own hardware, that is about a bad a security risk (my security that is) as there is going.
I'm still waiting for one example of an "in the wild" security risk that is Android related, as opposed to some variant of "computers can run software shocker".
Sure you can: Ever heard of SFTP? Secure FTP in other words & even 3rd party tools can do it
ROFL And you think Linux has a limited market share!
show me where I ever said ALL about Windows Services & shutting them ALL down...
here:
The only way to DO it, easily enough, and... yes, you can?
Is to go to security policies @ ALL levels (group & local) & block the services logon entities per service right off from logging on as 'service' or other possible entities, lol... Yes - it works, and windows boots, runs quick, but you can't get online (other things stop too, but that I recall vividly & immediately getting out & doing F8 restart to "Boot to Last Known Good Configuration" as the result... lol!).
:)
QUESTION: Were those links you just reposted that I posted earlier - were those posts about Android?
A simple YES or NO answer is all that is needed/expected...
APK in computers may be able to run software shocker
http://mobile.slashdot.org/story/11/02/23/1640252/Mobile-Spyware-Conferences-Into-Your-Calls..been working its way onto smartphones via alternative app marketplaces...
APK in computers can run software shocker
http://www.theregister.co.uk/2011/03/04/google_android_market_peril/..shows the pitfalls of Google's decision to make the operating system the Wikipedia of mobile platforms that offers apps written by virtually anyone...
APK in computers shouldn't run software shocker
Still waiting for just one that is a security problem in the wild rather than merely a vendor problem
one
Seriously, no point in running through an entire spybot S&D list, you'll find a hulluva lot more than 72 malicious apps. just uninstall them (or don't install them in the first place), if you care that much.
Very different to getting a text message that bricks your phone, switching off text messaging not a viable alternative for mobile phone users methinks.
Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.
Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.
Current information on that note I posted from this year (year end 2011) shows it's as vulnerable as any OS out there..
which "note"? vulnerable to what?
Linux has never had anything like Blaster, Zeusbot or any of the other myriad of worms that infest Windows machines on a daily basis, despite Linux machines being much higher value targets and connected to the web 24/7.
Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two.
You find a few examples of specifically targeted machines, which required hundreds of hours of computation time to breach, and use them as examples of how windows is just as secure, despite nearly every windows machine requiring milliseconds of computation time to pwn, while its doing nothing more than presenting a few badly drawn documents.
Comparable my arse, the security of Linux may not be perfect, never said it was, but in terms of network safety Linux is a Challenger tank with Trophy system and Windows is a bus full of Palestinian suicide bombers.
And all this is beside the point, that firstly, you haven't found a single exploited Android vulnerability; the best you can do is audit reports and fixes of unexploited vulnerabilities, or trojans bundled with other software which are easy enough to find and uninstall as to not pose a serious risk. And secondly, you have offered up no alternative to Android. iOS doesn't count because its useless to anyone who wants/needs to install anything homebrew, and the dire lack of security on windows phone http://techcrunch.com/2011/12/13/security-flaw-in-windows-phone-7-5-kills-the-messaging-hub/
is the least of its woes.
About how YOU stated that I didn't post any DIRECT Linux kernel level errors in ANDROID, & how things can install via malwares on ANDROID WITHOUT USER INTERACTION, despite your stating otherwise - I did, & it "silenced you" on that account... lol _ So google and facebook are "nobody"? Now that's a real ROFL!!!
You're the one who brought up Windows & desktop PC's, and hosts files, but still with no real explanation of wtf they have to do with Android, I was just pointing out that despite all the claims to the "contrary" using some "market share" metric, the simple fact is in real terms - i.e. what the internet actually gets used for, windows is a small fish in a large ocean, little more than a typewriter in the space age.
Going back to what I said earlier "Linux is as secure as you make it" i.e. sure there are problems, but nothing that has been seriously exploited that hadn't already been fixed.
"You cannot make windows secure" i.e. Doesn't matter how hard you try, there will always be a significant number of flaws that are exploited before they are fixed.
My comment was never that Android doesn't have any security issues, it was just that many/most of these "supposed" security flaws you are posting are not "Android problems" or are "no longer a problem for Android".
What gave you THAT idea? Blaster worm infected anyone connected directly to the internet(i.e.not going through a router- which ussually runs linux)with RPC active
Sure it is that nearly NOBODY uses Linux (on PC's & Desktops especially vs. Windows)
I did even better in posting ones regarding: 1.found and fixed before exploited in the wild. 2.Froyo = 2.2, now on 3.2
->I still do NOT "get" HOW you can say I relied on Linux
When you use the internet, you use much more than just the sinngle machine you are sat on. LAMP is the backbone of the modern internet. The main reason for this is the security of linux systems. Facebook, for example, is a much higher profile target than you and your worthless windows machine with anything usefull disabled. IIS just never made the grade.
J6P uses windows, because its easy to support by vendors, and easy for the non tech savvy to use. But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux. This may be "transparent" (i.e. the lowly user never knows they used linux), but then same lowly user is unlikely to know where microsoft stops and where activivsion starts when they fire up that latest game they got for Christmas.
DHCP Client DNS Client Plug & Play Remote Procedure Call (RPC)
So you still had to rely on Linux to protect you from the Blaster worm then?
Also "Nobody USES Linux nearly as much as Windows"
Simply isn't true. users may use windows, because that is what they are sold, but it terms of the computing they use they use linux far more, you, reading this, are probably using 1 windows machine, and rely on maybe upwards of 20 machines using some nix variant, before you get on to any of the other networking activities. Just because its transparent doesn't make those machines any less important.
Windows just isn't built for security, it is built for usability, but that is just because a windows machine typically has only one user, whereas a typical nix machine has hundreds, thousands, even hundreds of thousands everyday.
I'm still waiting for you to post a security flaw on android that doesn't require the "user" to install malicious software - i.e. one that affects anyone just "using" it. (you know, like simply reading a pdf document, or simply connecting the machine to the internet).
which "does not affect Android 2.2 or later versions"
I have no problems with security flaws being found & released after they have been fixed, I care slightly more about security flaws that are found after they are being actively used in the wild (e.g. zeus bot), but as far as I can see, that remains the nearly sole domain of windows systems.
The point we seem to be labouring, is you seem to think vendors installing malware is a security issue.
security issues are ones in which problems arise after you get the device, outside of its intended use. Most of what you are posting is complaints about software doing what it was intended to do (albeit not what the user expected), That is something very different to say, switching your computer on and instantly getting infected with a virus, which has plagued windows for decades and has never been a problem on linux.
The very fact your own link says: http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/ The Symbian, Windows Mobile and Blackberry modules of the notorious Zeus malware toolkit (also known as ZBot) have been known about for some months, and it has been clear that Zeus gang was interested in developing malware for mobile platforms.
However, until now we have not seen any evidence of Zeus targeting users who own Android or iOS (iPhone/iPad) devices. __ Shows this is still much more of a problem on windows devices than linux based ones.
There are also tools out for Android based devices that let you revoke permissions for installed apps, Is there anything like that for windows devices?
Simple fact is, Linux is as secure as you make it, but you cannot make windows secure.
Because my phone is Android, and it didn't come with CarrierIQ, and other peoples phones are not Android, and they do come with CarrierIQ so how can it be a android problem?
CarrierIQ is installed "on purpose" by the people who sell you the phone, its not the operating systems fault some people get their hardware from a dodgy vendor, and that vendor doesn't care what operating system you chose.
Not sure what a hosts file has to do with anything, but as you correctly point out, its less of a problem for android than other phones, because at least you can easily remove it if you are misguided enough to get a phone with such dodgy software.
According to the same sources which say Iran doesn't have it now? despite Iran parading them on live TV?
The incident was the first time it was successfully "battle tested", which is also when you sudddenly see all the claims by western media that they don't have it and Russia won't give it them.
Iran also already has nukes. They signed full military co-operation agreements with NK decades ago, even built the missile parts used for NKs recent ICBM tests.
Prices fell because the attack failed and Iran did not become a new war (they were high because all the traders were expecting a war, as they are again).
The failed attack was in July 2008, Check Lehmans Stock price from then compared to the rest of the market.
I know it doesn't match the "official story", don't much care, I traded it and it worked out well for me, the official story would not have.
Part of it not turning into a war was the Iranian people not being told about it.
Look how angry they get at the news someone stopped using their bank.
In 2008 Iran used Russian S300s to shoot down several assault planes violating its airspace, which it tracked lifting off from Iraq some hours earlier, 5 hours later the price of oil crashed through the floor, and shortly thereafter, Lehman Brothers, who were heavily long oil, went bust. And you think a picture of a drone would change a damn thing?
Media prints what its told to print in "press conferences". This bears virtually no resemblance to what is actually happening in the real world.
Slashdot Mirror
I need all of them, else why would they be there?
That's the point of
"APK in computers can run software shocker"
And on balance, so far they have all appear to be Apple paid up Fear, Uncertainty and Doubt (FUD). Designed to make people think being able to run their own software on computers is in some way a bad thing.
Take a lot more than "Chinese make nasty applications" to make me want to give up the right to decide what software is installed on my own hardware, that is about a bad a security risk (my security that is) as there is going.
I'm still waiting for one example of an "in the wild" security risk that is Android related, as opposed to some variant of "computers can run software shocker".
ROFL
And you think Linux has a limited market share!
here:
I don't understand the question.
Just checking
Nope, because you can't run services on windows without loosing security. Which is why you wrote that post saying shut them all down. Remember.
Fixed before exploited
APK in computers can run software shocker
APK in computers can run software shocker
APK in computers can run software shocker
APK discovers phones have GPS shocker
APK in computers may be able to run software shocker
APK in computers can run software shocker
APK in computers shouldn't run software shocker
Still waiting for just one that is a security problem in the wild rather than merely a vendor problem
one
Seriously, no point in running through an entire spybot S&D list, you'll find a hulluva lot more than 72 malicious apps.
just uninstall them (or don't install them in the first place), if you care that much.
Very different to getting a text message that bricks your phone, switching off text messaging not a viable alternative for mobile phone users methinks.
You do realise you are posting on slashdot right?
But every windows machine connects to at least 20 Linux machines a day, which is where your argument falls flat on its face.
It's true you've posted lots of links to security firms fixing Android bugs before they were seen exploited in the wild. I'm still waiting for one that was found in the wild before it was fixed. I showed you one for windows;
http://techcrunch.com/2011/12/13/security-flaw-in-windows-phone-7-5-kills-the-messaging-hub/
Surely you can manage at least one?
Nope, that was still you failing to RTFA
summary of
http://www.eweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040
says:
->fixed before they were exploited.
Must try harder
You linked
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel
which is a summary of
http://www.techweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040
which says
Not my fault if you failed to RTFA.
which "note"?
vulnerable to what?
Linux has never had anything like Blaster, Zeusbot or any of the other myriad of worms that infest Windows machines on a daily basis, despite Linux machines being much higher value targets and connected to the web 24/7.
Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two.
You find a few examples of specifically targeted machines, which required hundreds of hours of computation time to breach, and use them as examples of how windows is just as secure, despite nearly every windows machine requiring milliseconds of computation time to pwn, while its doing nothing more than presenting a few badly drawn documents.
Comparable my arse, the security of Linux may not be perfect, never said it was, but in terms of network safety Linux is a Challenger tank with Trophy system and Windows is a bus full of Palestinian suicide bombers.
And all this is beside the point, that firstly, you haven't found a single exploited Android vulnerability; the best you can do is audit reports and fixes of unexploited vulnerabilities, or trojans bundled with other software which are easy enough to find and uninstall as to not pose a serious risk. And secondly, you have offered up no alternative to Android. iOS doesn't count because its useless to anyone who wants/needs to install anything homebrew, and the dire lack of security on windows phone
http://techcrunch.com/2011/12/13/security-flaw-in-windows-phone-7-5-kills-the-messaging-hub/
is the least of its woes.
Oh, and the CA's and were breached using good old brute force attacks on ftp and sql servers.
Again, not Linux specific issues.
No you didn't, you posted a link to security issues which were:
->fixed before they were exploited.
Yawn, must try harder.
Its pretty obvious why you want "no questions asked".
Thanks to 3rd party advertising code embedded in the old LSE website, no linux to blame there, just good old html.
Thanks to 3rd party windows machines not doing what they were supposed to.
Ooops, shoot. foot. self.
I guess next you'll be blaming some flood damage on operating system choice. I'm sure you can manage it somehow if you try hard enough.
Also
London stock Exchange woes were not Linuxs fault!
http://www.zdnet.com/blog/open-source/london-stock-exchange-woes-not-linuxs-fault/8358
yet more "OMG someone using linux has problems - blame linux" FUD.
_P.S.=> It's also funny how you "abandoned" your statements here requoted in my last post too:
http://news.slashdot.org/comments.pl?sid=2586024&cid=38502472
About how YOU stated that I didn't post any DIRECT Linux kernel level errors in ANDROID, & how things can install via malwares on ANDROID WITHOUT USER INTERACTION, despite your stating otherwise - I did, & it "silenced you" on that account... lol
_
So google and facebook are "nobody"?
Now that's a real ROFL!!!
You're the one who brought up Windows & desktop PC's, and hosts files, but still with no real explanation of wtf they have to do with Android, I was just pointing out that despite all the claims to the "contrary" using some "market share" metric, the simple fact is in real terms - i.e. what the internet actually gets used for, windows is a small fish in a large ocean, little more than a typewriter in the space age.
Going back to what I said earlier
"Linux is as secure as you make it"
i.e. sure there are problems, but nothing that has been seriously exploited that hadn't already been fixed.
"You cannot make windows secure"
i.e. Doesn't matter how hard you try, there will always be a significant number of flaws that are exploited before they are fixed.
My comment was never that Android doesn't have any security issues, it was just that many/most of these "supposed" security flaws you are posting are not "Android problems" or are "no longer a problem for Android".
What gave you THAT idea?
Blaster worm infected anyone connected directly to the internet(i.e.not going through a router- which ussually runs linux)with RPC active
Sure it is that nearly NOBODY uses Linux (on PC's & Desktops especially vs. Windows)
http://en.wikipedia.org/wiki/Google_platform
http://www.computerworld.com/s/article/9116787/Wikipedia_simplifies_IT_infrastructure_by_moving_to_one_Linux_vendor
http://www.linuxtoday.com/developer/2010072300835NWHESV
etc. etc.
I did even better in posting ones regarding:
1.found and fixed before exploited in the wild.
2.Froyo = 2.2, now on 3.2
->I still do NOT "get" HOW you can say I relied on Linux
When you use the internet, you use much more than just the sinngle machine you are sat on. LAMP is the backbone of the modern internet.
The main reason for this is the security of linux systems. Facebook, for example, is a much higher profile target than you and your worthless windows machine with anything usefull disabled. IIS just never made the grade.
J6P uses windows, because its easy to support by vendors, and easy for the non tech savvy to use. But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux. This may be "transparent" (i.e. the lowly user never knows they used linux), but then same lowly user is unlikely to know where microsoft stops and where activivsion starts when they fire up that latest game they got for Christmas.
The minimum ones are:
DHCP Client
DNS Client
Plug & Play
Remote Procedure Call (RPC)
So you still had to rely on Linux to protect you from the Blaster worm then?
Also
"Nobody USES Linux nearly as much as Windows"
Simply isn't true. users may use windows, because that is what they are sold, but it terms of the computing they use they use linux far more, you, reading this, are probably using 1 windows machine, and rely on maybe upwards of 20 machines using some nix variant, before you get on to any of the other networking activities. Just because its transparent doesn't make those machines any less important.
Windows just isn't built for security, it is built for usability, but that is just because a windows machine typically has only one user, whereas a typical nix machine has hundreds, thousands, even hundreds of thousands everyday.
I'm still waiting for you to post a security flaw on android that doesn't require the "user" to install malicious software - i.e. one that affects anyone just "using" it. (you know, like simply reading a pdf document, or simply connecting the machine to the internet).
Perhaps the best one you have come up with so far is:
http://it.slashdot.org/story/10/11/05/0229205/Researcher-To-Release-Web-Based-Android-Attack
which "does not affect Android 2.2 or later versions"
I have no problems with security flaws being found & released after they have been fixed, I care slightly more about security flaws that are found after they are being actively used in the wild (e.g. zeus bot), but as far as I can see, that remains the nearly sole domain of windows systems.
The point we seem to be labouring, is you seem to think vendors installing malware is a security issue.
security issues are ones in which problems arise after you get the device, outside of its intended use. Most of what you are posting is complaints about software doing what it was intended to do (albeit not what the user expected), That is something very different to say, switching your computer on and instantly getting infected with a virus, which has plagued windows for decades and has never been a problem on linux.
The very fact your own link says:
http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/
The Symbian, Windows Mobile and Blackberry modules of the notorious Zeus malware toolkit (also known as ZBot) have been known about for some months, and it has been clear that Zeus gang was interested in developing malware for mobile platforms.
However, until now we have not seen any evidence of Zeus targeting users who own Android or iOS (iPhone/iPad) devices.
__
Shows this is still much more of a problem on windows devices than linux based ones.
There are also tools out for Android based devices that let you revoke permissions for installed apps, Is there anything like that for windows devices?
Simple fact is, Linux is as secure as you make it, but you cannot make windows secure.
Saying
"CarrierIQ is an Android problem"
is a lot like saying
"Cars are a Suzuki problem"
Sorry but
Not all cars are Susuki's
like
Not all CarrierIQs are on Android
and
Not all Susuki's are cars
like
not all Androids have carrierIQ
and cars aren't that much of a problem
like
CarrierIQ is not that much of a problem
And plenty of Windows PC's come with CarrierIQ like stuff installed on them:
http://www.dailymail.co.uk/news/article-1383216/Rental-chain-Aarons-caught-spying-customers-home-taking-webcam-photos.html
Because my phone is Android, and it didn't come with CarrierIQ, and other peoples phones are not Android, and they do come with CarrierIQ so how can it be a android problem?
CarrierIQ is installed "on purpose" by the people who sell you the phone, its not the operating systems fault some people get their hardware from a dodgy vendor, and that vendor doesn't care what operating system you chose.
Not sure what a hosts file has to do with anything, but as you correctly point out, its less of a problem for android than other phones, because at least you can easily remove it if you are misguided enough to get a phone with such dodgy software.
No
It doesn't run on my android phone.
But it does run on any phone its installed on.
But CarrierIQ runs on the iPhone as well, and Nokias, so how is it an "Android problem"?
The old Razr mobiles could be used as remote listening devices.
APK in "computers can run software" shocker.
CarrierIQ is not an android problem.
According to the same sources which say Iran doesn't have it now? despite Iran parading them on live TV?
The incident was the first time it was successfully "battle tested", which is also when you sudddenly see all the claims by western media that they don't have it and Russia won't give it them.
Iran also already has nukes. They signed full military co-operation agreements with NK decades ago, even built the missile parts used for NKs recent ICBM tests.
Prices fell because the attack failed and Iran did not become a new war (they were high because all the traders were expecting a war, as they are again).
The failed attack was in July 2008, Check Lehmans Stock price from then compared to the rest of the market.
I know it doesn't match the "official story", don't much care, I traded it and it worked out well for me, the official story would not have.
Part of it not turning into a war was the Iranian people not being told about it.
Look how angry they get at the news someone stopped using their bank.
But try:
http://fabiusmaximus.wordpress.com/2008/07/13/psy-war/
Seems to link many of the sources, I was just going from what real people on the ground said at the time.
- Do you have any links to any "evidence" or "proof" of any of this?
Sure.
you want it in 1's or 0's?
In 2008 Iran used Russian S300s to shoot down several assault planes violating its airspace, which it tracked lifting off from Iraq some hours earlier, 5 hours later the price of oil crashed through the floor, and shortly thereafter, Lehman Brothers, who were heavily long oil, went bust. And you think a picture of a drone would change a damn thing?
Media prints what its told to print in "press conferences". This bears virtually no resemblance to what is actually happening in the real world.