Linked by Thom Holwerda on Tue 12th Jan 2010 23:38 UTC
Google Ah, and there we have it: another chapter in the discussion between open and closed when it comes to application stores. A phishing application, masquerading as a banking application from First Tech Credit Union, made its way onto the Android Market. It was removed quickly, but the damage is done.
Order by: Score:
App Market model fundementally flawed
by rafial on Wed 13th Jan 2010 05:48 UTC
rafial
Member since:
2007-12-04

For my part, I view this as further proof that the "App Market" model, whether "open" or closed is fundamentally flawed. It creates problems for developers, by forcing them to dance to the tune of some gatekeeper, and severing the direct interaction between software users and software creators, at the same time it gives users a false sense of safety by giving apps sold through such markets a veneer of legitimacy. With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?), but in the case of these App Stores, all software is poured into one giant soup, associated with a credible source (Apple or Google) with the wave of a magic wand, and then consumers are left to fend for themselves.

Personally, I consider "App Stores" to be a huge step backwards the the distribution of software. Hopefully they'll prove to be an aberration in the long run.

Reply Score: 2

Laurence Member since:
2007-03-26

For my part, I view this as further proof that the "App Market" model, whether "open" or closed is fundamentally flawed. It creates problems for developers, by forcing them to dance to the tune of some gatekeeper, and severing the direct interaction between software users and software creators, at the same time it gives users a false sense of safety by giving apps sold through such markets a veneer of legitimacy. With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?), but in the case of these App Stores, all software is poured into one giant soup, associated with a credible source (Apple or Google) with the wave of a magic wand, and then consumers are left to fend for themselves.

Personally, I consider "App Stores" to be a huge step backwards the the distribution of software. Hopefully they'll prove to be an aberration in the long run.


So one phishing app ended up on Google's market.
Yeah it's a great shame, I feel for the users and perhaps means Google might have to review their policy on accepting banking (and other related) apps.
However it's hardly worse than expecting users to search the net looking for these apps themselves.

You state that users have learned to think critically - well I'd argue they haven't:
* people still reply to those stupid scam e-mails ("I am a [insert minority nation] prince...", "You have one the Mars colony lottery...", etc)
* people still use Limewire and Bit-torrent to download software,
* and some people still don't even run virus scanners!

And those that aren't stupid enough to do any of the above (but still aren't computer literate like us) still have to differentiate between fake web sites and real ones (where fake sites pretend to be authentic and offer apps to download but said apps contain spyware)

The internet is a bog of scams and malware.
So sometimes it takes a technical eye to tell the difference between 'safe' and 'spyware' when you're after popular software.

So stating that millions of users are better off completely out on their own because one app slips through on Google's market is a touch unfair.

Sure this will be embarissing for Google and a PITA for their customers - but hopefully Google will learn from this and move on.

Reply Score: 5

ivaniclixx Member since:
2008-07-14

A "virus scanner" is, IMHO, one of the best example of what a virus is: It makes your computer run slower, with more stupid questions about opening/doing everything, and still doesn't guarantee anything.

So, no, I don't run a virus scanner on my XP.

Reply Score: 1

Laurence Member since:
2007-03-26

A "virus scanner" is, IMHO, one of the best example of what a virus is: It makes your computer run slower, with more stupid questions about opening/doing everything, and still doesn't guarantee anything.

So, no, I don't run a virus scanner on my XP.


Then I'd suggest that you were perhaps running the wrong virus scanner previously.


<pedantic>
Also, virus scanners aren't self replicating, so a most they're trojens rather than viruses.
</pedantic>

Reply Score: 2

ivaniclixx Member since:
2008-07-14

From the base, I ran the worst OS :-).

And I'm talking about the antivirus I've seen over these years: in my institute, at work, and at friend's homes.

And yes, maybe It's more like a trojan, whatever; It would be funny to see a self-replicant antivirus.

Reply Score: 1

StephenBeDoper Member since:
2005-07-06

Then I'd suggest that you were perhaps running the wrong virus scanner previously.


Honest question: is there any current Windows AV software that ISN'T a cure worse than the disease?

I used to be a big AVG fan (and reseller), but they've been going steadily downhill - I finally uninstalled it from my laptop after the 300th or 400th time I had to kill avgsrx.exe because it was randomly jumping to 95% CPU utilization (not to mention the "link scanner" stupidity in recent versions). Avast has a decent reputation, but I couldn't stand its interface - looks like something designed to be a prop in one of the CSI shows (and I nearly jumped out my seat the first time I heard the "Virus definitions updated" audio file, thanks to having headphones on at the time).

I tried Microsoft Security Essentials on a few computers, but after a few weeks it started exhibiting the same behaviours as AVG (excessive, unexplained CPU utilization). And I'm not even going to start on Norton and McAfee (only 6891 characters left, after all).

Also, virus scanners aren't self replicating, so a most they're trojens rather than viruses.


I can find no fault with that classification.

Reply Score: 3

pandronic Member since:
2006-05-18

From my personal experience Microsoft One Care is pretty decent in terms of user experience, I'm not so sure about how good it is though as an AV. It let one trojan slip and I had to lose one day to clean my box. I'm giving it another chance though, because I really like the OS integration.

AVG is pretty ok, but again, it let another trojan slip and I had to reinstall the OS.

Avast as you said has a dreadful interface.

I really don't get it ... why can't the AV people use the standard OS widgets? Do people really think that if an AV looks fancier it works better?

Reply Score: 2

StephenBeDoper Member since:
2005-07-06

I really don't get it ... why can't the AV people use the standard OS widgets? Do people really think that if an AV looks fancier it works better?


Agreed. That was one of the things that initially drew me to AVG: it was one of the few AV apps with an interface that didn't look like a Windows Media Player skin.

I can only guess that AV companies let their programmers do interface design.

Reply Score: 2

Thom_Holwerda Member since:
2005-06-29

Honest question: is there any current Windows AV software that ISN'T a cure worse than the disease?


Security Essentials from Microsoft. Try it out.

Reply Score: 1

StephenBeDoper Member since:
2005-07-06

"Honest question: is there any current Windows AV software that ISN'T a cure worse than the disease?


Security Essentials from Microsoft. Try it out.
"

Been there, done that:


I tried Microsoft Security Essentials on a few computers, but after a few weeks it started exhibiting the same behaviours as AVG (excessive, unexplained CPU utilization).

Reply Score: 2

Laurence Member since:
2007-03-26

Honest question: is there any current Windows AV software that ISN'T a cure worse than the disease?


I've not really used Windows much in the last 3 or so years - but back when I did - I used to swear by Avast.

Sure the interface is awful, but I never really needed to load it up. I was just happy leaving the service running in the background as, unlike most AVs, Avast doesn't have a large foot print.

So I never really needed to worry about the interface much, but I do fully agree that who ever designed that needs to be sacked hehehe.

Reply Score: 2

werpu Member since:
2006-01-18

It depends Google handles the gatekeeper role pretty well, they do not enforce anything, but pull out an app quickly once there are reports of being malware etc...
and unlike Apple google does not force the developers into the app store, every android phone allows to install third party applications directly or from the web (checkbox allow installations from unknown sources in the settings)
So far I am pretty happy in the way google handles everything.

Reply Score: 3

Karitku Member since:
2006-01-12

Interesting argument. It would also mean that Linux application hives or what a hell you call them these days are also faulty, since in essence they are app stores or rather app warehouses.

I do agree that centralized installation pools have problems. I don't however think that issue raised in this news is true problem. Bigger problem is to find anything on those. Look Apple MarketPlace which is filled with clone apps and hoax reviews, rendering it partly useless.

I think major problem with Android store is lack of control, something that this showed. Google should increase control and testing of applications. I still think Android store is best compared to Nazi-Apple Store and Give all Money Microsoft MarketPlace.

Reply Score: 2

Laurence Member since:
2007-03-26

Interesting argument. It would also mean that Linux application hives or what a hell you call them these days are also faulty, since in essence they are app stores or rather app warehouses.


I don't think it's a big a problem on Linux since the apps on are open source (ie the package maintainers can go in and remove offending code should there be any).

But obviously, even open source is no guarantee as it's impossible to check all of the source all of the time and furthermore Linux's repository model wouldn't work for the iPhone/Android et al as there's a whole business around the sale of closed binaries on those platforms.

Reply Score: 2

strcpy Member since:
2009-05-20


I don't think it's a big a problem on Linux since the apps on are open source (ie the package maintainers can go in and remove offending code should there be any).


How does this relate to open source exactly? Like Apple couldn't go in and remove offending code should there be any. And like Apple, open source "vendors" are not liable, nor claiming to be, to possible "bad software" (malware, software with critical security vulnerabilities, etc.) possibly distributed via their channels.

It is about centralized control, which in my opinion is a good thing. And when you remove the jargon and look this from more theoretical point, open source "repositories" and commercial "app stores" are pretty much the same thing.

Reply Score: 2

Laurence Member since:
2007-03-26

How does this relate to open source exactly? Like Apple couldn't go in and remove offending code should there be any. And like Apple, open source "vendors" are not liable, nor claiming to be, to possible "bad software" (malware, software with critical security vulnerabilities, etc.) possibly distributed via their channels.

You've blown my comment out of proportion. It wasn't an attack on Apple nor anyone else.

I'm just stating that in Linux a lot of bugs are captured when the distro devs are packaging for their repositories (as it's not usually as simple as just adding a file to their catalogue).
So to debug them, they have to go in and amend the source code.
Hence why I suggested that malware could potentially be picked up there too.

The reason I state that this doesn't apply to Apple is simply because (AFAIK) their iPhones app store just receives binaries that they approve or deny.
So if there's malware - they can't amend the binary. They can only decline it.

But obviously the iPhones business model is different hence why I couldn't see Linux style repositories working on the iPhone (else Google wouldn't have gone down the closed source option as well with their Android app store)

I'm not trying to state that either business model is better nor that Linux will catch all malware (just that there's a potential for Linux to capture some before it hits the users much like how Apple strictly test their 3rd party iPhone apps before publishing them)


It is about centralized control, which in my opinion is a good thing. And when you remove the jargon and look this from more theoretical point, open source "repositories" and commercial "app stores" are pretty much the same thing.

I 100% agree and I never, at any point, claimed otherwise.

In fact, all of the points I've made re repositories have stated just this (though sometimes more inferred than literally stated)

Reply Score: 2

WorknMan Member since:
2005-11-13

With traditional computer software, coming from a multiplicity of sources, users have learned to think critically about whether a piece of software might be trustworthy or not (e.g. in the case of a banking client, is this coming from the bank's website or not?)


Only the more literate users have learned to think critically in this way. If it were the case that ALL users were actually paying attention to what they were installing instead of just double clicking on 'angelina_jolie_nude.jpg.exe', Windows would be the most secure OS on the market ;)

Reply Score: 2

need BOTH trusted and open markets
by project_2501 on Wed 13th Jan 2010 22:23 UTC
project_2501
Member since:
2006-03-20

We need BOTH trusted and open app markets.

A bit like Linux package repositories ... "fully tested for 2 years", and "untrusted cutting edge, egde of legal media codecs and players for linux"

Then it's up to you, the customer, to choose your appetite for risk.

Reply Score: 2

Who is watching the gate?
by bousozoku on Thu 14th Jan 2010 07:33 UTC
bousozoku
Member since:
2006-01-23

I'm 90 % happy with what Apple are doing. It's just the haphazard application of their methodology that fails to ensure quality and/or adherence. Even then, they refunded the money to those who bought the "I'm Rich" application and have after the fact removed one developer's over 1000 applications from the catalogue due to copying.

Someone has to watch the gate, even if it's a magazine editor reviewing the software. As has been said, people fall for scams all the time and many people know as little about technology as possible.

It would be nice to have the company responsible for the platform watching, along with trusted, impartial users checking software before the general public uses it. That way, the rules are applied in a consistent way and larger development companies aren't given special treatment.

Reply Score: 2