Linked by Howard Fosdick on Mon 21st Nov 2011 07:28 UTC
Bugs & Viruses "What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011." A study by The Global Threat Center over at Juniper Networks details mobile attacks that are increasing both in numbers and sophistication. This contrasts to the iPhone, more secure in part due to Apple's proprietary hold over the platform through its review process.
Thread beginning with comment 497832
To view parent comment, click here.
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

sparkyERTW,


"The key is I don't install software from sources I don't trust...."

You are trusting software based on WHO is providing it rather than on what the software DOES. This shouldn't be the primary goal of platform security. Keep in mind this is exactly how ActiveX worked, and that was a nightmare. Now one could argue that it's the user's fault for installing controls from "untrusted sources", but what reasonable approach can a normal user take to determine the trustworthiness of a website running a technology that was meant to be ubiquitous?

The other issue is that even trustworthy sources can contain exploits and rootkits.


Clearly identity based solutions aren't a good substitute for good sandbox designs. You generally can run java/javascript from any arbitrary website using a recent web browser with fair confidence that it can't take over your machine.

We should take some responsibility by making operating systems that can securely contain nefarious apps.

Reply Parent Score: 2

sparkyERTW Member since:
2010-06-09

You are trusting software based on WHO is providing it rather than on what the software DOES.
...
The other issue is that even trustworthy sources can contain exploits and rootkits.
...
Clearly identity based solutions aren't a good substitute for good sandbox designs.
...
We should take some responsibility by making operating systems that can securely contain nefarious apps.


I don't disagree with single one of these points. My aim was simply to point out that taking a critical eye to your source can go a long way to safeguarding yourself (which of course is not foolproof, as you point out, and shouldn't be relied on exclusively). Likewise, while sandboxes are excellent at providing security, they should not be blindly thought of as 100% secure (which I don't think Tom was suggesting either, but it's worth saying).

In short: trust nothing, question everything ;)

Reply Parent Score: 2