Summary: Bits of recent news (from last week and beforehand) about mobile platforms and platform security

IN THE LAST post on this subject (before moving to a new house) it was clarified that Linux had more or less won the mobile wars. Android is unstoppable, but Microsoft and Apple resort to dirty tactics which include patent lawsuits. There's that lack of a sense of ethics in the proprietary software camp and it really shows.

It may take several days to catch up with the past week's news, but looking a week back, there are certain unmissable incidents that ought to be filed here. First of all, Microsoft continues to be utter rubbish at security (and at mobile too) not because some of its software is ubiquitous but because Microsoft's patching habits are poor. As The Register put it, "March Patch Tuesday leaves IE unpatched for Pwn2Own hackers":

Microsoft – unlike its browser rivals – will not be patching Internet Explorer before the upcoming Pwn2Own hacking contest next week.

A March Patch Tuesday pre-alert, published on Thursday, reveals that Redmond will be issuing three security bulletins next week, one of which affects a critical flaw in Windows and none of which relates to IE. The critical update affects Windows XP, Vista and Windows 7 while the two lesser risk ("important") bulletins cover a separate flaw in Windows and an update for the Office Groove 2007 software.

Here is some further commentary about it:

IE will not be fully patched in time for Pwn2Own next week. Let’s see. Hundreds of millions of PCs run IE and all the malware artists in the world will have IE’s downfall demonstrated in public… It boggles my mind that people run that software and M$ cares so little about the security of a necessarily-networked application.

Moving on to phones, nobody can get past the amazement at the NoWin deal (Nokia-Windows) [1, 2, 3, 4, 5], which made no sense for Nokia. None whatsoever. Someone whom I know at BT (a manager) called it "100% corrupt" and was surprised that it was allowed to get past regulators. Anyway, as one of our readers pointed out a couple of days ago:

Confirmation of Nokia's role comes from PJ's examination of Nokia's SEC filing. She quotes the relevant parts in her news picks.

- Definitive agreements with Microsoft for the proposed partnership may not be entered into in a timely manner, or at all, or on terms beneficial to us. - New sources of revenue expected to be generated from the Microsoft partnership, such as increased monetization opportunities for us in services and intellectual property rights, may not materialize as expected, or at all. [PJ: So, they haven't signed on the dotted line yet, this is saying. And I gather they hope to sue people or threaten to do so to get royalties on patents. Blech. Can't Microsoft ever do anything *not* evil?] - Nokia's Form 20F, SEC

I think she hit the nail on the head. We can conclude that all of the damage to Nokia is real but Microsoft's promises are vapor. Perhaps there is resistance in the company beyond the thousands of engineers who walked off the job in protest.

It's not entirely shocking because we predicated this and Elop has made comments which insinuated this right after signing the deal with Microsoft, in which he had a lot of his money invested at the time. Microsoft and its minions are also grooming Android (and MeeGo) for lawsuits/extortion, meaning that Microsoft will try to get a share of the profits, if not by extortion, then by lawsuits that speed up the act of surrendering. Microsoft is more like a racketeering operation and with Elop it got Nokia joining its mob army. Microsoft MVP de Icaza is promoting the MonoDroid poison pill [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] while a fellow Mono/.NET booster from Seattle (near Microsoft) stirs the broth: "The signed Honeycomb update from Moto/Google contains libmono.so and libunity.so. @migueldeicaza @unity3d" [thanks to G. Forbes for the headsup]

Watch out, Android. Companies like Acer and Motorola are not paying Microsoft for Android and Microsoft would love to change that. Microsoft's own mobile platform is a massive failure given the massive advertising budget and the bad patches which brick phones that run Vista Phony 7 are just a sign of this. Well, the spin came shortly afterwards (blaming the connection because, of course, Microsoft would love people to believe that updates should not necessarily be resilient in case of intermittent mobile connectivity, which is common by the way) and it didn't take long before phones 'blew' or got bricked again. How typical:

"Microsoft blows Windows Phone update, again

[...]

Samsung users who held off updating after hearing about the problems last time are being told to hold off again as the fixed fix isn't really fixed at all.

This time it seems that owners of the Samsung Omnia 7 are OK as long as they've got 4GB of memory free, but any less than that and the updating process chokes with an error numbered "800705B4", but at least no one is reporting bricked handsets this time.

At OpenBytes, Tim opines: "Of course non of this comes as any surprise to me and what really beggars belief is that after WinMob, Kin, Zune and a whole host of luke warm products (and that’s being nice) there are a few people still parting with cash for “Windows” products. Take the time to look at the Windows Phone 7 twitter account and read the plethora of problems being reported to them. Issues with Windows Phone 7 don’t seem limited to Samsung phones and the latest update, there’s a multitude of other issues presented to them aswell."

Security at Microsoft is pants.

Mobile at Microsoft is pants.

Put the two together and it's wet socks.

Not to worry though. The MSBBC has come up with propaganda which daemonises Android security for no apparent reason. The BBC Android FUD was covered here just before I moved to the new house (and no, this site is not "dead" as some people who mailed me started thinking). Basically, after I wrote that post about MSBBC's Android FUD Glyn Moody did an article about it and there was a long discussion in Twitter/Identi.ca, including stuff like this (with others agreeing by chiming in):

@schestowitz I fail to see how BBC is writing for Microsoft. The exploit shows !Android market needs polishing and better security measures.

That's not quite it, but Microsoft's shameless booster Peter Bright saw it as an opportunity to spread FUD, stepping outside his "Microsoft Contributor" role at Ars. Moody says that the "#BBC [is] quick to fault #android & #openness - http://bbc.in/dLjLUz yet practically never names #windows in years of malware (v @schestowitz)"

One response says: "@glynmoody @schestowitz A big exaggerated. Check http://bbc.in/dXfNky #BBC #android #security"

Moody replies as follows: "@bortzmeyer @schestowitz not at all exaggerated. check this: http://bbc.in/hKmJuT *far more* stories that don't mention #Windows at all"

And then: "@glynmoody @bortzmeyer @schestowitz just a little more of this logic and you'll be able to show that Windows is under 5% market share"

From Moody again: "@pbeyssac @bortzmeyer @schestowitz certainly seems to be what the BBC is suggesting...so small it's not worth mentioning..."

Here is Moody's original piece which started a lot of this powwow. It starts as follows:

In fact, I have several - including the fact that I really want it to be the best broadcasting organisation in the world, as it once was. But my other bee/Beeb is that its journalistic standards in the few areas where I can claim some knowledge are pretty woeful.

This is seen nowhere more clearly than in its coverage of malware.

To read the reports on the BBC website (I don't watch UK television, so I've no idea what happens there, but suspect it's just as bad), you'd think that malware were some universal affliction, an unavoidable ill like death and taxes. Rarely does the BBC trouble its readers' pretty little heads with the tiresome fact that the overwhelming majority of viruses and trojans affect one operating system, and one operating system only: Microsoft Windows.

To see this, try the following experiment. Search on the BBC news site for "microsoft windows virus" or "microsoft windows trojan" or "microsoft windows malware", and you'll get a few dozen hits, not all of which refer to Microsoft malware.

But try the same searches without the words "microsoft windows", and you will get many more hits every year (try "computer malware", for example), very few of which mention that such malware is almost exclusively for Microsoft's platform.

That sin of omission has now been matched by an equally telling sin of commission. For hot on the heels of the first serious Android viruses, we have a report on BBC news spelling out the terrible facts

And again we come to Microsoft apologism such as this one which says: "@schestowitz Android's security model is about equal to Windows Vista. S60 has a better model. Why the double standard?"

To rebut this quickly, the Android FUD was about cases where the user installs -- willingly -- malicious software. In the case of Windows, intervention from the user is rarely required; in some case, just visiting a page is a problem and a risk; why? ActiveX for starters. It's a Windows issue, not an "Internet issue"; the very serious omissions in the corporate press are partly to blame for it all "and still no mention of the taboo "W" word..." wrote Moody regarding this new example. It's like calling Toyota's brake issue just a "car braking issue". Imagine the outcry that sort of talking point would cause. ⬆