11.28.11
Android/Linux Not a Security Concern, Windows Definitely and Demonstrably Remains #1 Target
Photo by Joi Ito
Summary: Why the weakest link is Microsoft Windows (which therefore should not be used for storing sensitive information), whereas Android is just the target of a lot of FUD this month
TECHRIGHTS targets and addresses FUD, but sometimes the FUD is already sufficiently debunked by others, so a citation would do. There is some new FUD about Android and we put many links about it in our daily summaries, notably those which cite Chris DiBona.
Matt Asay says: “In the case of Android, which is apparently a malware-maker’s dream, Google’s open-source programs manager Chris DiBona has already gone on the defensive, arguing: “Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS.””
The short story is (for those who missed it), rogue applications that the users themselves have to foolishly install can do bad things. Surprise, surprise. These are not viruses, not even when the BBC uses this lie. If people want programs that spy on them and occasionally ask for more money, they can install Windows. Heck, many OEMs already install this malware whether the user wants it or not, due to secret bundling agreements.
In other headlines we find reports of Windows allowing intrusion into NASDAQ: [via “FBI Blames NASDAQ Hack on UnPatched Windows, Bad Firewalls”]
Forensic investigators found some PCs and servers with out-of-date software and uninstalled security patches, Reuters reported, including Microsoft Windows Server 2003. The stock exchange had also incorrectly configured some of its firewalls.
Microsoft ‘quality’ at work. Here is a warning about putting Microsoft in charge of people’s medical records (where leakage can have devastating effects on the public). Mr. Pogson has this to say:
In an attempt to persuade Australia to allow Australian government documents to be stored off-shore, M$, in a discussion paper wrote, “Any company with a presence in the United States of America (not just those with headquarters or subsidiaries in that country) may be legally required to respond to a valid demand from the United States Government for information the company retains custody over or controls, regardless of where the data is stored or the existence of any conflicting obligations under the laws of the country where the data is located”.
Only a few days ago we explained why governments should not do business with Microsoft (and other proprietary software vendors for that matter). █
Will said,
November 28, 2011 at 9:45 am
I can easily believe Asay about the anti-virus vendors (and those that sell their products).
I know a small computer shop that used to primarily a Windows PC retailer up until Vista, when public reaction forced them to switch over to being about 90% Mac shop to stay afloat. They’ve been almost a pure Mac shop ever since.
They happen to also sell anti-virus products for OSX. Privately, and off the record, every employee there knows that Norton for OSX is a joke and a scam. Publicly, they’ll push anti-virus for Mac on every customer that comes in the door. Since almost all of their Mac customers are people switching from Windows that can’t fathom the concept of a computer that’s intrinsically safe from viruses, it works more often than not.
Dr. Roy Schestowitz Reply:
November 28th, 2011 at 9:51 am
So Norton is the Chopra is computing and “anti-virus” turns out to be more like homoeopathy.
Dr. Roy Schestowitz Reply:
November 28th, 2011 at 9:51 am
s/is computing/of computing/
mcinsand Reply:
November 28th, 2011 at 11:28 am
If I had to use a Windows PC at home (no choice at work), choosing between installing Norton or running with no virus protection would be tough; in my experience, the headaches that Norton brings are not much better than the viruses.
A few years ago, a neighbor had a problem installing a DVD drive, and he asked me to take a look. After several hours’ frustration, we were just going to do a clean install. I took the hard drive home to back up his data, and ClamAV found four viruses that his updated Norton missed. After delousing, the hard drive went back in and the DVD drive installed flawlessly.
One more thing, and I don’t know if it’s true or still true. Our IT at work used to warn us against using Norton at home. Their information was that Norton is used as a QC method for significant fraction of the virus-writing community; if a virus can get past Norton, then it’s ready to fling out into the world (their philosophy, not mine).
Michael said,
November 28, 2011 at 1:48 pm
Google says Android malware is not a concern.
Whew. I am relieved.
twitter said,
December 1, 2011 at 3:18 pm
There are now some accusations of preinstalled malware.
http://franken.senate.gov/files/letter/111201_Letter_to_CarrierIQ.pdf
That would be a carrier and non free software problem, not an Android problem. The good Senator should have a look at the wonderful world of Windows one day.
Michael Reply:
December 1st, 2011 at 3:28 pm
This is a problem on, if you believe the reports, most Android devices.
There are also some reports of it being on iOS at the insistence of the carriers (I believe) but it is set to *not* phone home unless set in a mode to do so – with user permission.
Any company who is putting this on phones and having it phone home without permission should face steep fines – including Apple, of course, if they are doing so. Shame on any company who allows this.
twitter Reply:
December 1st, 2011 at 3:48 pm
I believe it’s a problem, thanks, but I can also smell an organized FUD campaign when I see it. Just a few months ago, Google caught Microsoft spying on ordinary home users and offered screen shots to prove it. Microsoft’s EULA has long demanded the ability to read and delete user files at will and non free software always been this way. So what’s an abusive monopolist to do about a more open rival? Mirror troll them. Microsoft has nothing to lose by destroying the cell phone market and everything to gain telling people that Android and Google are evil because third parties have bugged user phones.
The only good thing that can come of this is that people recognize that software freedom is the only way to fight malware. iOS, OSX, and all versions of Windows are even more bugged than Android is. Non free software can not be verified and should never be trusted. Wikileaks has started to weigh in on the issue of known government spying through non free software backdoors. The issue is explosive because people have died when tech companies betrayed them to dictators and all of us have been sold to companies that seek to exploit us.
http://www.huffingtonpost.co.uk/2011/12/01/wikileaks-security-spyfiles-surveillance-spying-bugs-_n_1122983.html?ref=uk
Michael Reply:
December 1st, 2011 at 4:04 pm
You are excusing Android devices (and others – it is not just Android) because Microsoft has also done things which are wrong.
That is silly. The whole idea of this being some grand conspiracy by Microsoft and their “boosters”, as Roy calls anyone who disagrees with him, is borderline paranoid.
If Android devices (and others) are doing as has been reported it is wrong. Those whom have does this should be punished.
Not sure why this would even be open to debate – esp. from people who claim to be against such stuff.
The fact is Google’s income comes from collecting data on people so they can target ads. I am not saying Google is behind this particular episode of tracking user data, but tracking such data is what Google *must* do to be profitable. It is more likely they are behind it than MS is (which is not to say either is). But do not think for a second that Google is not doing a whole heck of a lot to track users – it has more incentive to do so than any other company.
twitter Reply:
December 2nd, 2011 at 4:32 pm
I’m not excusing anyone, I’m trying to give credit where it belongs. Windows itself is spyware and malware. Android itself is free software. That carriers have added nasty things to Android, if that’s what happened, would a carrier problem. It would be nice if you had some kind of proof of what you say about Google, but it’s obvious that you are just here to say nasty things about Roy, free software, Google and everything that’s not Microsoft.
Michael Reply:
December 2nd, 2011 at 7:15 pm
It has had it included as well… though to say it is by itself is a bit silly. Or are you counting the fact that it, like so much other software, needs to be registered.
Has anyone said otherwise?
What have I said about Google that you think is in question? That they make their income from targeted ads? Is this something you are not aware of? That to target ads you have to collect data on people? What is it you are questioning?
As far as my saying nasty things about free software, that is just silly (though I prefer the term “open source”). I use and advocate open source software: my websites are all hosted on Linux because it is the best choice, I use WebKit and Gecko based browsers because they serve my needs best, I use an open source FTP client and I use VLC; I use GIMP for working with favicons because it does so well, I suggest LibreOffice for those I think it will work well for – heck, I even suggest desktop Linux (generally Mint these days) to those people for whom I think it is the best choice. So your claim that I am against open source is just flat out wrong. Same thing with any claim that I am against Google: sure, they do “bad” things, just as Apple does – but both companies are innovative and understand the importance of user experience. Heck, look at the default Google home page compared to, say, the Yahoo page. Google gets it!
What I am against is false “advocacy” – lying about the competition to make Linux and OSS look better. It is this form of false “advocacy” that Roy and his ilk engage in – and it bothers me how it hurts the open source movement. I am against Roy working to hurt open source under the guise of trying to help it. At least with Microsoft and others who work against open source they are open about their wanting people to use a different solution – Roy is “closed” – he does not admit to his biases (though he also does not hide them well). But even with Roy you can find examples where I have sided with him when he is not practicing his false “advocacy”. Heck, just yesterday I congratulated him on dropping his unsupported claim that Apple had falsified data it presented to a court. This is a step in the right direction for him and evidence that he is learning, even if he will never acknowledge it. That is fine: if I can help him back away from his behavior that hurts the open source movement I am not concerned about him giving me credit.