Posted on 11/26/2012 11:13:00 AM PST by ShadowAce
Google has done a poor job with Android....RE : Secutiry.
Maybe Microsoft with there phone and tablet systems will do something good regarding security....we will see.
Some types of software such as crypto systems shouldn't be even considered by professionals because the devil of such things is in small niggling details that needs lots of eyes to locate potential vulnerabilities.
Security needs to be designed in from the ground up, and then implemented correctly in order to work. I am constantly amazed at how poorly even large companies that should know better implement security. Here's a great example. Cicso makes a VPN client for windows. Many companies deploy it with a group-level password set that isn't disclosed to the users so they can't set it up themselves on non-company approved devices. Unfortunately, the configuration file contains a 'encrypted' copy of the password. The 'crypto' used for this purpose is so laughably weak that a python script can break it trivially in so little time, that there is not a noticeable delay. Granted, their stupidity made my life easier, but it is criminally dumb IMO for them to actually depend upon such stuff.
Anyone relying on hardware and software for a living that doesn’t have a business continuity plan to include extra copies of said software is a cheap idiot. I have been using Microsoft software for over 30 years without the problems described in this article. Not a hitch.
While technically true, reality must somehow be taken into account: There is a reason why all the big iron runs on 'nix. And if there is anything that hackers would love to hack, it is that big iron. There's your 'credz'. Not being some script kiddie whackin' at Android. And by-and-large, that simply doesn't happen.
I am not conversant with Android, as I am still fighting vainly against moving into the handheld world. But I can guarantee that it is not the underlying 'nix that is at fault. In order to control a 'nix box, one must gain root - and left to it's native design, that is next to impossible from afar (it really IS impossible, but like a scientist, one has to leave room for an impossibility to be possible).
If root is gained on Android, I can nearly guarantee it is something Google has done in it's interface, or in it's config.
That it persists would suggest to me that whatever is wrong is not in an OSS part of the OS, or it would have been found out almost immediately and corrected - as the OSS community's record on such things plainly evidences... IOW, the culprit is probably a closed-source addition.
But then again, that is just my opinion on the general matter - I don't know Android at all. Even so, any OS has a loooong way to go to catch up to what, 3/4 of a million virii that have exploited MS...
That isn't because MS is popular - It is because it is inherently exploitable and promiscuous by nature... Else that big iron, which has always been Linux or some brand of Unix, and precedes Windows by a decade would have comparable numbers. How many nix virii have ever been? But a handful, by any comparison. A negligible amount.
But that being said, I am not defending 'nix - I am speaking to the greater OSS community... including application level software too. Even on my Windows boxes, I tend toward OSS software. Especially on Win boxen because they tend to be portable and avoid the registry. They also tend to be quicker at their function, less intrusive, more intuitive, and more precise in function... not to mention weight.
The upshot tends to be that a programmer doing OSS is not doing it for $$, but for love of programming and a peculiar dedication to whatever function the software performs. it is an art to him. A labor of love. And that, FRiend, is hard to find in the chunked and formed production of for-money software by it's very nature.
That doesn't preclude a certain amount of eccentricity however (GIMP springs immediately to mind). but even that eccentricity becomes a beautiful thing, once one learns to expect it at times. GIMP, a tool like photoshop, is one of my very favorite apps, but it took me years of intimate use to understand it well, and I still freely admit I don't understand it fully. By now though, it's eclectic nature is almost as endearing as it's function... And I would hate it if it changed.
Oh I didn’t know you were talking about systems being used by idiot end-users who download whatever, the ultimate security hole.
A plain vanilla install of Red Hat Linux does not default to a high secure configuration. That covers the usage model for a lot of non-idiot computer users who are not themselves experts, but simply people who use computers to do their actual work. Not everyone can or should have to be a computer expert. Some people have a business to run and just need to computer to work.
here are some facts to jugle in your computer religion wars
http://www.microsoft.com/hk/windowsserver/compare/reports.mspx
http://www.microsoft.com/hk/windowsserver/compare/linux/server-security.mspx
Find something from a source that is at least *apparently* unbiased.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.