Print 33 comment(s) - last by bety.. on Aug 26 at 7:24 AM

  (Source: Rockstar Games)

Android is the most attack platform currently on the market. There are currently no known malware in the wild that target stock iOS devices.  (Source: McAfee)
In related news, Russian phone is exposed by Russian police as being behind the MacDefender trojan

Apple, Inc. (AAPL) may be losing the smart phone sales race to Google Inc. (GOOG), but it's winning one important front in the war, at least -- malware.

I. Apple is the Winner When it Comes to Smart Phone Security

While many Apple hackers have suggested the iPhone to be quite hackable, and even exposed some major security flaws  [1][2] (subsequently patched), thus far there are no known pieces of malware in the wild which target users of stock iPhones.  There are only four known pieces of malware, according to Intel Corp. (INTC) unit McAfee, all of which exclusively target jailbroken iPhones [1][2].

Meanwhile, Android has seen malware rise by 76 percent over the last year.  There's now 44 known pieces of malware that target standard versions of Android.  Recently the first Android botnets have appeared prompting U.S. carrier AT&T, Inc. (T) to roll out free protection to its subscribers.  Botnets are networks of infected computers typically used to send spam or execute distributed denial of service attacks.

Other common pieces of malware include what McAfee calls "crimeware", malware which disguises itself as seemingly legitimate apps -- often repackaged versions of best-selling apps.  The apps often contain code to send premium-rate text messages.  Recent reports have put the infection rates for this kind of malware at as high as 260,000 phones earlier this year.

Similar attacks have targeted Finnish phonemaker Nokia Oyj.'s (HEL:NOK1V) Symbian platform and Research in Motion's (TSE:RIM) Blackberry's, though McAffee says the number of those malicious apps are smaller.

McAfee claims the second most infected platform is the multi-device Java ME platform, acquired and maintained by Oracle Corp. (ORCL) after its acquisition of Sun Microsystems.

The reason for Apple's superior security is the topic of much heated debate.  While Android's sales volume may make it the most tempting target, the iPhone is still posting a large sales, so you would expect it also to be targeted by criminals.

Possible factors affecting Apple's security include its stricter monitoring of its app store.  While Apple has been much-criticized for being too heavy-handed, Google's laissez-faire approach has lead the OS-maker to struggle to maintain a secure marketplace.  Another possible factor includes the fact that Google still sells many handsets with outdated version of Android, like Android 1.5 or 2.1 -- versions which may be more vulnerable to exploitation.

The full McAfee report can be found here, on Scribd.

II. (MacDefender == Dead)?

In related news, Apple received more pleasant news recently on the security front.  The news concerned MacDefender, a fake antivirus trojan, which infected as many as one in every twenty Mac computers in June.

Following a raid and arrest of suspected Russian spam kingpin Pavel Vrublevsky (who ironically worked for the Russian government as an anti-spam chief), MacDefender variants are drying up in the wild.

For a while Apple was struggling to keep up with the volume of new variants.  Russian police found evidence on the computers of Mr. Vrulevsky's online payment firm Chronopay linking it to paying Russian hackers to create new version of MacDefender.

With Mr. Vrublevsky's imprisonment the virus seems to be on its last legs, suggesting the Russian was a major mastermind behind the wildly successful Mac attack.

Mr. Vrublevsky was originally exposed by Brian Krebs of The Washington Post.  Following our piece on the topic we received the following email from Chronopay:
Dear Brandon,
Let me introduce myself.
My name is Lidia Golikova, I am communications director in Chronopay
company. I am writing You as Ethics representative of DailyTech concerning
the article writing by Jason Mick Russian government is investigating
the incident
We would be very appreciate, if you could remove this article from your
site, because it is doubtful and discredited our company.
Moreover this article was published early - a half a year ago - in another
web site. Here it is link
You could guess why one person writes the similar articles on one
subject in different media.
Speaking about - it is small web site for very
short professional audience that is why we did not contact with them. But
DailyTech is respectful leading online magazine for a well-educated
audience. Much people read you and hear your opinion. That is why to our
opinion it is very important that correct information will be publish in
your magazine.
opinion it is very important that correct information will be publish in
your magazine.
I hope for understanding and cooperation,
Best regards,
Lidia Golikova
Apparently we were justified in standing behind the piece.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Yeah well...
By FDisk City on 8/24/2011 1:34:18 PM , Rating: 4
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

RE: Yeah well...
By SiliconJon on 8/24/2011 1:37:16 PM , Rating: 2
And the irony here may well be that Google isn't offering more liberty, and in fact more "security" by having backdoors for our security agencies to gain easy access, which of course black hats can also find.

Or maybe liberty vs. security has nothing to do with it and there's some more technical failure happening with Android.

RE: Yeah well...
By CCRATA on 8/24/2011 1:47:10 PM , Rating: 3
Except Google IS offering more liberty. If you enjoy using your phone in a padded room go with apple, because thats all they want you to do with it. Use it there way or no way. Google lets you do whatever you want with your phone, and that does mean if you aren't careful you can mess it up, but thats true of any computer system that takes user input. I know my 2 year old android phone runs the latest version of android without issues. My wifes 1.5 year old Iphone crashes regularly and gets slower with every "update" apple pushes out.

RE: Yeah well...
By Wiggy Mcshades on 8/24/11, Rating: 0
RE: Yeah well...
By SkullOne on 8/24/2011 2:30:55 PM , Rating: 3
That's not Google's nor Android's fault. That's AT&T stopping the sideloading. Go complain to them. No other carrier prevents sideloading.

RE: Yeah well...
By nafhan on 8/24/2011 2:18:35 PM , Rating: 2
In the sense that "liberty" means you can do what you want with your device, you've pretty clearly got more "liberty" with Android. The downside of that is pretty obvious, though: give people freedom and pretty quickly you'll see people doing something bad with it.

RE: Yeah well...
By Mitch101 on 8/24/2011 6:47:31 PM , Rating: 2
Get ready for a major fallout

Steve Jobs Resigns as CEO of Apple

RE: Yeah well...
By nafhan on 8/24/2011 7:24:03 PM , Rating: 2
Just saw that... crazy

RE: Yeah well...
By Autisticgramma on 8/24/2011 4:58:21 PM , Rating: 2
Anyone else remember the last 'HUGE!!1!' Walled Garden?

It was called America Online, and yes it was for PC's.

iOS as it is now, is Phone AOL.

Android is like MSN (butterfly anyone?) trying to compete with AOL, when really they should competing with just a straight internet connection.

What android is: an attempt to get away from the insanity by proving you can make money with out, issuing special passes that prove you're part of the in crowd.

And before every Job$ fan boi has a stroke, remember 'Everyone' had AOL once too.

So yea a minimum know how, on your part isn't, the fault of the OS writers. Turn off your damn blue tooth, read a few ratings. Learn about the pros/cons/risks of your device and the software you install on it.

RE: Yeah well...
By Tony Swash on 8/24/11, Rating: -1
RE: Yeah well...
By nafhan on 8/24/2011 2:38:39 PM , Rating: 2
I do think the quote from the parent post is a little overly dramatic for a discussion of cell phone OS's... However, I have to say I can install applications that aren't approved by the creator of the OS, the device manufacturer, or my cell carrier; and I like it that way!

I disagree that the liberty has no meaning, I think it's actually pretty reasonable to expect that the "normal" user will come across at least one instance over the useful lifetime of a phone where installing a non appstore/market app would be useful. For example, there were a number of people who were pretty annoyed when the Google voice app got denied from the app store.

RE: Yeah well...
By FDisk City on 8/24/2011 4:39:17 PM , Rating: 2
The Ben Franklin quote was meant to be humorous but also to make the same point which you just described.

I know. I know. Smartphone discussion is serious business.

RE: Yeah well...
By The Raven on 8/25/2011 3:04:40 PM , Rating: 1
Not only that, but isn't anyone going to point out that iOS is only found on iProducts? And on certain carriers by design? How is that for liberty?

People like Tony are the reason we need antitrust law that protects ignorant people from themselves.

Sorry Tony, I don't mean that to sound like you are completely ignorant.

RE: Yeah well...
By sweatshopking on 8/24/2011 6:23:43 PM , Rating: 2
remember when franklin said that, and had a point? i'm so tired of seeing that quote thrown around on the internet.

RE: Yeah well...
By icanhascpu on 8/24/2011 10:33:42 PM , Rating: 1
Oh look!
Someone said something that doesn't really apply here and without crediting the author, but it sounds cool. Upvote!

RE: Yeah well...
By bety on 8/25/2011 8:18:45 AM , Rating: 1
Thanks goodness you and sweatshopking are demonstrating that their are at least a few people with some intellectual capacity! The quote doesn't apply at all...even in a general sense. Nobody FORCES you to buy an iphone. You PAY to participate, its UP TO YOU. You're not giving up your freedom, on the contrary, you're exercising it, by deciding which pros and cons you prefer in a phone.

RE: Yeah well...
By invidious on 8/25/2011 9:47:59 AM , Rating: 1
Does your brain actually not understand how language works are you are just that worked up that you can't concentrate on what you are typing? In any event, I am happy to have someone like you on the opposing side of any argument.

And the quote its pretty generic so it does apply. Any freedom that you give up is gone for sure. And whataver security you attempted to buy it not garunteed. It may make you warm and fuzzy to think that someone else is protecting you and that nothing can go wrong, but that doesn't make it true. Putting your fate into the hands of others leaves you at their mercy and is arguably one of the least safe things you can do. You are wagering your safety on their reputation and good will. And the idea that a corporation is going to put your interests ahead of those of their stockholders shows a great deal of ignorance and niavity.
So is it overdramatic for a cell phone OS? Sure. But it is applicable? Yes it is.

RE: Yeah well...
By bety on 8/26/2011 7:24:27 AM , Rating: 2
After so many years on the net, it's still shocking to see such limited mental capacity.

No, "any freedom that you give up" is not "gone for sure". (fo sho!! LOL). Actually, the freedom you give up in Apple's system is in fact, easily regained (ie. buy a different product).

Your rhetoric about putting your "fate into the hands of others" is meaningless. We all put our fate into the hands of others daily. In fact, modern society is completely dependent on this, on just about every level. The risks of doing so vary greatly.

It was NOT a "generic" statement. Franklin was referring to GOVERNMENT, not FREE MARKET CHOICE. Unreal.

Not suprising
By masamasa on 8/24/11, Rating: 0
RE: Not suprising
By adiposity on 8/24/2011 2:27:49 PM , Rating: 2
Apple wasn't targeted with viruses and malware in the past much because it wasn't popular. Android is stealing the market and people go where the numbers are, including those that are unwanted. As for security, they will likely be in the same boat as Microsoft due to popularity and sheer number of users.

Considering the size of the iOS market compared to the Android market, I'd say you are using a poor analogy.

38% vs 33% is not Mac vs. PC numbers. And, if you include iPads and iPods, the numbers roughly double for iOS. So, marketshare is not the reason, here...

RE: Not suprising
By Solandri on 8/24/2011 4:04:32 PM , Rating: 2
Smarthones are always on, and almost always on the Internet. IPods and ipads are only occasionally on, and even less frequently connected to the Internet. They are worth considerably less to a malware writer than a smartphone. If you're going to open up the comparison to all devices regardless of Internet explosure, the #1 operating system is probably VxWorks (it runs on most non-smartphones, as well as gobs of other embedded devices).

That said, I don't see a problem with Apple's walled garden approach. It is not for me, and I do not own Apple products because of it. But I can see the approach having value to others. For example, if I got a smartphone for my dad (unlikely because he probably would never use most of the functionality, but bear with me), I would probably prefer Apple's walled garden approach for him. In the end, there's more than enough room for both approaches in the market.

As for Android's openness not being apparent to the normal user, that's simply not true. With Android, you just change a single system config (trust unknown sources) and you can download and install apps from any website. You can type in a URL or scan a QR code to download an app onto your Android device. With iOS, you are limited to Apple's App Store, and only the App Store.

RE: Not suprising
By Tony Swash on 8/24/2011 2:31:50 PM , Rating: 2
Apple wasn't targeted with viruses and malware in the past much because it wasn't popular. Android is stealing the market and people go where the numbers are, including those that are unwanted. As for security, they will likely be in the same boat as Microsoft due to popularity and sheer number of users.

That's so asinine I don't know where to start. There are more iOS devices in circulation than Android devices. Apple has a policy of vetting apps before they are distributed, this includes checks for malware. Androids apps are not vetted before they are distributed, hence the malware. I was going to say it's not rocket science but for you I fear it might be.

RE: Not suprising
By nafhan on 8/24/2011 3:05:41 PM , Rating: 2
Agreed. Security isn't just a numbers game. Software design and ecosystem play a huge part in it. With iOS, I think Apple's done the best job of any consumer oriented software environment in regards to security.

As far as Android malware goes... given the openness of the system I think they've actually done fairly well with security.

RE: Not suprising
By kleinma on 8/24/2011 5:23:35 PM , Rating: 2
Apple has a policy of vetting apps before they are distributed, this includes checks for malware

You forgot the part where it also includes them checking it to see if it competes with some app or service of theirs and therefor won't be allowed, or if its some good idea they haven't though of yet, in which case it won't be allowed, but apple will have their own version available shortly after. ;)

RE: Not suprising
By The Raven on 8/25/2011 4:24:26 PM , Rating: 2
QFT. Plus iPhone owners are generally easier targets because they are easily fooled.

If I wanted to affect more people with a trojan I would target iOS. Kudos to Apple!

RE: Not suprising
By ekv on 8/24/2011 2:32:30 PM , Rating: 2
because it wasn't popular
But now it is. I am no Apple fanboi, but to say otherwise is to ignore reality [not to mention, incur the "wrath" of one T. Swash].
people go where the numbers are
The linked McAfee article discusses that angle. It's an easy read....

Apple's business model lends itself to stricter security. From a developers standpoint, the contracts and level of control are overbearing. From a users perspective the phone "just works." [uhuh, sure].

Google has taken a few measures in order to tighten security, though even that was unpopular with developers. To-date, measures taken have to be seen as ineffective.

Microsoft could be in the sweet spot here, but then their popularity (and hence number of users) is just not there (yet).

RE: Not suprising
By TakinYourPoints on 8/24/2011 4:17:46 PM , Rating: 2
The mental gymnastics I see from some people here are frigging hysterical

Android = malware, iOS = iTunes hacking
By ack on 8/24/2011 3:13:47 PM , Rating: 5
For Android, malware is the easier attack vector. For iOS, it's easier to hack iTunes accounts than go through Apple's approval process.

AFAIK, Apple has so far had no success stopping iTunes hacking. Don't get lulled into a false sense of security.

Should hire Lidia
By Lord 666 on 8/24/2011 1:36:54 PM , Rating: 2
Compared to DT's Shane, Lidia is at least on par with English grammar and sentence structure.

RE: Should hire Lidia
By Natch on 8/24/2011 2:16:08 PM , Rating: 2
Plus, if you hire her, she won't send Sergei and Boris over to "convince" you to pull/correct the article!

RE: Should hire Lidia
By AssBall on 8/24/11, Rating: -1
I hate to be this guy...
By B-Unit on 8/24/2011 2:33:48 PM , Rating: 3
Another possible factor includes the fact that Google still sells many handsets with outdated version of Android, like Android 1.5 or 2.1 -- versions which may be more vulnerable to exploitation.

But Google doesn't sell any handsets (Unless Nexus devices count) The blame lays at the feet of handset manufacturers, not Google.

Ill leave these here.
By Mitch101 on 8/24/2011 1:42:13 PM , Rating: 2
iPhone firmware 1.1.3 prep

"Folks that want porn can buy an Android phone." -- Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki