Smartphones

Windows Phone won't make the Android boo-boo better

Microsoft is offering Windows Phone handsets to Android malware victims. Find out why Donovan Colbert thinks the problem is the people, not the platform.

In a recent post, Windows IT Pro Paul Thurrott claimed that Microsoft is offering free Windows Phone handsets to Android maiware victims.

What sweet irony that the most successful Linux derivative OS platform in history is facing criticism from Windows advocates for being a magnet for malware and viruses. Certainly, the Java Dalvik VM abstraction is what allows the malware to operate --- it isn't an exploit of the Linux kernel itself -- but personally, I think that is just splitting hairs. The end result is still that a consumer-oriented, commercially-successful Linux derived fork is getting as much press for malware and virus trouble as Microsoft suffered at the peak of their security woes.

When I reviewed the HTC Trophy Windows Phone 7 for Verizon, I mentioned that one of my co-workers was so interested in the device that he decided to get one. I recently asked him what he thought of it, and his response revealed why a comparison between the Android and the Windows Phone platforms right now isn't exactly apples to apples.

Paul's story asserted that this week alone, "Google removed 22 malware apps from its Android Marketplace."

But according to my co-worker, the number one disappointment he has with Windows Phone is that there still aren't very many apps in the market to begin with. In fact, the most recent article I can find claims that Windows Phone Market only has 45,000 apps.

Everyone knows my position -- it isn't the number of apps you have, it's about having the right apps. From the perspective of protecting your market, vetted or not, it's much easier to manager 45,000 apps than the 250,000+ in the Android Market or the 350,000+ apps in the Apple Store. This is like an airline that's only flown 100,000 miles without a crash criticizing a competitor who's flown millions of miles with an isolated accident or two.

Another thing that seems to go under-reported among tech writers concerning Android security flaws is that the majority of these issues exist in applications targeted at overseas users. Paul failed to note that the most recent group of apps that were pulled only exposed European users to fraudulent activity. Eastern European and the Pacific Rim appear to be hotbeds of Android malware, but these stories are often reported as if they are immediate domestic threats to users in the United States.

Personally, I've been using Android since day one of the original Verizon Droid release. I've downloaded and side-loaded countless apps and transferred my account across multiple Android devices, most of which were rooted and placed in developer mode. I haven't been particularly careful, and I find that many of the software solutions designed to protect Android users from threats are a cure that's potentially worse than the disease (this is traditionally a liability of virus protection and anti-malware software).

I know quite a few people with Android devices, and none of us have ever hit by any kind of rogue application that leaked personal information (other than the ones put on the device intentionally by the carriers and the handset manufacturers -- and I don't trust HTC to be any better about that on their Windows Phones). However, like most users, we stick to the same solid core of well-known and highly popular apps instead of installing obscure, gimmicky app packages.

If I had to hazard a guess, the Android users who are getting hit by malware are the same kind of people who follow links in e-mail, download free inspirational pointers and backgrounds, and click on banner ads that proclaim they've won a free iPad 2 as the 10,000,000th visitor to the torrent web site. In other words, the real problem is the people, not the platform -- and Windows Phone handsets aren't going to make them any smarter.

The freedoms of the Android ecosystem are pretty great, particularly when held side-by-side to either the iOS or WP7 platforms -- but we all know that they come with more personal responsibility and risk. The ability to do more comes with the requirement to know more about what you are doing. Personally, I think the risk is generally well worth the reward.

What about you? Have you experienced Android malware issues first hand? If so, were you just minding your own business when you were innocently the victim of a stealth malware attack -- or were you in a part of the Android Market where you knew you might be rolling the dice and taking your chances when you got hit? Please share you comments in the discussion thread below.

About

Donovan Colbert has over 16 years of experience in the IT Industry. He's worked in help-desk, enterprise software support, systems administration and engineering, IT management, and is a regular contributor for TechRepublic. Currently, his profession...

35 comments
Kittyvamp1884
Kittyvamp1884

you are 100% correct on this one... I worked Tier 3 Data Support for T-Mobile for years... you would not believe what people do and expect with these phones... People are definitely the problem... They never want to do maintenance, quoting how much they paid for the phone and saying they should not HAVE to do it... they don't take even the most basic precautions when surfing the web on there computer let alone their phones... and they think they don't need to... The "UAC at install" approach is only insecure to the idiots that go into the market with the "ooh pretty shiny" approach anyone with a brain should be able to say no when there flashlight app wants access to the internet, contacts, or system files... the problem really is the users... and a lot of the problem could be fixed by educating customers at point of sale... most of the users that I had spoken to since the launch of android were not told it was something that needed to be done... by letting them know ahead of time what they need to do and look out for you will be "educating" rather the "reacting" and in the technological world we live in... education of the end user is really the only intelligent choice... - and just a side note... YouTube is a hotbed of people showing others who don't know, how to do things they shouldn't be doing... a lot of users end of bricking phones or voiding warranties b/c they wanted to do something the phone wouldn't do... and they went on YouTube to find a walk though so they could... its always a wildcard to show the average pretty shiny end user how to open there phone up... (Omnifice it is funny that you phrased it the way you did, "I can handle the potential issues with Android, the ladies in my family can't." it is the exact opposite is my house... I had to take over my husband's android every week to fix what he had broken... so I got him WP)

curtisneal
curtisneal

My experiences with regardless of brand has been poor. I have gone through 4 Android phones because the Android os is buggy. I have limited needs. The most important to me is sceduling. I know that with windows I will have few problems synch my calandar. My most recent problem is that my Google account has been hijacked. My schedule has been losing information about doctor appontments because of this. There is no way to contact Google for help because they require answers to questions that are not the ones I used to set up the account.

Omnifice
Omnifice

I got the Android Razr for myself (the techie), and the iPhone 4s for my wife (very non-techie) and the iPhone 4 for my daughter (much, much less techie). I can handle the potential issues with Android, the ladies in my family can't. It was purely an end user decision. I knew they had a good chance of muckin' up the Androids, but not so much the iPhones. Although I'm far from an Apple fan, it was better for the users of those phones. It seems like it's usually the uninformed or less knowledgeable users that get themselves into trouble.

Den2010
Den2010

I've been a very happy Android user now since 1 November. I got a Samsung Galaxy S II phone, replacing a Windows Mobile 6.5 device. In that time, I've downloaded over 20 apps from the Android Market, and have been generally satisfied with the quality I've seen. I've uninstalled one or two, simply because they turned out not to meet my needs. I've also uninstalled some of the carrier-installed apps that were on the phone initially. I haven't rooted the device, but that may well happen at some point. You're right - with great freedom comes great responsibility. For those who rise to that challenge, Android is the best platform. I don't see myself becoming a Windows Phone or iOS user anytime soon.

jibu_thomas
jibu_thomas

Sorry for my ignorance but I would really like to know if the vulnerabilities in Android are more like buffer overflow / sql injection types or some software/crack that person intentionally installs.

ikiru71
ikiru71

In the end, user should bear the majority of the responsibility. Computers and smartphones are made to provide people a "tool" to accomplish certain things. A software company can't be held responsible for everything a users does anymore then a car company can be help responsible for a drunk driver. For years Windows OS has taken the majority of criticism when the real criticism should be aimed at (1st) the users and (2nd) certain appliction designers. If you install Windows (XP, 7, or even Vista) on a PC that was designed for them; that machine will run beautifully and in most cases with no problems at all. It is not until the users come in and starts adding their coupon toolbars and "cool" screensavers that problems start happening. On top of that you have the endless variety of software companys that put out shotty, untested software for the OS. The users buy this cheap software and then get upset when things go wrong. Of course the other part of this is the malware and virus developers. They choose to attack Windows (for computers) and Android (for phones) for two very simple reasons. 1) The are the more prominent and widely used systems and 2) they are more open systems and thus easier to develop attacks against. Don't get me wrong, Apple is not invunerable. Hackers love a challenge and the more popular Apple becomes the more you'll see attacks against it. Especially as more of these PC users migrate over to Apple and start wanting their toolbars and nifty mouse pointers.

Vulpinemac
Vulpinemac

The majority of Android users are used to the Windows modus operendi and in many ways Android is the Windows of the smart phone world. Yes, it is almost infinitely configurable, which is great for techies, but that also means that it's easily breakable by non-techies. Many of those claimed malware incidents that Microsoft is using to promote their Windows phone may be nothing more than a messed-up file system or overloaded processor as the Android users simply don't know how to manage their resources or even know they need to. Honestly, for Android to really show off its capabilities, it needs to be in the hands of techies almost exclusively; let the other choose something easier to use that reduces their risk of malfunction. It needs to be in the hands of people who know how to manage it and want to. More people are choosing Android now because of its low average cost, not for its claimed superiority over other platforms.

daboochmeister
daboochmeister

When I've taken the time to actually drill into the reports of "Android malware" (twice now, on two different blog/news-site postings), it turned out that very few of the reported apps were in fact malware, in the sense that they were exploiting a vulnerability in Android (whether Dalvik or kernel). In fact, what's being reported as "malware" are simply applications that, if a user installs them and gives them rights to their personal info, do bad things with that info. The user had to grant the app rights to that info, even if there was no apparent reason the app should need those rights. This is a far cry from the viruses and trojans that most people, reading these articles, are envisioning as what's being talked about. I think the distinction is important, and that IT journalists have an ethical responsibility to be clear on this issue. Otherwise, they're implicitly feeding into a FUD cycle.

Gisabun
Gisabun

The problem is ALWAYS the people. Between malware from using pirated/hacked software to novices who don't know what they are doing by accepting anything on their computers to opening files from people they don't know [or do know but didn't find it the least bit suspicious]. In the case of Android it has also been Google for failing to properly secure the OS from this crap. Google Android OS is their version of Windows 95. Apple has it right with the App Store (TM) but their pricing policy is rediculous. Think of WinPhone is what the Mac was a few years back before the OS X started to get malware and other infections - relatively "clean" because it had a minority stake in the market share. In addition, unlike WinPhone, the iPhone also is a status symbol where malware writers will go after because they are sometimes rich[er] and sometimes dumb[er].

Justin James
Justin James

Why? Because the WP7 development model (as well as the iOS development model) do not allow the same access to the underlying system that the Android model does, plain and simple. The apps are literally unable to do the things that malware would want to do, in large part, and if they tried to, the app store system would pick it up, because it evaluates every single call to the OS and ensures that it is inline with what is allowed. Android's problems are NOT in the Java VM, they are in an absolutely insecure implementation of Linux. For all intents and purposes, apps can do just about anything they want. That's bloody stupid from a security standpoint. You want to know why Android has malware problems? It's because Android is built on the old DOS "anything goes" model that let to the security meltdowns of the 90's and early 00's for DOS, Windows 3.X, and 9X users, and the legacy of that development model is STILL slowly being contained. It wasn't until Vista that Microsoft had locked it down to even moderately "safe" levels... so what does Android do? Replicate it! So yes, I'll put any WP7 or iOS device head-to-head against Android on the security front, because both of those OS's are much more secure *by design* than Android. The day Android becomes secure by default is the day that all of the cute things that Android power users love about it stop working. Remember, the power to install a replacement software keyboard is the power to install a keylogger... J.Ja

dcolbert
dcolbert

You've got to be tricked into willingly installing the binary from the market or side-loading it. There may be proof of concept that there are exploitable security flaws in Android that are vulnerable to drive-by infections - but I haven't heard of any existing in the wild as of yet. Anybody? Correct me if I'm wrong, please.

dcolbert
dcolbert

Of the countless virus, malware and trojan infections I've responded to over the last 15 years, the vast majority of them have been caused by technically deficient users going places that they obviously shouldn't have or clicking on links they should have left alone. Infections from downloading pirated software, going to the dirty back-alleys of the information highway, or otherwise being somewhere that they shouldn't have been. It is like having a friend who gets mugged on the wrong side of town and the unspoken question is, "so, what were you doing over on THAT side of town, anyhow"... I've only been infected a few times - but in almost every case I can recall, I knew I was swimming in dangerous waters right before I got hit by the infection. I can only name a few times where I got hit by a drive-by infection that totally took me by surprise. It can happen, and I think in the past it was far more possible that it is now - but in almost two decades of experience, I'd say that MY personal experience indicates that it is exceedingly rare. So far, my Android experience seems to be indicating the same results.

dcolbert
dcolbert

I just +1ed your post, Vulpine. In the broadest sense, I think you're probably right, here. The only thing I'd say is that from an uber-techie perspective - this line: "Yes, it is almost infinitely configurable, which is great for techies, but that also means that it's easily breakable by non-techies." Although true - isn't the *whole* story. While it is easily broken by non-techies in an easily repairable way, the iOS platform is easily broken by TECHIES in a difficult to nearly impossible way to fix. That is - in competent hands, Rooting your Android device is fairly safe and easy to recover from - and it is very rare that a Rootable and Rooted Android device is bricked in such a way that a seasoned Android technical user cannot recover it. On the other hand - it is fairly easy and not uncommon for a jailbroken iOS device to become bricked so hard that even the most adept iOS hackers struggle to recover it to a usable state. This represents a fraction of a fraction of all users for both platforms combined, so I'm *absolutely* splitting hairs in bringing this up - but it *is* an important distinction for *me*. :)

dcolbert
dcolbert

I pointed out that a lot of these issues have a target audience that represents a small geographic region, as well. But I think a lot of it is that we're all still getting our heads around how the whole concept of malware, trojans and virus infections morphs on personal mobile devices. It isn't the same as it has traditionally been, or it doesn't seem to be. Now - I don't think that excludes the possibility of malicious software running on a mobile OS that behaves like a more traditional example of such - but your observation is still valid. I'd say that it might be a little presumptuous to assume that writers who don't note this are implicitly feeding into a FUD cycle, though. I hadn't really thought about this from the perspective you present here yet - but it just hadn't occurred to me. It wasn't my implicit intention to propagate FUD.

daboochmeister
daboochmeister

Justin, you make it sound like an Android app runs as root. Isn't it the case that an application has to "ask" for the rights to access the underlying OS capabilities, and only if the user grants it those privileges will it be able to? And so we're right back to the user as the issue (whatever the mobile equivalent of PEBCAK is)? How is this different than WP7? Are you saying that the WP7 app store somehow magically knows what APIs an app should try to call (which should vary by app capability, of course), and detects if it tries to call outside those boundaries? In either case, there's a manifest that lists capabilities needed, and the user has to grant rights to those capabilities, no? And any attempt to call a capability that hasn't been approved is denied, in either case, no? Not seeing the distinction that you are. Android has basically the "UAC at install" approach, not an inherently insecure approach.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

"The apps are literally unable to do the things that malware would want to do, in large part, and if they tried to, the app store system would pick it up, because it evaluates every single call to the OS and ensures that it is inline with what is allowed." If that was true you would not be able to root your phone. Malware doesn't always require vulnerabilities or non-authorized behavior to behave in inappropriate ways. Bill

dcolbert
dcolbert

I appreciate that you're willing to come out and put the blame squarely on the way that the implementation of Linux is handled - which illustrates the argument that there is no such thing as a "more inherently secure design" at the kernel level. It it was inherently more secure, you wouldn't be able to create a poor implementation that compromised that inherent security advantage - but clearly Google has done just that. I think at this point though, the argument becomes academic and is simply a reversal of the arguments the community has been having for the last 20 years about security. To be precise, if the Linux kernel is not inherently more secure, then neither is the iOS or iPhone 7 kernel - or so it would stand to reason. Of course, you don't make that claim - you say that they are more secure *by design*. I honestly don't know enough to argue that claim. Ultimately, though - I think in the end we come to the same conclusion - the benefits of the Linux design model are the liabilities, and include a high degree of responsibility on the end user. Personally, I see iOS and WP7 as *appliance* devices, turn-key solutions for consumers who simply want what I've repeatedly described as digital-device "grocery getters" and "soccer mom vans". If iOS and WP7 are SMART phones, then Android is an actually INTELLIGENT phone. Being smart keeps you out of trouble - but limits your horizons - being intelligent frequently gets you into trouble, but gives you unlimited horizons.

dogknees
dogknees

I want that power over my hardware. If I mess up. I take responsibility for it. If I kill it because I loaded something dumb, then I accept it and reload or replace. The difficulty is how do manufacturers meet both sets of requirements? Not being a manufacturer, that's not my problem but their's. And it's high time they figured it out! Maybe it's difficult. All that means is they need to hire smarter people and make smarter design decisions.

spligen
spligen

I'm fully agree with you! There's always a price to pay! The Android is highly customable like we all know... It's its greatest strengh and its greatest weakness paradoxically.

jibu_thomas
jibu_thomas

Because by not being app maniac I was hoping could stay away from malware but only in coming years i think security flaws would be uncovered

Justin James
Justin James

"Isn't it the case that an application has to "ask" for the rights to access the underlying OS capabilities, and only if the user grants it those privileges will it be able to?" Each Android app (and WP7, for that matter) has a manifest file that does indeed list the rights needed, and the user is notified at install time and authorizes the app. "How is this different than WP7?" Explaining this is starting to get boring, but here I go again... WP7 apps *cannot make dangerous calls*. Android apps *can make dangerous calls with user permission*. EXAMPLE: WP7: apps cannot directly access contact information; when they want to look at your contacts list, the standard contact picker list is displayed, and the USER selects the contact that the app gets access to. Android: once the app is authorized to handle contacts and installed, it can carouse through the contacts list at will, whenever it wants, with no user interaction required. "Are you saying that the WP7 app store somehow magically knows what APIs an app should try to call (which should vary by app capability, of course), and detects if it tries to call outside those boundaries?" Yes, that's actually EXACTLY how it works. It's not "magic" incidentally, it's called "reflection", and the Android app market is technically capable of the same (Amazon's Android app store does it). Furthermore, the WP7 app store verifies that the requested rights match the rights actually used, and if they don't, the app is rejected. "Not seeing the distinction that you are. Android has basically the "UAC at install" approach, not an inherently insecure approach." Again, the difference is in the APIs. WP7 apps do not have access to the underlying system... WITH OR WITHOUT PERMISSION. Android apps, once authorized, do whatever they want, and I am not even sure of the manifest *must* match the actual code. We all know that users say "yes" to anything! So by design, an API that allows unlimited access "with permission" is insecure for all but the most savvy users. If you don't believe me, take a look at malware install rates on Windows... "Android has basically the "UAC at install" approach, not an inherently insecure approach." UAG on install is an inherently insecure approach, because the bad buys know that users say "yes" to anything. It's socially hackable. J.Ja

Justin James
Justin James

... but rooting a WP7 device involves sideloading from Visual Studio onto a phone registered as a developer device, which is a deliberate violation of the built-in security model. Or to put it another way, you can't root a WP7 device from a WP7 device or by running an app on an WP7 device. J.Ja

nwallette
nwallette

Apps in the App Store aren't authorized to root a phone or gather usage statistics. Carrier IQ would likely be running with escalated privileges as part of the system software. Rooting a phone requires exploits or hacks. Such code will NOT be found in the App Store, which is the context Justin was speaking in (as far as following execution paths and detecting API calls prior to approval.)

dcolbert
dcolbert

We wouldn't expect CarrierIQ to work correctly on devices like the iPhone, where we know it was installed, if not activated - by the manufacturer. I guess then, the logical assumption is that while iOS and WP7 may be safer from Malware in general, there is no guarantee it is safe from the malware that the manufacturer/vendor/wireless provider approves of having on their phones? :) And of course, on a WP7 or iOS device, there it is far more difficult to alter or uninstall anything that is placed there *intentionally* by those parties than it is on Android. Just playing devil's advocate here, more than anything. It certainly seems to be a 6 of one, half-a-dozen of the other kind of situation to me.

seanferd
seanferd

[quote]put the blame squarely on the way that the implementation of Linux is handled - which illustrates the argument that there is no such thing as a "more inherently secure design" at the kernel level. It it was inherently more secure, you wouldn't be able to create a poor implementation that compromised that inherent security advantage[/quote] Thar doesn't even make sense. You can take the most secure bank vault design in the world, then decide to build one which doesn't have a top, but relies on the floor above as a lid. That has nothing to do with the original design, it has to do with a really horrible implementation. Saying that a kernel which is modified poorly, and a userland which is given bad default permissions which are also not modifiable by the user, and an API which gives apps broad permissions (put a manhole in the top of the floor above the safe), indicates that the original design of the kernel is not more inherently secure than a swiss cheese OS is ridiculous. Aside from that, keep up the good work.

onclejon
onclejon

Have to say I'm quite happy with smart but not intelligent; now so many cell phones are in the hands of children and teenagers security is rreally important

seanferd
seanferd

You keep the phone locked down like a normal user account. You give users normal root privileges access to change the things they want. They install or change whatever, and then back out of the superuser account. If anyone screws it up, it's their problem. If anyone wants to be ruled by their provider, plenty of other vendors offer their authoritarian little walled gardens. I wouldn't count on Google to do this well any more than I would expect MS to, so we'll have to wait for a better open-source Android version or for one of the other operating systems.

Vulpinemac
Vulpinemac

You're both assuming the user knows what the heck is going on. The people who are buying these phones on average, whether they be iOS, Android or WP7/7.5/8, only want a phone that's not too expensive, does what it's supposed to do and is hopefully safe to use. All three systems have 'default' settings designed to make them safe, but Google seems to have gone out of its way to make that default safety easy to turn off and easier to forget that it's been turned off. I can't speak for WP on that, but iOS goes out of its way to make it harder to turn off that default safety and as a result only more knowledgeable users will tend to do so. Additionally, every OS update tends to turn that default safety back on and because of its ability to be 'tied' to a PC, it's possible to do a kind of 'hard' reset on the OS through iTunes--something almost impossible with a faulty Android phone. No, I'm not trying to say one is better than the other through 'inherent' capabilities; I'm suggesting that the platforms are really aimed at different classes of users but the OEMs don't seem to care that they're getting a higher proportion of reportedly 'defective' devices that on analysis have nothing more wrong with them than a jumbled-up mess of a file system due to ignorant users trying to customize their phones. Whether you look at Motorola or the other OEMs, the biggest complaint comes down to software mucking up the OS--followed by pretty poor hardware from one specific brand. App Store (Apple) and Marketplace (Google) do operate in different ways--one to filter and attempt to vet the software before it goes public while the other is a wide-open market that only polices when it must. They each have their advantages, but to me Apple's offers at least some real sense of security because the review process does block the vast majority of 'intentional' malware. Yes, it may be possible to get a trojan horse through those gates, but at least those gates are there, keeping those Trojans from just walking all over the city. Better any walls at all than a city get invaded from all directions any time the invaders want. The history of warfare and the history of computer security aren't all that different in scale--only in environment.

dcolbert
dcolbert

I'm roughtly understanding you - but having some difficulty following you completely in both of your recent posts. The Kernel vs. OS post above, I basically get what you're saying, and I can't find anything that I can leverage into a launching point to argue your point there... But here, I think the problem is that you're not being specific about which store you're talking about (Android MARKET or Apple APP STORE)... it gets confusing with all the different app vendors with different names for their various front ends - at least for me. So, if I read this as "Apps in the Apple App Store aren't authorized to..." Then the argument is that the iOS and MSFT app vetting process would catch and prevent any application that was misusing an API or otherwise contained code that would lead to escalation privileges? Well - remember that app that briefly snuck by Apple that posed as one app but actually had an embedded phone tethering feature? How was that done, how was the code snuck by, and why couldn't that be used in an example like this but for nefarious purposes? It doesn't seem like it is as foolproof as Justin suggests, and in fact, a false sense of complacency seems to be dangerous in a case like this. Android users might arguably be MORE cautious because they inherently (there is that damn word again) have LESS trust in their OS and market. No?

Vulpinemac
Vulpinemac

... to remove even from Android? As you say, Devil's Advocate, but what good is Android's supposedly greater capabilities if even they make it impossible to customize or clean up?

Justin James
Justin James

A lot of your confusion is because you aren't looking at the documentation for *developers*. They show you what you can and cannot do. User apps may not officially run as root, but they can certainly do way too much of root can do, like adding crontabs, manipulating the system files, etc. Look at the things that Android apps can do. If that's not formally root, it's close enough by a hair. There is certainly zero permission restriction on the files between applications... that's how you see apps that can reveal stuff like Carrier IQ. J.Ja

dcolbert
dcolbert

But maybe I'm using the wrong keywords. I don't understand why you would need to root an Android device to get SU access if all processes were running under local user with root access? You're saying that when I launch Shazzam or Angry Birds or any other app, it is running as root, with least restrictive, most permissive access to the entire device - even when the device is not rooted?

Justin James
Justin James

nwallette said what I was going to say. The Linux kernel has great support for security, but the problem is that the Android implementation of the Linux OS sidesteps the security that Linux usually has by running users as root... which is the world's most famous security mistake. J.Ja

nwallette
nwallette

The kernel runs at the highest priority level. So "inherently" all kernels can be considered insecure. The Linux security debate is fundamentally flawed, because Linux isn't technically an OS -- it's a kernel. The kernel has terrific support for security *features* (chroot, and protected memory access, for example), but it's completely up to the OS to leverage that. Linux as an OS (or GNU/Linux, if you prefer) is only touted as inherently secure because of the conscientious efforts taken by its developers and users to use the least-privilege model of execution. ("Don't run as root.") This mindset has trickled down to the application developers. Consider for example the various SMTP MTAs. I believe it was Qmail that brags about how each function is a separate executable that has zero trust for any of its interactions outside its silo. (Contrast that to svchost.exe, for example.) Windows' biggest flaw over the years hasn't so much been its kernel (although the 9x kernel didn't have the robust multi-user security-minded partitioning that the NT kernel does), the problem has been that every user logs in as an administrator. Android suffers this same fault. Apps are given the keys to the kingdom. The kernel just does what it's told. It schedules threads, manages memory allocation, and converses with the hardware. It doesn't know benign code from malicious code. That's not its job.

dcolbert
dcolbert

I've had this argument before... When I went to look for this link, I had actually previously +1ed this Google result below from Dictionary.com: Inherent - existing in someone or something as a permanent and inseparable element, quality, or attribute: an inherent distrust of strangers. If it is inherent, it is permanent and inseparable. Linux is not INHERENTLY more secure and is not INHERENTLY secure. It is incorrect usage of the word "inherent". It sounds good as a sound-bite - and it has become part of the public consciousness when discussing Linux security - but it isn't the TRUTH. If it WERE inherent, it couldn't be undone - and Android illustrates it CAN be undone - thus - not inherent. It makes *absolute* sense, but you've got to understand that as usual, I've carefully framed the argument. I'm not comparing it to a swiss-cheese OS. In this particular case, I'm actually comparing it to itself. Linux may be "MORE secure than a LESS secure OS design" - but that is a pretty redundant observation to make, and it still doesn't mean that Linux is INHERENTLY secure. ;)

Editor's Picks