Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Twitter To Open Source Android Security Tech

samzenpus posted more than 2 years ago | from the set-it-free dept.

Android 164

itwbennett writes "Following last month's acquisition of Whisper Systems, Twitter is open sourcing 'some' of the company's Android security products. First up: TextSecure, a text messaging client that encrypts messages. Souce code is on GitHub now. 'Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent,' writes IDG News Service's Nancy Gohring."

cancel ×

164 comments

First post! (-1)

Anonymous Coward | more than 2 years ago | (#38458454)

First!
__
Posted from my open source encrypted android IM app.

Maybe it was required? (3, Insightful)

migla (1099771) | more than 2 years ago | (#38458504)

Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent.

So, apparently whispersystems has to do with that Moxie Marlinspike character, who strikes me as someone who might have some open souring as a requisite for the acquisition?

Re:Maybe it was required? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38458620)

Q: Are there business or technical reasons you do not want to open the source code for WhisperCore or any of the sub-projects like WhisperMonitor?

A: (Moxie Marlinspike) Same reason most enterprise software vendors' products aren't OSS, harder to sell software that way. =)

So I guess you're saying he wanted it open since he no longer has to worry about selling it? If you are, that's part of what burns me about open source... so many are on the band wagon until it means that they're the ones producing software while not standing a great chance to profit from their work.
 
Not far from the "IP doesn't really exist crowd"... they're all too happy to take what they want and claim that artists can make money elsewhere yet few, if any, produce a quality product themselves and even less of them give it out 100% free.

Re:Maybe it was required? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38459114)

What about those like me? I release my software closed source, but after a short period I open source it under the AGPLv3 (A license that ensures the most end user freedoms, AFAICT).

Yeah, it's artificial scarcity, but I can't seem to get people to fund my development as the program is in progress, IN ADVANCE of the project actually being usable. This leaves me with the only option being to release it as closed source and charge for access after the program is complete. In 4 years I haven't yet drummed up enough donation support to fund development without a paywalled & closed source initial release. Now I use a "help free ProductX" progress bar indicating the amount of funds I require in order to fund the next iteration or program. When the gauge is full I open source the product.

Either by donation or paywall you're still paying only for the work I'm doing only once, not the act making infinitely reproducible copies. This is the hardest part to wrap your mind around I suppose. I only want to get paid when I'm doing work, or offering a service (that requires expenditure of time or money on my part). Traditional closed source software development only pays their devs when they work, but attempt to charge for every single copy.

Copying takes far less work than coding. Copies aren't scare. My work is scarce. I only want funding for my efforts. I need to have funding for my work because I'd like to continue doing it instead of digging ditches or busing tables.

The fallacy people like you fall into is the belief that people like me can actually release our products as 100% FLOSS software and still EAT. Closed and open sources can play in the same sandbox, in the same way that labor unions prove that Socialism and Capitalism can work together. At the end of the day, I want my users to have freedoms, but the truth is that most people don't put their money where their freely eating mouths are.

In the future, I may gain enough of a user base that the donations will be able to completely meet my financial prerequisites for the development... However, realize that I must bring in a bit MORE funding than merely enough to actually develop the product. I must have enough funding to have a bit of financial security. Else, I'm living "paycheck to paycheck" and risk one bad release causing me to end all development.

I call people like you software extremists. As any extremist you're likely immune to reason: Anything that's not white is 100% black. No Gray Allowed!!! Gray is THE DEVIL! (Failing to realize that the entire world is a beautiful place predominantly because it's made of many shades of many colors, including gray.)

You need a reality check: Absolutes are a rarity in nature, in fact, they don't exist naturally. To say FLOSS isn't about pushing an ulterior agenda is denialism; The same can be said of closed software.

Re:Maybe it was required? (0)

Anonymous Coward | more than 2 years ago | (#38459932)

At least one absolute exists in nature (End of the universe every star gone out).

What you are doing is totally ok anyway.

(The only bad stuff is gpl stuff made closed against the license or adding adware and a 2 second Android gui).

Or companies like Mikrotik/Chinese Tablet makers that there whole business model is based on abusing the license.

Re:Maybe it was required? (1)

johny42 (1087173) | more than 2 years ago | (#38460288)

What you described is one of the best methods to monetize open-source software that I have heard about. I'd like to see more, could you post a link?

I'll gladly contribute towards open-sourcing something, if there's anything I need!

Re:Maybe it was required? (0)

Anonymous Coward | more than 2 years ago | (#38462286)

Except that I never said anything about your model either way so it's you who's assuming that I see things only one way or the other. Thanks for making an ass of yourself while showing that you're a hypocrite about who is an extremist here.

Re:Maybe it was required? (2)

trawg (308495) | more than 2 years ago | (#38467366)

This is a great model and I applaud it. I would much rather pay for software knowing that the end game is open source, rather than continually filling the coffers for the duration of a copyright period.

What software do you make; I would be interested in keeping an eye out?

Re:Maybe it was required? (0)

Anonymous Coward | more than 2 years ago | (#38459200)

I just want to make it work with my Canogen Mod on my shiney new Glaxsy SII :D mabye I'll Join up and help now that it's all Open Sourced and stuff.

This is really good news (5, Interesting)

Mr_Plattz (1589701) | more than 2 years ago | (#38458514)

This makes a lot of sense. Twitter is and has always been a facilitator of open communication, particularly from censoring governments. This is just an extension of that.

I have always kept an eye on Whisper Systems and specifically TextSecure (and WhisperCore) but they never became really "usable". I would (and I think many people) love to be able to securely text message (or via iMessage or Facebook) knowing it's safely encrypted but still highly usable (similar to Pidgin + OTR).

Will they try to use this for corporate evil? Maybe. But at the same token WhisperSystems never had enough power/traction to develop what they really wanted and we (the people) needed.

Re:This is really good news (1)

hyc (241590) | more than 2 years ago | (#38469880)

On that topic, i guess it would be a really good idea to write an OTR plugin for the vanilla Android SMS app. Something for my todo list if it hasn't already been done. (PS, you can find my OTR plugin for Finch/libpurple here https://gitorious.org/purple-otr [gitorious.org] )

More "Web 2.0" crap that we had years ago? (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#38458528)

A lot of this so-called "Web 2.0" technology is crap that we had decades ago.

"A text messaging client that encrypts messages" is not innovative. It sounds like it's just a shitty subset of the real email clients that have PGP integration. Hell, the stupidest part is that most phones today can easily run full-featured email clients featuring proper encryption!

This sounds like it's just another in a long line of "Web 2.0" technologies that are only "innovative" because a lot of these "Web 2.0" advocates are merely 18 to 20 years old, and don't realize that these technologies and approaches existed long before they were even born.

So-called "NoSQL databases" are another great example. Fuck, I used similar database systems throughout the 1970s and 1980s and 1990s. They aren't innovative. And we ditched them because it's easier to use relational databases, and it's damn easy to scale them, too. But you do have to have a little bit of knowledge. Knowledge is something that "Web 2.0" advocates tend to lack.

I'd love to see some real innovation out of this crowd, but time and time again they just give us a really inferior implementation of something we had many years ago.

Re:More "Web 2.0" crap that we had years ago? (2)

AJH16 (940784) | more than 2 years ago | (#38458842)

While yes, TextSecure is similar in nature to PGP, it isn't the tech, so much as the interface, that makes it a great app. While I can agree with some of your objections to what Web 2.0 heralds as new and I believe there are legitimate questions about the wisdom of the direction we are going with technology, I think your rant may be misplaced here. TextSecure is a local Android SMS client that smoothly integrates key exchange and secure messaging with SMS so that the user doesn't have to concern themselves as much with the "complicated" details. You simply choose a contact, request a key exchange, verify a code it gives you via some other channel to make sure there is no man in the middle and the keys are then stored with the contact for future verified, secure communication without having to do anything more than send text messages like you normally would (though through the TextSecure app).

What we should take from "Web 2.0" is the attention to what kinds of interfaces and interactions users gravitate towards and this is where TextSecure seems to shine the most. What we might be wiser not to take from Web 2.0 is some of the more questionable technical "innovation" that seems to be moving backward in capability to what we had in the past in the name of supporting the new UI. Examples from my perspective at least are the pushes towards things like Metro and trying to do entire desktop replacement application development in HTML5. Sure the idea of a pure touch friendly UI sounds good to marketing, but the fact is there is a lot that can't be effectively done with it. You might cover the needs of half the population even, but you are greatly limiting the development of the fringe of technology which has always been what pushes us forward.

Recently there seems to be this idea that the goal should be to get everyone, from the biggest technophiles to granny in a nursing home should embrace new tech, but too often the way that seems to be accomplished is the lazy approach of making a limited product that doesn't really push the envelope or encourage further growth. For the longest time tech has started in the hands of those who understand how to push it forward and then propagated down to the masses after going through a lot of refinement and filtering to find the best stuff. Now things just get thrown out to mass market and that filtering and direction is lost. Effectively control of the direction of technology is getting handed to marketing instead of technologists. That's a great way to make money, but a horrible way to move technological progression forward.

Similarly, HTML5 being used for desktop apps is a nice goal to try to have apps that can be used anywhere and not require install, but the fact is that the tools really aren't there to do it efficiently yet and it's really a wasteful process when you consider the extra development effort required for many projects combined with the extra energy required to run the necessarily inefficient code (just the lack of a good ability to push notification from server to client is a huge issue, let alone the security concerns and the performance of java script in general). On the other hand you do save having to produce hardware for the home, but that hardware and more is just having to go in data centers instead (though it is more fully utilized in a data center.)

Re:More "Web 2.0" crap that we had years ago? (4, Informative)

Gr8Apes (679165) | more than 2 years ago | (#38458878)

The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)

Regarding the open sourcing of the encryption code, generally self-written encryption routines are inadequate at best. If you're not leveraging one of the well vetted encryption libraries, odds are that your solution is weak and will only stand up to cursory inspection. Otherwise, you're using PGP, RSA, Blowfish, etc, and your code is merely a light wrapper around those libraries. (No, I did not review the code)

As for chat clients and the like connecting to each other with encryption, this has been around and open sourced a long time, one implementation is Off-the-Record [cypherpunks.ca] . And of course there's the PGP solution that has been around since the early 90s.

Re:More "Web 2.0" crap that we had years ago? (0)

Anonymous Coward | more than 2 years ago | (#38459516)

Stop kidding yourselves, nothing resembling this existed back then. There's much more done on the server and much more done on the client, and it's not even the same requirements.

Re:More "Web 2.0" crap that we had years ago? (0)

Anonymous Coward | more than 2 years ago | (#38459852)

assuming an application of complexity C, if you have three tiers, you have to divide that complexity into 3 parts. since the invention of the Application Server, much of the complexity lived in the middle tier.

by eliminating the middle tier, you have only the client and server to perform all the work, which means that the original poster is correct, even if the amount of work getting done in 2012 has increased 1,000s-fold over the 1960s.

Re:More "Web 2.0" crap that we had years ago? (1)

Gr8Apes (679165) | more than 2 years ago | (#38465490)

Apparently you haven't played with X11 at all if you think we're doing more now than in the 80s.

I distinctly recall using SGI machines to run PATRAN modeling software that was backed by a Cray YMP-16. If you think a little Web 2.0 app comes anywhere near the intricacy of visualizing stress results on a 300K 3D element model, you need to revisit what existed back in the late 80s. It might just shock you back into the future. (and no, it wasn't real time either, you submitted commands and went to get a cup of pretty much whatever was furthest away)

Don't confuse Web 2.0 and HTML5 (1)

F69631 (2421974) | more than 2 years ago | (#38470090)

The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)

It seems like you're talking about HTML5 (Creating websites with application-like user experience with combinations of the latest HTML, CSS and JS features) though you refer to it as Web 2.0.

Web 2.0 has nothing to do with user interface (though certain UI elements, such as types of glossy buttons, are often referred to as "Web 2.0 style" because they got popular in blogs, etc.). Web 2.0 refers to the change in how people view the internet and how the content is produced. Web 2.0 refers to the change from passive users (who just visit corporation.com to look up information) to active users (who produce the content themselves. e.g., blogs, youtube, Slashdot community, etc.).

I know there are too many buzzwords these days, but these are the ones that everyone should know. Web 2.0 has been pretty well established for years and I think that it well describes very important change in how we view the web. HTML5 is more of a buzzword (as it doesn't actually refer to any new technology, it seems like a newer version of "DHTML") but it's quite widely used and the meaning is pretty consistent, too. :)

Re:Don't confuse Web 2.0 and HTML5 (1)

Gr8Apes (679165) | more than 2 years ago | (#38470568)

The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)

It seems like you're talking about HTML5 (Creating websites with application-like user experience with combinations of the latest HTML, CSS and JS features) though you refer to it as Web 2.0.

No, I'm not talking about HTML5 at all. Web 2.0 has everything to do with the the underlying communication architecture. It went from passive 1-way to interactive 2-way communication. This allows for interesting new functionality to be created and displayed in the UI. It has nothing to do with what you've listed there: blogs, youtube, /., etc. All of those are conceptually Web 1.0 products, although they may have some Web 2.0 niceties added on to enhance the user experience.

Google Docs would be a good example of complex Web 2.0 functionality, where multiple people can edit a spreadsheet, for instance, and everyone sees the spreadsheet in real time. This functionality is impossible with Web 1.0. (Note: "real time" is not required for Web 2.0 functionality, but it is certainly a flag if it exists that it most likely is a Web 2.0 app, vs Web 1.0.)

Note also that Google Docs is a classic Client/Server application.

HTML5 standardized a lot of UI front-end pieces, some nice additions for handling certain types of media, the ability to access local resources to support applications, and added a messaging paradigm. It encompasses some of Web 2.0, but it's mostly to get a whole host of UI pieces standardized.

Re:Don't confuse Web 2.0 and HTML5 (1)

Gr8Apes (679165) | more than 2 years ago | (#38471790)

As I reread this post - I should also note that some refer to Web 2.0 as just the active components that hide/show pieces on the page and filling of controls with data on demand. What I'm calling Web 2.0 includes the interaction between the client and the server, which implies the active page controls but includes live connections and activity. 5 years ago, the company I was at marketed this as Web 3.0, although that never appeared to catch on. :) Essentially, we took the web to rich clients instead of relatively static and simple web pages. Even Google Docs is a relatively simple compared to what we built.

Hello, I am post a comment now (0)

For a Free Internet (1594621) | more than 2 years ago | (#38458530)

Gretigns, I am poste a coment to you now: it says:

"Good day slashfdort, you are a website ib the intirnet!!!!! So AWSEOME!!!!!! your suoer cool frined, BOBBB!!! bye!"

Thats wasy my coment.

WhisperCore (0)

Anonymous Coward | more than 2 years ago | (#38458626)

Got to love how it's been "not available" on their website for months now. Sounds like a very cool idea...

mod 0p (-1)

Anonymous Coward | more than 2 years ago | (#38458716)

be 'very poorly demise. You don't if you move a table and executes a use the sling. their parting prima donnas to real problems pallid bodies and

N9(xx) (2)

muckracer (1204794) | more than 2 years ago | (#38459210)

Here's to hoping for a MeeGo port...

And good job, Twitter. Somehow you're becoming far more sympathetic than that 'other' big social network player...

OPEN "SORES" SECURITY = oxymoron (-1)

Anonymous Coward | more than 2 years ago | (#38460956)

Android shows anyone how "truly secure" Open "SORES" is (it's not) & that's that! It's an oxymoron, for morons who believe in it (plenty of THAT on /. for years now, lol).

* E.G.-> Practically EVERY WEEK, & for YEARS now? Yes - You see a NEW "security bug" turning up on ANDROID, a Linux variant!

(No more "security-by-obscurity" to hide behind Penguins... truth's OUT about your Open "SORES" stuff now, & ANDROID exposes it!)

APK

P.S.=> Yes - ALL THOSE YEARS on /. here hearing the "std. 'FUD' LIES" of "Linux=secure, Windows !=secure" turns up COMPLETE BULLSHIT in light of ANDROID's "Fine Security Showing" on smartphones (the only REAL place where ANDROID, a Linux kernel using Linux variant mind you, gets used by typical end users vs. geeks)

... apk

Re:OPEN "SORES" SECURITY = oxymoron (2)

burning-toast (925667) | more than 2 years ago | (#38462796)

Practically EVERY WEEK, & for YEARS now? Yes - You see a NEW "security bug" turning up on ANDROID, a Linux variant!

[Citation Needed]

Yes, I know... Don't feed the trolls and all of that...

- Toast

Ok then: Here goes (won't fit in 1 post!)... apk (-1)

Anonymous Coward | more than 2 years ago | (#38463414)

How many would ya like? I literally have 100's of posts catalogued on ANDROID security issues of ALL KINDS (hence, my point) year, after year, since I don't KNOW when (start of ANDROID really in 2005):

http://www.theregister.co.uk/2011/12/22/android_trojan_maytyr/ [theregister.co.uk]

http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android [slashdot.org]

http://blogs.cio.com/mobile-security/16704/android-app-permissions-may-spark-false-sense-security [cio.com]

http://yro.slashdot.org/story/11/12/16/2039237/sprint-orders-all-oems-to-strip-carrier-iq-from-their-phones [slashdot.org]

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/ [bgr.com]

http://www.muckrock.com/news/archives/2011/dec/12/fbi-carrier-iq-files-used-law-enforcement-purposes/ [muckrock.com]

http://www.theregister.co.uk/2011/12/12/android_market_malware/ [theregister.co.uk]

http://blogs.computerworld.com/19391/mobile_security_at_takedowncon_hackers_handing_out_a_healthy_dose_of_paranoia [computerworld.com]

(Hey - I'll post even more current examples, as many as /.'s homegrown board engine will let me pack into another single post (I'll have room for more too, Too TOO MANY TIMES, lol!)).

---

* PLEASE /. "CONTROLLERS": FIX THE FORUMS ENGINE: It only let me pack in 8 posts per post for examples that were requested of me... that's beat! What is this 8 links per post I just hit?? A hard-imposed limit by you, or just limits in your code??? String data parse problem??? Get rid of it.

(It leaves room for improvement of a post of mine here, as it would others, ones I could do right away, instead of having to multiply post data as evidences... & added backing)

Yes - where as you know? Hey - I always, deliver, perfectly, & accurately (pats self on back!!!), blowing the doors off of your best technically, in your trolls! Most are cowards & post AC - something they can never take credit for IF they somehow managed to "completely get the better of me" (impossible), technically in computing: Never has happened since I started posting here in late 2004, & never will! LOL...

* So that all "said & aside", by request no less? LMAO - "What's 4 Lunch @ APK's today?

Yes, kids - that's right, you guessed it: A truly, "SMOKED TROLL" named 'burning-toast' (lmao - rather aptly named, wouldn't you say? LOL!)

APK

P.S.=> "Next" (to whatever Pro-*NIX troll wants a shot @ the title of most technically excellent @ /., reigning champion APK on all levels)... lmao!

... apkb

Re:Ok then: Here goes (won't fit in 1 post!)... ap (1)

mSparks43 (757109) | more than 2 years ago | (#38464720)

CarrierIQ is not an android problem.

More 4 ur ref (Android sec. issues)... apk (0)

Anonymous Coward | more than 2 years ago | (#38464972)

Funny article title here then, eh? NOT... apk (0)

Anonymous Coward | more than 2 years ago | (#38465078)

Carrier IQ Software Compromises Android Device Data Privacy:

http://www.eweek.com/c/a/Security/Carrier-IQ-Software-Compromises-Android-Device-Data-Privacy-801615/ [eweek.com]

* Care to explain that article title & content then?

(CarrierIQ runs on ANDROID, a Linux variant, & thus is a problem for it, no questions asked!)

APK

P.S.=> This is a classic that needs you requoted verbatim vs. the above evidence from reputable sources to the contrary:

"CarrierIQ is not an android problem." - by mSparks43 (757109) on Thursday December 22, @04:14PM (#38464720) Homepage"

Nuff said, because does CarrierIQ run on Linux? Absolutely, on ANDROID a linux variant, thus CarrierIQ IS A LINUX/ANDROID PROBLEM, & no "spin" b.s. can counter for that fact - See above, explain THAT then...

... apk

Re:Funny article title here then, eh? NOT... apk (1)

mSparks43 (757109) | more than 2 years ago | (#38472700)

But CarrierIQ runs on the iPhone as well, and Nokias, so how is it an "Android problem"?

The old Razr mobiles could be used as remote listening devices.

APK in "computers can run software" shocker.

YES or NO answer this question (0)

Anonymous Coward | more than 2 years ago | (#38472880)

QUESTION: Does CarrierIQ run on smartphones w/ ANDROID?

* A simple YES or NO answer's all that's required...

APK

P.S.=> IF the answer's YES (and, it is)? Then it is indeed AN ANDROID PROBLEM - & NO amt. of "spin"'s going to get around that little fact, period!

... apk

Re:YES or NO answer this question (1)

mSparks43 (757109) | more than 2 years ago | (#38480682)

No
It doesn't run on my android phone.
But it does run on any phone its installed on.

Which includes ANDROID phones (0)

Anonymous Coward | more than 2 years ago | (#38482596)

Please - Explain away this (it's proof of ANDROID phones bearing CarrierIQ):

---

Carrier IQ Software Compromises Android Device Data Privacy:

http://www.eweek.com/c/a/Security/Carrier-IQ-Software-Compromises-Android-Device-Data-Privacy-801615/ [eweek.com]

---

* Care to explain that article title & content then?

(CarrierIQ runs on ANDROID, a Linux variant, & thus is a problem for it, no questions asked!)

APK

P.S.=> Also - I never mentioned "your phone" specifically, so I don't know WHY you'd bring it up...

Heck, for all anyone KNOWS? YOU may have toyed with it to remove CarrierIQ, using say, the ADB (Android Debugging Bridge) & pulled CarrierIQ from it somehow that way!

See - I note that tool, because it's HANDY for installing custom HOSTS files onto ANDROID phones (for added "layered-security"/"defense-in-depth" vs. known malicious sites/servers/hosts-domains, as well as speed for blocking out adbanners)... apk

Re:Which includes ANDROID phones (1)

mSparks43 (757109) | more than 2 years ago | (#38487628)

Because my phone is Android, and it didn't come with CarrierIQ, and other peoples phones are not Android, and they do come with CarrierIQ so how can it be a android problem?

CarrierIQ is installed "on purpose" by the people who sell you the phone, its not the operating systems fault some people get their hardware from a dodgy vendor, and that vendor doesn't care what operating system you chose.

Not sure what a hosts file has to do with anything, but as you correctly point out, its less of a problem for android than other phones, because at least you can easily remove it if you are misguided enough to get a phone with such dodgy software.

Yet MORE ANDROID LINUX security issues (0)

Anonymous Coward | more than 2 years ago | (#38488282)

Funny that article shows it's on ANDROID phones thus, it's an ANDROID (& other smartphones') problem (& thus, a Linux problem too, because ANDROID'S A LINUX). I don't see it running on my Windows PC here, for instance...

APK

P.S.=> And to "continue the trend"? Here's MORE Android security issues (8 at a time only: /. won't let me post more links than that):

http://blogs.computerworld.com/18659/cyberthugs_love_smartphones_and_leaky_sneaky_mobile_malware [computerworld.com]

http://technolog.msnbc.msn.com/_news/2011/04/15/6475834-skype-android-app-can-expose-your-personal-information [msn.com]

http://blogs.computerworld.com/17785/sensory_malware_android_app_listens_then_steals_credit_card_data [computerworld.com]

http://it.slashdot.org/story/11/07/11/1620222/New-SMS-Trojan-Found-In-Android-Markets [slashdot.org]

http://hothardware.com/News/Malware-For-Android-Users-Increases-In-Frequency-And-Sophistication/ [hothardware.com]

http://www.theregister.co.uk/2011/08/11/android_marketplace_malware/ [theregister.co.uk]

http://blogs.computerworld.com/18755/killer_android_app_allows_the_clueless_to_hack_pwn_like_a_pen_tester [computerworld.com]

http://blogs.computerworld.com/17899/hacked_android_app_racks_up_huge_texting_charges [computerworld.com]

Would you like MORE? I have PLENTY of them...

... apk

Re:Yet MORE ANDROID LINUX security issues (1)

mSparks43 (757109) | more than 2 years ago | (#38494798)

Saying
"CarrierIQ is an Android problem"
  is a lot like saying
"Cars are a Suzuki problem"

Sorry but
Not all cars are Susuki's
like
Not all CarrierIQs are on Android

and
Not all Susuki's are cars
like
not all Androids have carrierIQ

and cars aren't that much of a problem
like
CarrierIQ is not that much of a problem

And plenty of Windows PC's come with CarrierIQ like stuff installed on them:
http://www.dailymail.co.uk/news/article-1383216/Rental-chain-Aarons-caught-spying-customers-home-taking-webcam-photos.html [dailymail.co.uk]

8 more ANDROID security issues (40++ now) (0)

Anonymous Coward | more than 2 years ago | (#38495050)

There's 33++ other ANDROID security issues I posted you avoid like the plague & we KNOW why, lol!

In fact? Here's some more, "continuing the trend", 8 at a time (since /. won't let me post more than that in a single thread):

---

http://news.cnet.com/8301-27080_3-20087265-245/android-users-twice-as-likely-to-see-malware-than-six-months-ago/ [cnet.com]

http://mobile.slashdot.org/story/11/08/01/2242233/Android-Trojan-Records-Phone-Calls [slashdot.org]

http://www.theregister.co.uk/2011/08/12/defcon_handsets/ [theregister.co.uk]

http://mobile.slashdot.org/story/11/07/24/1715232/Android-Password-Data-Stored-In-Plain-Text [slashdot.org]

http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/ [sophos.com]

http://www.theregister.co.uk/2011/06/01/android_trojan_rash/ [theregister.co.uk]

http://mobile.slashdot.org/story/10/12/21/1849243/The-Smartphone-That-Spies-and-Other-Surprises [slashdot.org]

http://it.slashdot.org/story/11/05/17/1538226/Swiped-Tokens-Expose-Android-Devices-To-Data-Theft [slashdot.org]

---

* Once again, for the 4th o4 5th time now: Would you like more? I have PLENTY MORE where that came from!

APK

P.S.=> CarrierIQ running on ANDROID (a Linux variant) is indeed a problem for it, no matter what kind of "spin" you attempt to put on things I post - no questions asked, & it's only a SMALL FRACTION of the exploits "exploding" on the Linux variant called ANDROID!

So - do I "hate Linux or Android"? No, far from it - they're just operating systems after all!

(They both do the job & are pretty ok (I used both here over time))

HOWEVER, what I do dislike?

Well... the "std. 'FUD' b.s." I heard here on /. for YEARS (coming up on a decade now) of:

"Linux = secure, Windows != secure"

That has been disproven by security issues popping up on Linux (since it can no longer hide via "security-by-obscurity") OR ANDROID (a widely used Linux variant on smartphones, that TRULY illustrates that Linux was indeed, hiding behind lack of usage & thus, not a good target with enough users for justifying an "ROI" on time spent creating exploits for it... this is no longer the case on smartphones @ least))...

... apk

Re:8 more ANDROID security issues (40++ now) (1)

mSparks43 (757109) | more than 2 years ago | (#38495636)

The point we seem to be labouring, is you seem to think vendors installing malware is a security issue.

security issues are ones in which problems arise after you get the device, outside of its intended use. Most of what you are posting is complaints about software doing what it was intended to do (albeit not what the user expected), That is something very different to say, switching your computer on and instantly getting infected with a virus, which has plagued windows for decades and has never been a problem on linux.

The very fact your own link says:
http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/ [sophos.com]
The Symbian, Windows Mobile and Blackberry modules of the notorious Zeus malware toolkit (also known as ZBot) have been known about for some months, and it has been clear that Zeus gang was interested in developing malware for mobile platforms.

However, until now we have not seen any evidence of Zeus targeting users who own Android or iOS (iPhone/iPad) devices.
__
Shows this is still much more of a problem on windows devices than linux based ones.

There are also tools out for Android based devices that let you revoke permissions for installed apps, Is there anything like that for windows devices?

Simple fact is, Linux is as secure as you make it, but you cannot make windows secure.

Can't secure Windows? Beg to differ! (0)

Anonymous Coward | more than 2 years ago | (#38495800)

"Simple fact is, Linux is as secure as you make it, but you cannot make windows secure." - by mSparks43 (757109) on Monday December 26, @01:32PM (#38495636) Homepage

Per my subject-line above, I practically "wrote the book" on it -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml [archive.org] which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

"That is something very different to say, switching your computer on and instantly getting infected with a virus, which has plagued windows for decades and has never been a problem on linux." - by mSparks43 (757109) on Monday December 26, @01:32PM (#38495636) Homepage

Nobody USES Linux nearly as much as Windows - malware makers/hacker-crackers etc. are like pickpockets! They don't target "crowds of 1" only, they go where people to be victimized are, like subways/trainstations/busstops/malls (crowds)... & Linux has no crowds by comparison to Windows on PC's &/or Servers combined - period!

EXCEPT ON ANDROID PHONES, which are being RAMPANTLY abused security-wise, proving my point above actually...

---

"However, until now we have not seen any evidence of Zeus targeting users who own Android or iOS (iPhone/iPad) devices." - " - by mSparks43 (757109) on Monday December 26, @01:32PM (#38495636) Homepage

Look up ZITMO (it's a zeus variant & yes, it's on ANDROID phones - period)...

Ala -> http://www.bing.com/search?q=ZITMO+and+Zeus&go=&qs=ns&form=QBLH [bing.com]

(And, I posted 40++ others that are indeed, security issues on ANDROID phones you seem to be avoiding, & thus since it's a Linux variant? Linux too... & it shows that Linux, once it gets used & isn't hiding behind "security-by-obscurity" (lack of typical end users vs. server roles) anymore...)

* Would you like more? See below...

APK

P.S.=> "Continuing the trend" with MORE security vulnerabilities & security issues problems on ANDROID (a Linux variant)... total's now 48 & counting:

http://mobile.slashdot.org/story/11/01/20/1534236/Soundminder-Android-Trojan-Hears-Credit-Cards [slashdot.org]

http://www.net-security.org/secworld.php?id=11107 [net-security.org]

http://yro.slashdot.org/story/10/09/30/1640223/Many-More-Android-Apps-Leaking-User-Data [slashdot.org]

http://news.slashdot.org/story/10/07/31/167255/Silent-Easily-Made-%20%20Android-Rootkit-Released-At-DefCon [slashdot.org]

http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps [slashdot.org]

http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel

http://it.slashdot.org/story/10/11/05/0229205/Researcher-To-Release-Web-Based-Android-Attack [slashdot.org]

Once more - would you like more? I've got PLENTY more where that came from... lol!

... apk

Re:Can't secure Windows? Beg to differ! (1)

mSparks43 (757109) | more than 2 years ago | (#38500830)

The minimum ones are:

DHCP Client
DNS Client
Plug & Play
Remote Procedure Call (RPC)

So you still had to rely on Linux to protect you from the Blaster worm then?

Also
"Nobody USES Linux nearly as much as Windows"

Simply isn't true. users may use windows, because that is what they are sold, but it terms of the computing they use they use linux far more, you, reading this, are probably using 1 windows machine, and rely on maybe upwards of 20 machines using some nix variant, before you get on to any of the other networking activities. Just because its transparent doesn't make those machines any less important.

Windows just isn't built for security, it is built for usability, but that is just because a windows machine typically has only one user, whereas a typical nix machine has hundreds, thousands, even hundreds of thousands everyday.

I'm still waiting for you to post a security flaw on android that doesn't require the "user" to install malicious software - i.e. one that affects anyone just "using" it. (you know, like simply reading a pdf document, or simply connecting the machine to the internet).

Perhaps the best one you have come up with so far is:
http://it.slashdot.org/story/10/11/05/0229205/Researcher-To-Release-Web-Based-Android-Attack [slashdot.org]

which "does not affect Android 2.2 or later versions"

I have no problems with security flaws being found & released after they have been fixed, I care slightly more about security flaws that are found after they are being actively used in the wild (e.g. zeus bot), but as far as I can see, that remains the nearly sole domain of windows systems.

Blowing away your points (point-by-point) (0)

Anonymous Coward | more than 2 years ago | (#38502472)

"Simply isn't true" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage

Sure it is that nearly NOBODY uses Linux (on PC's & Desktops especially vs. Windows) - see here:

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0 [netmarketshare.com]

---

"The minimum ones are:

DHCP Client
DNS Client
Plug & Play
Remote Procedure Call (RPC)

So you still had to rely on Linux to protect you from the Blaster worm then?" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage

What gave you THAT idea? That looks like a quote of mine from an old post about how to get down to a minimum share of services (analogs to *NIX daemons) in Windows (you can do without DNS client too by the by using custom HOSTS for example) where I was talking about how to get down to a MINIMUM SET OF SERVICES in Windows.

---

"Windows just isn't built for security" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage

From the vulnerabilities I posted on Linux? I'd have to say the same... ANDROID doesn't do it any favors on THAT account either, plus? Well... I've been doing securing of Windows via custom security-hardening it for decades now & posted that much to you, with user feedback on YEARS of no longer "going down/crashing" OR being "bug infested"... so, you're wrong man!

It's not SHIPPED AS SECURE AS POSSIBLE, but, then again, even SeLinux bearing distros included? Neither is Linux... or MacOS X (even Apple has guides on how to secure it better than by default from the oem Apple) -> http://www.apple.com/support/security/guides/ [apple.com] ...

---

"I'm still waiting for you to post a security flaw on android that doesn't require the "user" to install malicious software" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage

I did even better in posting ones regarding FLAWS IN THE ANDROID OS LINUX BASED KERNEL:

http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel [slashdot.org]

AND ones where they can install without user interaction:

http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps [slashdot.org]

APK

P.S.=> I still do NOT "get" HOW you can say I relied on Linux in the quote where you put up a quote from myself on minimum services you can get down to in Windows (where DNS client's not really even needed or recommended with larger custom HOSTS files)... that's NOT myself "relying on using Linux" as you stated & I quoted above!

... apk

Re:Blowing away your points (point-by-point) (1)

mSparks43 (757109) | more than 2 years ago | (#38506592)

What gave you THAT idea?
Blaster worm infected anyone connected directly to the internet(i.e.not going through a router- which ussually runs linux)with RPC active

Sure it is that nearly NOBODY uses Linux (on PC's & Desktops especially vs. Windows)

http://en.wikipedia.org/wiki/Google_platform [wikipedia.org]
http://www.computerworld.com/s/article/9116787/Wikipedia_simplifies_IT_infrastructure_by_moving_to_one_Linux_vendor [computerworld.com]
http://www.linuxtoday.com/developer/2010072300835NWHESV [linuxtoday.com]
etc. etc.

I did even better in posting ones regarding:
1.found and fixed before exploited in the wild.
2.Froyo = 2.2, now on 3.2

->I still do NOT "get" HOW you can say I relied on Linux

When you use the internet, you use much more than just the sinngle machine you are sat on. LAMP is the backbone of the modern internet.
The main reason for this is the security of linux systems. Facebook, for example, is a much higher profile target than you and your worthless windows machine with anything usefull disabled. IIS just never made the grade.

J6P uses windows, because its easy to support by vendors, and easy for the non tech savvy to use. But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux. This may be "transparent" (i.e. the lowly user never knows they used linux), but then same lowly user is unlikely to know where microsoft stops and where activivsion starts when they fire up that latest game they got for Christmas.

Re:Blowing away your points (point-by-point) (0)

Anonymous Coward | more than 2 years ago | (#38506820)

How'd I "depend on Linux" though? I wasn't solely using a firewalling router alone for security, per MOST of ALL of what I do, listed here that uses "layered-security"/"defense-in-depth" -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]

Linux also doesn't run "every firewalling router" under the sun out there... though it's useful there too (saves the oem costs too by using a "freebie" core OS for them, I'll give it that... which leads to my next point of course!)

You can post ALL THE STATS YOU LIKE about Linux usership/marketshare, but, it's common-knowledge that on PC's &/or Servers COMBINED, Windows "rules the roost" with almost 95% of the market!

Painful FACT is, where Linux does get used the most, is that it is NO COST - This is the ONLY reason it's used by so many websites (like any business, they often have to 'pinch pennies' in order to remain profitable & competitive... especially "smallish 'mom & pop shop'" type sites).

* Funniest part is how you're trying to "tell me how the internet works", & buddy? I strongly wager I was writing code + networking systems onto the net while you were still in diapers quite possibly (e.g. -> During the Atlanta Olympics in 1996 professionally for BellSouth, & all thru the 1980's whilst I was in academia using timesharing terminals from midranges &/or mainframes on *NIX systems + VAX machines!)

APK

P.S.=> It's also funny how you "abandoned" your statements here requoted in my last post too:

http://news.slashdot.org/comments.pl?sid=2586024&cid=38502472 [slashdot.org]

About how YOU stated that I didn't post any DIRECT Linux kernel level errors in ANDROID, & how things can install via malwares on ANDROID WITHOUT USER INTERACTION, despite your stating otherwise - I did, & it "silenced you" on that account... lol!

... apk

Re:Blowing away your points (point-by-point) (1)

mSparks43 (757109) | more than 2 years ago | (#38513254)

_P.S.=> It's also funny how you "abandoned" your statements here requoted in my last post too:

http://news.slashdot.org/comments.pl?sid=2586024&cid=38502472 [slashdot.org]

About how YOU stated that I didn't post any DIRECT Linux kernel level errors in ANDROID, & how things can install via malwares on ANDROID WITHOUT USER INTERACTION, despite your stating otherwise - I did, & it "silenced you" on that account... lol
_
So google and facebook are "nobody"?
Now that's a real ROFL!!!

You're the one who brought up Windows & desktop PC's, and hosts files, but still with no real explanation of wtf they have to do with Android, I was just pointing out that despite all the claims to the "contrary" using some "market share" metric, the simple fact is in real terms - i.e. what the internet actually gets used for, windows is a small fish in a large ocean, little more than a typewriter in the space age.

Going back to what I said earlier
"Linux is as secure as you make it"
i.e. sure there are problems, but nothing that has been seriously exploited that hadn't already been fixed.

"You cannot make windows secure"
i.e. Doesn't matter how hard you try, there will always be a significant number of flaws that are exploited before they are fixed.

My comment was never that Android doesn't have any security issues, it was just that many/most of these "supposed" security flaws you are posting are not "Android problems" or are "no longer a problem for Android".

Contined "fact-based ]nuking'"... apk (0)

Anonymous Coward | more than 2 years ago | (#38513658)

"Now that's a real ROFL!!!" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

Facts are facts: Like here, I posted them earlier with backing proofs & documentations from reputable sources, & I do so again here now below... simple. No laughs, just facts!

Case-in-Point (to something I posted you said I did not):

I did post a kernel level error security issue problem that's ANDROID has here -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel [slashdot.org] so, so much for your stating I did not. So yes, as you can see (or anyone else reading)? That's happened to ANDROID (& thus Linux too, since ANDROID's a Linux variant itself). I am up to 50++ security issues on ANDROID I posted (and can double it easily if you wish with more) also, & if those security issues, and they are? Then, clearly, they are occurring on ANDROID & are a problem there, no questions asked.

---

"You're the one who brought up Windows & desktop PC's, and hosts files, but still with no real explanation of wtf they have to do with Android" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

You can use HOSTS files for ANDROID for better speed, security, anonymity to a degree, & even bypass of restrictions online...

(ANDROID, again, is a Linux & has a BSD based IP stack - most all OS do nowadays).

Custom HOSTS files data for use are free & so is HOSTS itself (you have one already). Custom HOSTS file also unquestionably can yield faster websurfing, faster access to sites, safer surfing, & to an extent, more "anonymous" surfing (vs. DNS request logs) & bypass of restrictions (DNSBL).

They're simple to install there using ADB (Android Debugging Bridge) as follows, in not too "broad" of strokes:

Load ADB
Tether your smartphone to your PC
logon with appropriate rights (read/write @ very least)
Use the push command to transfer over your existing hosts file on ANDROID with new custom HOSTS file imported from your PC.

* Done... 4 steps, only a few minutes time, if that.

---

"Going back to what I said earlier "Linux is as secure as you make it" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

Same with Windows (or MacOS X too): You can "security-harden" them, & especially via "layered-security"/"defense-in-depth" procedures. An hour of time for decades of safer, faster, & better uptime.

---

"i.e. sure there are problems" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

I list many below. Did you even KNOW that SeLinux (which gives MAC capabilities to Linux for security) is a COPY/IMITATION of Windows NT-based OS since 1992 & the ACL concept? It is... a copy, but a needed one. Windows NT-based OS have been "Orange Book" certified as C2 level secure. Linux has not been since 1992.

More on that shortly, with security detail from documented respectable sources.

---

"but nothing that has been seriously exploited that hadn't already been fixed." - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

WTF? If the Linux sourcecode repository isn't serious, & the 5 CA's that secure SSL for online banking/ecommerce/shopping & such aren't serious, then I don't KNOW what is. Both were breached this year 2011, running Linux....

Also, beg to differ:

Linux's still got issues -> http://web.nvd.nist.gov/view/vuln/search-results?query=Linux+kernel&search_type=all&cves=on [nist.gov] that are HIGH severity, & unpatched for whatever reasons, even libs & apps others load too!

For you to say you cannot secure Windows is wrong - I've been doing it for decades, with testimonials from not only myself but also others who have also that you can far above how it's offered oem/stock & same with any OS.

Linux also has more in its base kernel outstanding unpatched security issues (remote ones too) -> http://secunia.com/advisories/product/2719/ [secunia.com] than Windows Server does http://secunia.com/advisories/product/18255/ [secunia.com] by nearly 5x, currently...)

---

"My comment was never that Android doesn't have any security issues, it was just that many/most of these "supposed" security flaws you are posting are not "Android problems" or are "no longer a problem for Android"" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

.
I posted 50++ so far, & I can post 50++ more if you like, & what you describe holds true for Windows, Linux, MacOS X, you-name-it. Many are due to apps on them, some due to libraries/dlls used, & web based exploits too. It can be stopped, IF you 'security-harden' a system & educate users to threats nature & how they work + what to do online to minimize the possibility of it.

Then I also show you more that are outstanding on Windows vs. Linux, & then you can judge from my sources (reputable ones).

---

""You cannot make windows secure"" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

Oh, I dunno about that: I seem to do a pretty good job & have online helping others to do so since 1997 (& for years before that on IRC circa 1994 onwards)...

To that effect, I posted verifiable written testimonials of others who've tried my methods ("layered-security"/"defense-in-depth" which others use as well, since it works, alongside user education especially vs. online threats). I can produce more testimonials like it, upon request IF you like.

---

"i.e. Doesn't matter how hard you try, there will always be a significant number of flaws that are exploited before they are fixed." - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage

Same with ANY Operating System, & I've put up specific Linux, vs. Windows comparison + TONS of ANDROID security exploits here (50++ so far, I have @ least that many more to go if you need them, lol).

WITH ONE IMPORTANT EXCEPTION: I have easy work-arounds that actually WORK vs. the outstanding ones listed @ SECUNIA.COM for Windows 7 &/or Windows Server 2008... can you say the same on your end for Linux & prove it? I can, easily...

Plus, lol?? I have 5x less to go thru than you do, lol, as Windows Server 2008 (the REAL "full" Windows) has 5x less unpatched security vulnerabilites vs. the base mainstream kernel of Linux alone!

(Mind you - That's NOT the entirety of what goes in a Linus distro either - Windows IS rated as a "distro-entire" for lack of a better expression here, & that's the BIG (& I do mean big) difference here too... put all the parts in a distro to that test? Linux's problems would be larger & multiply IF it were judged thus vs. Windows, & it'd be even WORSE off on that account!)

Lastly, I strongly suggest you read some of the sources above on outstanding security vulnerabilities unpatched to this day on Linux (from its base kernel to latest builds - remote unpatched bugs outstanding in 2.6) & re-evaluate that statement... especially vs. Windows Server 2008 R2.

APK

P.S.=> Face facts/truths I produced documented proof of: Overall on PC's & Servers (desktop to industrial) - Windows "rules the roost" in terms of marketshare... period.

I can just see the "mushroom clouds" over there, each time I post documented facts from reputable sources to disprove your claims... how do your words taste now that you have to eat them, point-by-point? ROTFLMAO...

"Here endeth the lesson"...

... apk

Re:Contined "fact-based ]nuking'"... apk (1)

mSparks43 (757109) | more than 2 years ago | (#38514196)

I did post a kernel level error security issue problem that's ANDROID has here ->

No you didn't, you posted a link to security issues which were:

Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes.

->fixed before they were exploited.

Yawn, must try harder.

"Fudging quotes" on your part now? Please... lol! (0)

Anonymous Coward | more than 2 years ago | (#38515938)

Adding words 2 others' quotes (that they never said)? Looks that way here from you:

"->fixed before they were exploited." - by mSparks43 (757109) on Wednesday December 28, @08:56AM (#38514196) Homepage

* Ahem: Can you show me the source saying EXACTLY that, which you allegedly quoted part of & seemingly ADDED THAT ONTO YOURSELF thus, showing you are now putting words into the source's mouth they may not have uttered @ all?

APK

P.S.=>

"No you didn't, you posted a link to security issues which were:" - by mSparks43 (757109) on Wednesday December 28, @08:56AM (#38514196) Homepage

This was the title of the article I used (says it all):

Serious Security Bugs Found In Android Kernel

From a /. article TITLE, no less, lol...

... apk

Re:"Fudging quotes" on your part now? Please... lo (1)

mSparks43 (757109) | more than 2 years ago | (#38517970)

This was the title of the article I used (says it all):
Serious Security Bugs Found In Android Kernel

You linked
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel [slashdot.org]

which is a summary of
http://www.techweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040 [techweekeurope.co.uk]
which says

Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.

Not my fault if you failed to RTFA.

Another 2011 Security Breach on Linux (recent) (0)

Anonymous Coward | more than 2 years ago | (#38518756)

That doesn't mean a THING: Anyone who knew them could've used the hack/crack in the Linux kernel problem (& you can bank on it those guys that "discovered them" aren't the only ones using them, or that know about them!) & that's assuming everyone's running a kernel build "proof" to those holes (no guarantees there)...

APK

P.S.=> Plus, the way Linux's been breached YET AGAIN in time for the year 2011, per my subject-line above no less... & to "close out" this year, + to add to my 2011 recent partial list of security breaches on numerous Linux servers (bad ones) I posted?

Well - We have yet ANOTHER LINUX SECURITY BREACH:

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed [slashdot.org]

And, what's that domain running? Yes kids, YOU GUESSED IT: Linux -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com [netcraft.com]

"Happy New Year" for Linux, eh? LMAO!

... apk

Re:Contined "fact-based ]nuking'"... apk (1)

mSparks43 (757109) | more than 2 years ago | (#38514260)

Oh, and the CA's and were breached using good old brute force attacks on ftp and sql servers.

Again, not Linux specific issues.

SERIOUS breaches occurred (on Linux servers) (0)

Anonymous Coward | more than 2 years ago | (#38516022)

"Oh, and the CA's and were breached using good old brute force attacks on ftp and sql servers." - by mSparks43 (757109) on Wednesday December 28, @09:02AM (#38514260) Homepage

Show for YEARS all the /. Penguin "FUD" of "Linux = Secure" is b.s. ... &, ANDROID does the rest!

Especially showing that once that 'security-by-obscurity' is taken away from Linux, not only does it get ABUSED ON SERVERS but, it gets MASSIVELY ABUSED on end user oriented devices like smartphones where it has a big marketshare!

(Where it's used most & allegedly staffed by "penguins that know what they're doing" & apparently DON'T, on servers too though? LMAO, please... make us laugh more!)

WORSE POSSIBLY THAN THE CA's for SSL (ecommerce/online banking/shopping etc.- et al)

Linux own sourcecode repository being breached! That's laughable... all that, in 2011! Man... lol!

APK

P.S.=> You lack the intelligence, facts, & technical wherewithall to get the best of me - accept it!

... apk

Depending on Linux 4 security (LSE)? (0)

Anonymous Coward | more than 2 years ago | (#38507222)

"But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux." - by mSparks43 (757109) on Tuesday December 27, @03:33PM (#38506592) Homepage

Oh, really? Ok, per my subject-line:

---

London Stock Exchange Web Site Served Malicious Ads:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

And, yes - they run Linux to do it -> http://uptime.netcraft.com/up/graph?site=www.londonstockexchange.com [netcraft.com]

(So much for "caring for security" because they didn't do a good job... hell, Linux ALSO FELL FLAT ON ITS FACE ONLY MINUTES INTO THE JOB RUNNING LSE THE 1st DAY ON THE JOB:

LINUX WENT DOWN 2x in LESS THAN 1 YEAR @ London Stock Exchange:2011 -> http://linux.slashdot.org/comments.pl?sid=1999478&cid=35231358 [slashdot.org]

Whereas, by way of comparison, the Accenture developed system that used Windows Server 2003 before it ran for 7++ yrs. before being replaced!)

---

AND OF COURSE, this much VERY CURRENTLY THIS YEAR IN 2011:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl [netcraft.com]

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811 [threatpost.com]

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?

You get the picture...

* TOP THAT ALL OFF W/ DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS, PER THIS ARTICLE (very recent):

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers [slashdot.org]

APK

P.S.=> Continuing the trend on ANDROID malware as well as I have been doing? Up to 56++ evidences now by this point with these 8 new ones to list:

http://mobile.slashdot.org/story/10/11/27/213219/Security-Expert-Warns-of-Android-Browser-Flaw [slashdot.org]

http://search.slashdot.org/story/11/02/18/005247/New-Android-Malware-Robs-Bandwidth-For-Fake-Searches [slashdot.org]

http://hardware.slashdot.org/story/11/06/16/2127255/New-Android-Malware-Attacks-Custom-ROMs [slashdot.org]

http://it.slashdot.org/story/11/01/29/1946202/New-Android-Exploit-Discovered-To-Steal-Data [slashdot.org]

http://slashdot.org/submission/1652720/More-Malware-Infected-Apps-Found-in-Android-Market [slashdot.org]

http://www.theregister.co.uk/2011/05/31/android_market_malware/ [theregister.co.uk]

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

http://thenextweb.com/google/2011/06/05/droidkungfu-android-malware-steals-sensitive-data-avoids-anti-virus-detection/ [thenextweb.com]

Once more - WOULD YOU LIKE MORE? I have plenty more where that came from, evidencing yet MORE security issues on ANDROID (a Linux variant)...

... apk

Re:Depending on Linux 4 security (LSE)? (1)

mSparks43 (757109) | more than 2 years ago | (#38513298)

Also
London stock Exchange woes were not Linuxs fault!
http://www.zdnet.com/blog/open-source/london-stock-exchange-woes-not-linuxs-fault/8358 [zdnet.com]

yet more "OMG someone using linux has problems - blame linux" FUD.

Facts are facts (con't. lol)... apk (0)

Anonymous Coward | more than 2 years ago | (#38513690)

LSE served exploits from LSE's London Stock Exchange website & the LSE running on Linux going down 1st minutes on job @ LSE, & then again too a 2nd time.

* You may not LIKE it, but facts, are facts - They did have problems in security & stability running Linux @ LSE, period/no questions asked.

APK

P.S.=> Fact: LSE had security AND STABILITY problems running Linux, right off the bat outta the starting gate ("plop", right on their noses, lol)... no questions asked!

... apk

Re:Facts are facts (con't. lol)... apk (1)

mSparks43 (757109) | more than 2 years ago | (#38514142)

Its pretty obvious why you want "no questions asked".

LSE served exploits from LSE's London Stock Exchange website

Thanks to 3rd party advertising code embedded in the old LSE website, no linux to blame there, just good old html.

LSE running on Linux going down 1st minutes on job @ LSE, & then again too a 2nd time.

Thanks to 3rd party windows machines not doing what they were supposed to.

Ooops, shoot. foot. self.

I guess next you'll be blaming some flood damage on operating system choice. I'm sure you can manage it somehow if you try hard enough.

Linux gets security breached (get over it) (0)

Anonymous Coward | more than 2 years ago | (#38515812)

Great security & stability there @ LSE running Linux, eh? NOT! Current information on that note I posted from this year (year end 2011) shows it's as vulnerable as any OS out there... & on the server front, where it's SUPPOSED to have "smart people" running it?? It's being breached there too mostly, lol, since nobody really uses it on desktops for the most part!

APK

P.S.=> The fact that security breaches of ALL KINDS occur on Linux & its variants is in STARK contrast to the YEARS OF FUD/LIES you heard on /. of "Linux = secure" when it's anything BUT that per those breaches happening, for whatever reasons... period!

... apk

Re:Linux gets security breached (get over it) (1)

mSparks43 (757109) | more than 2 years ago | (#38517478)

Current information on that note I posted from this year (year end 2011) shows it's as vulnerable as any OS out there..

which "note"?
vulnerable to what?

Linux has never had anything like Blaster, Zeusbot or any of the other myriad of worms that infest Windows machines on a daily basis, despite Linux machines being much higher value targets and connected to the web 24/7.

Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two.

You find a few examples of specifically targeted machines, which required hundreds of hours of computation time to breach, and use them as examples of how windows is just as secure, despite nearly every windows machine requiring milliseconds of computation time to pwn, while its doing nothing more than presenting a few badly drawn documents.

Comparable my arse, the security of Linux may not be perfect, never said it was, but in terms of network safety Linux is a Challenger tank with Trophy system and Windows is a bus full of Palestinian suicide bombers.

And all this is beside the point, that firstly, you haven't found a single exploited Android vulnerability; the best you can do is audit reports and fixes of unexploited vulnerabilities, or trojans bundled with other software which are easy enough to find and uninstall as to not pose a serious risk. And secondly, you have offered up no alternative to Android. iOS doesn't count because its useless to anyone who wants/needs to install anything homebrew, and the dire lack of security on windows phone
http://techcrunch.com/2011/12/13/security-flaw-in-windows-phone-7-5-kills-the-messaging-hub/ [techcrunch.com]
  is the least of its woes.

We know Linux security's imperfect (0)

Anonymous Coward | more than 2 years ago | (#38518636)

"the security of Linux may not be perfect, never said it was" - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

Don't worry - after what I posted, folks KNOW Linux's security's weak! Certainly weaker than all the YEARS OF FUD B.S. spouted around here of "Linux = Secure" bs & putting down Windows!

---

"Linux has never had anything like Blaster, Zeusbot or any of the other myriad of worms that infest Windows machines on a daily basis," - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

There's only 1 Linux system running for every 95 or so that run Windows... Linux doesn't do as much because of less users on it - thus, to "hacker/cracker" types looking for "easy-meat crowds", they attack Windows on PC's &/or Servers more (because more Windows machines are out there running the world than Linux ones).

However/Again - Once Linux DOES get used more than other platforms, ala smartphones? You see it gets "hit" as much as Windows does on PC's, perhaps more!

---

"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level.

APK

P.S.=> This is actually funny what I quote from you next:

"And all this is beside the point, that firstly, you haven't found a single exploited Android vulnerability" - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

Ahem: Learn to COUNT please, because in my previous posts I posted 64++ already:

Yes - Even ones in the ANDROID Linux kernel itself too, no less along with the repository for the Linux source being broken into + CA servers for SSL breached that run Linux on the Server level too!

(LMAO - Which you tried to "fudge a quote"/misquote, here http://news.slashdot.org/comments.pl?sid=2586024&cid=38515938 [slashdot.org] by adding in YOUR comments to it, & the source you quoted never stated that - LAME, low, & makes you like that way now)...

... apk

Re:We know Linux security's imperfect (1)

mSparks43 (757109) | more than 2 years ago | (#38519420)

Don't worry - after what I posted, folks KNOW Linux's security's weak!

You do realise you are posting on slashdot right?

There's only 1 Linux system running for every 95 or so that run Windows...

But every windows machine connects to at least 20 Linux machines a day, which is where your argument falls flat on its face.

I posted 64++ already

It's true you've posted lots of links to security firms fixing Android bugs before they were seen exploited in the wild. I'm still waiting for one that was found in the wild before it was fixed. I showed you one for windows;
http://techcrunch.com/2011/12/13/security-flaw-in-windows-phone-7-5-kills-the-messaging-hub/ [techcrunch.com]
Surely you can manage at least one?

Which you tried to "fudge a quote"/misquote, here http://news.slashdot.org/comments.pl?sid=2586024&cid=38515938 [slashdot.org] by adding in YOUR comments to it, & the source you quoted never stated that

Nope, that was still you failing to RTFA

I did post a kernel level error security issue problem that's ANDROID has here -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel [slashdot.org] [slashdot.org]

summary of
http://www.eweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040 [eweekeurope.co.uk]
says:

Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.

->fixed before they were exploited.

Must try harder

Up to 72 ANDROID sec. issues (see inside) (0)

Anonymous Coward | more than 2 years ago | (#38519768)

"You do realise you are posting on slashdot right?" - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage

The place where for YEARS penguins said "Linux = secure" & what I post shows it's ANYTHING but that? Sure, I do! You bet... lol!

---

"But every windows machine connects to at least 20 Linux machines a day, which is where your argument falls flat on its face." - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage

Linux users connect to many orders of magnitude MORE systems running Windows, because Windows is MORE WIDELY USED by a HUGE MARGIN... period!

---

"->fixed before they were exploited." - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage

YOU wrote that, not your source - they weren't & aren't the only guys that know how to exploit that KERNEL LEVEL SECURITY BUG IN ANDROID @ that time either (others did also). I mean, face it: Just because you publicly state you have discovered something, doesn't mean you're the first!

---

"It's true you've posted lots of links" - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage

That dealt in 64++ security vulnerabilities being present &/or exploited on ANDROID (a Linux variant) - you need more, thus, my p.s. below will have them (8 more, making the total now a 72:1 ratio vs. your "opinions", lol)

APK

P.S.=> Lastly - "continuing the trend" here, posting MORE ANDROID (a Linux variant) SECURITY BLUNDERS (72 by this point):

http://www.theregister.co.uk/2011/01/29/android_data_disclosure_bug/ [theregister.co.uk]

http://www.theregister.co.uk/2011/01/14/android_chinese_stealing/ [theregister.co.uk]

http://www.ft.com/cms/s/2/bf3d6002-452e-11e0-80e7-00144feab49a.html#axzz1FdlXHJmB [ft.com]

http://mobile.slashdot.org/story/10/12/30/1856242/Android-Trojan-Found-Spreading-From-Chinese-App-Stores [slashdot.org]

http://www.ibtimes.com/articles/137143/20110421/android-phones-track-users-movements.htm [ibtimes.com]

http://www.bangobang.com/2011/04/android-phones-are-no-more-protected.html [bangobang.com]

http://mobile.slashdot.org/story/11/02/23/1640252/Mobile-Spyware-Conferences-Into-Your-Calls [slashdot.org]

http://www.theregister.co.uk/2011/03/04/google_android_market_peril/ [theregister.co.uk]

Don't worry - I have PLENTY MORE where that came from, should you need even more...

... apk

Re:Up to 72 ANDROID sec. issues (see inside) (1)

mSparks43 (757109) | more than 2 years ago | (#38520754)

The place where for YEARS penguins said "Linux = secure" & what I post shows it's ANYTHING but that? Sure, I do! You bet... lol!

Just checking

Linux users connect to many orders of magnitude MORE systems running Windows

Nope, because you can't run services on windows without loosing security. Which is why you wrote that post saying shut them all down. Remember.

http://www.theregister.co.uk/2011/01/29/android_data_disclosure_bug/ ..proof-of-concept code...We've incorporated a fix

Fixed before exploited

http://www.theregister.co.uk/2011/01/14/android_chinese_stealing/ ...featuring pre-installed Trojans

APK in computers can run software shocker

http://www.ft.com/cms/s/2/bf3d6002-452e-11e0-80e7-00144feab49a.html#axzz1FdlXHJmB

have downloaded applications capable of taking over their phones

APK in computers can run software shocker

http://mobile.slashdot.org/story/10/12/30/1856242/Android-Trojan-Found-Spreading-From-Chinese-App-Stores

APK in computers can run software shocker

http://www.ibtimes.com/articles/137143/20110421/android-phones-track-users-movements.htm

APK discovers phones have GPS shocker

http://www.bangobang.com/2011/04/android-phones-are-no-more-protected.html ...could allow...

APK in computers may be able to run software shocker

http://mobile.slashdot.org/story/11/02/23/1640252/Mobile-Spyware-Conferences-Into-Your-Calls ..been working its way onto smartphones via alternative app marketplaces...

APK in computers can run software shocker

http://www.theregister.co.uk/2011/03/04/google_android_market_peril/ ..shows the pitfalls of Google's decision to make the operating system the Wikipedia of mobile platforms that offers apps written by virtually anyone...

APK in computers shouldn't run software shocker

Still waiting for just one that is a security problem in the wild rather than merely a vendor problem

one

Seriously, no point in running through an entire spybot S&D list, you'll find a hulluva lot more than 72 malicious apps.
just uninstall them (or don't install them in the first place), if you care that much.

Very different to getting a text message that bricks your phone, switching off text messaging not a viable alternative for mobile phone users methinks.

I never said shut ALL services down (0)

Anonymous Coward | more than 2 years ago | (#38521104)

Show me a direct quote of myself saying ALL services to be all shutdown (just ones you determine you don't need) anywhere I actually posted them (you need some of them)...

---

"Nope, because you can't run services on windows without loosing security." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage

Sure you can: Ever heard of SFTP? Secure FTP in other words & even 3rd party tools can do it, etc./et al... I never said once to SHUT ALL SERVICES DOWN, show me where I have where I haven't been impersonated (otherwords, someplace online other than slashdot, like in searching "HOW TO SECURE Windows 2000/XP" on Google/Bing for instance).

---

"Which is why you wrote that post saying shut them all down. Remember." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage

See subject line & start of this post earlier - show me where I ever said ALL about Windows Services & shutting them ALL down... we'll be waiting on this one just to laugh at some evasion or POSSIBLE impersonation attempt - gotta be those "troll strategies" @ this point, lol!

As an aside... The only way to DO it, easily enough, and... yes, you can?

Is to go to security policies @ ALL levels (group & local) & block the services logon entities per service right off from logging on as 'service' or other possible entities, lol... Yes - it works, and windows boots, runs quick, but you can't get online (other things stop too, but that I recall vividly & immediately getting out & doing F8 restart to "Boot to Last Known Good Configuration" as the result... lol!).

* Those other things you posted... lol, little question on that - QUESTION: Were those links you just reposted that I posted earlier - were those posts about Android?

A simple YES or NO answer is all that is needed/expected...

APK

P.S.=> "Here endeth the lesson"... Oh, lol, WAIT: Tell us more about the ping of death & IIS, lol -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590 [slashdot.org]

... apk

Re:I never said shut ALL services down (1)

mSparks43 (757109) | more than 2 years ago | (#38524060)

Sure you can: Ever heard of SFTP? Secure FTP in other words & even 3rd party tools can do it

ROFL
And you think Linux has a limited market share!

show me where I ever said ALL about Windows Services & shutting them ALL down...

here:

The only way to DO it, easily enough, and... yes, you can?

Is to go to security policies @ ALL levels (group & local) & block the services logon entities per service right off from logging on as 'service' or other possible entities, lol... Yes - it works, and windows boots, runs quick, but you can't get online (other things stop too, but that I recall vividly & immediately getting out & doing F8 restart to "Boot to Last Known Good Configuration" as the result... lol!).

:)

QUESTION: Were those links you just reposted that I posted earlier - were those posts about Android?

A simple YES or NO answer is all that is needed/expected...

I don't understand the question.

Partially quoting ME now? Please... (0)

Anonymous Coward | more than 2 years ago | (#38524934)

That doesn't say to "shut off all services" - only the ones you need to (quoting me partially doesn't 'cut it' either, because right before that, from my last post no less, it says this:

" (just ones you determine you don't need) anywhere I actually posted them (you need some of them)..." - by Anonymous Coward on Wednesday December 28, @07:10PM (#38521104) FROM -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38521104 [slashdot.org]

AND, the question I was asking was is if the systems I listed here that were breached here (any of the links I've been posting that dealt in ANDROID security issues, that's 72 of them by this point) were running Windows... & for you to simply answer it YES or NO.

APK

Re:Partially quoting ME now? Please... (1)

mSparks43 (757109) | about 2 years ago | (#38526374)

(just ones you determine you don't need)

I need all of them, else why would they be there?

if the systems I listed here that were breached here (any of the links I've been posting that dealt in ANDROID security issues

That's the point of
"APK in computers can run software shocker"

And on balance, so far they have all appear to be Apple paid up Fear, Uncertainty and Doubt (FUD). Designed to make people think being able to run their own software on computers is in some way a bad thing.

Take a lot more than "Chinese make nasty applications" to make me want to give up the right to decide what software is installed on my own hardware, that is about a bad a security risk (my security that is) as there is going.

I'm still waiting for one example of an "in the wild" security risk that is Android related, as opposed to some variant of "computers can run software shocker".

MS recognizes trimming services in Win8 (0)

Anonymous Coward | about 2 years ago | (#38526824)

YOU cannot produce a quote of myself saying "turn off EVERY SERVICE", now can you?

Even though you stated I have said that before - it's NOT true, & "putting words in my mouth" I never said! That's lame man... really lame.

---

"I need all of them, else why would they be there?" -

For anyone that requires their services, but... I have YET to meet anyone (person OR company) in nearly 2 decades now that needs EVERY service offered in Windows NT-based OS!

You need ALL of them? Again - I have YET to date in working with Windows NT-based OS since 1992 & the Windows NT 3.1 builds of that family of Operating Systems to see ANY individual (or corporate body even) need EVERY SERVICE offered in them (far more now than back then)...

Heck - Even Microsoft has changed their tune in Windows 8 to make services that are not needed (or working currently performing a task) STOP RUNNING when not in use, OR, not "autoload" @ all......

http://news.softpedia.com/news/Windows-8-Services-Loading-During-Boot-Have-to-Justify-Their-Existence-220200.shtml [softpedia.com]

PERTINENT QUOTE/EXCERPT:

"Larry Osterman, a Microsoft veteran, revealed that there are no unnecessary services loading during the Windows boot, and that even those that do load, are optimized to use as few resources as possible. Actually there are audits done every day within Windows (seriously) to ensure that no new services are added without thorough review. And every service that starts at boot has to justify its existance (I was on the team that did the service reviews back in Win7),â he stated. Every one of the services that was enabled at boot time in Win7 was required for some important scenario. And those services that are on the "autostart" list have their overhead pared down to a bare minimum. Several of the auto-start services (for example the audio endpoint builder service) whose default footprint is only a couple of hundred of kilobytes of virtual memory (and essentially no physical memory).â

---

* This gains performance, AND, stops something called "churn" (too many processes, especially uneeded ones, running take up time in the queue) in the scheduler subsystems too!

(I've been doing it for AGES, since 1996 in fact, in "trimming down" unneeded services, & it works... In fact, most recently? While I was over @ TechPowerUp.com in fact, a pile of us were doing benchmarks around 2006-2008 (ScienceMark) & I showed them how to increase their benchmarks by up to 20% by cutting out unneeded services that run by default... it worked!)

---

* Now, as far as the links I posted? They were ANDROID related, & showed security issues in it... no questions asked, but you're AFRAID to answer that correctly... why's that? LMAO, "we know"...

APK

P.S.=> YOU didn't ANSWER THE QUESTION: Were the 72 links here about ANDROID security problems, YES or NO...? apkb

Re:MS recognizes trimming services in Win8 (1)

mSparks43 (757109) | about 2 years ago | (#38531894)

YOU cannot produce a quote of myself saying "turn off EVERY SERVICE", now can you?

Not sure where you're coming from now, you're twisting yourself in knots. Presumably because you recently realised how lame disabling services is as a solution to all the security problems in those services.

Obviously my "turn them all off" was my reference to this, not that you said to literally disable every windows service (although this is the only way to make windows secure, hence my earlier comment about windows being little more than a typewriter in the space age).

They were ANDROID related, & showed security issues in it... no questions asked

No, so far you've posted (mostly) 70 odd links to one issue. The fact that you can install software on Android. (plus a few fixes during security audits)

Admittedly the iPhone doesn't have this security issue, because you can't install software on the iPhone, which is why Apple pays for so much FUD.

But that is one security issue I think most people are willing to live with, and really doesn't demonstrate "insecurity" issues with Android, since installing other peoples software is optional (unlike the iPhone).

Which brings us back to point, please find one remote code exploit seen in the wild on a stock, up to date Android phone.

That's "DOUBLETALK" b.s. from you... (0)

Anonymous Coward | about 2 years ago | (#38532676)

"Not sure where you're coming from now, you're twisting yourself in knots." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage

Ok - Did YOU say this, or not?? See here -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520754 [slashdot.org]

---

PERTINENT QUOTE:

"Nope, because you can't run services on windows without loosing security. Which is why you wrote that post saying shut them all down Remember." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage Journal FROM -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520754 [slashdot.org]

No getting around what you said "frozen in quotes" after all, & they ARE your OWN words, LITERALLY stating I said to "shut them all down" on services...

( & I do NOT like getting words put into my mouth anymore than you would were I to do THAT, to you!)

---

"Presumably because you recently realised how lame disabling services is as a solution to all the security problems in those services." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage

LMAO - it's FAR from "lame" & FINALLY? Microsoft's even going to put a variation of what I've been doing since around 1995 or so on Windows NT-based OS into Windows 8 (tuning for performance, & part of it's trimming off services you don't REALLY need!) - shut off services that aren't needed (they will do this in Windows 8, "automagically" without user intervention!).

MS knows it lessens CPU cycle usage, memory, & other forms of I/O (mainly in the scheduler, avoiding "process churn")... it works!

Yes - it's done MORE for performance' sake actually (saving RAM, CPU cycles, & other forms of I/O spent on services you DON'T REALLY NEED TO RUN (this varies by users' requirements), however - cutting off potentially vulnerable services can function for security also!

Ala this link even NOWADAYS on Windows 8 & services as an example of others besides myself doing it:

---

Windows 8 Services that can be disabled:

http://windows-8-theme.org/windows-8-services-that-can-be-disabled/ [windows-8-theme.org]

PERTINENT QUOTE/EXCEPT:

"Windows 8 by itself has many services that you may not need and are useless for your daily work. They slow your computer performance and are not needed."

---

"Obviously my "turn them all off" was my reference to this, not that you said to literally disable every windows service (although this is the only way to make windows secure, hence my earlier comment about windows being little more than a typewriter in the space age)." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage

It's FAR from "the only way to secure Windows"... far, Far, FAR FROM IT - in fact? I suggest you take a bit of time & read this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]

Because you'd see the things you can do to secure Windows, & SO WELL, that one gets testimonials from users who have like the ones I posted that showed a fellow going years (along with his customers no less, he's a tech) WITHOUT slowing down OR being infested by malware!

---

"Which brings us back to point, please find one remote code exploit seen in the wild on a stock, up to date Android phone." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage

I posted 72 links of problems on ANDROID (a Linux variant) that dealt in security issues (hacks/cracks, malware, & more), & if THAT's not good enough to illustrate what everyone KNOWS (that ANDROID & Linux aren't as 'secure' as was touted here for YEARS by Penguins) on ANDROID being "taken advantage of" by malware makers/hacker-cracker types online etc. because it's widely used on smartphones - & for the SAME REASONS Windows was for years: MORE USERS PRESENT TO VICTIMIZE!

APK

P.S.=> Hacker/cracker-malware maker types? They're JUST LIKE pickpockets - they DON'T go after "crowds of 1", not enough "ROI" to justify the creation of a malware when only a few folks use an OS (like Linux on PC desktops @ 1.19% marketshare)... however, show them an OS that's getting WIDELY used & by Non "geeks"? They'll be on it like "white on rice", because of the potential in victims to take monies from... this IS how it REALLY is too!

... apk

"Windows 8 by itself has many services that you may not need and are useless for your daily work. They slow your computer performance and are not needed."

---

Re:That's "DOUBLETALK" b.s. from you... (1)

mSparks43 (757109) | more than 2 years ago | (#38535198)

I posted 72 links of problem

And, afaics, not one of them pertains to a critical security flaw in Android.

Which means Android is, to date, more secure than both windows phone and the iPhone (who both have, and have had, critical remote code vulnerabilities exploited in the wild before they were fixed).

Case closed, no questions asked.

72 links of "good things" 4 Android, right? (0)

Anonymous Coward | more than 2 years ago | (#38536628)

"And, afaics, not one of them pertains to a critical security flaw in Android." - by mSparks43 (757109) on Thursday December 29, @10:52PM (#38535198) Homepage

Per my subject-line, then you must be blind - because they were NOT "72 good things" happening on ANDROID!

APK

P.S.=> Are you like somekind of "zealot" about Android/Linux that can't admit it's been "taken advantage of" by hacker/cracker/malware-maker types? You've GOT to be, because the 72 links I posted are about exploits galore of malware & the like on ANDROID happening (including a kernel level security problem too that was found)...

... apk

Re:72 links of "good things" 4 Android, right? (1)

mSparks43 (757109) | more than 2 years ago | (#38536870)

ROFL
not 72 links of good or bad things.

72 links of FUD, which is less than DoD certification and your inability to find a single one pertaining to a critical security flaw.

Simples.

_
I'd like to thank you, been an interesting discussion, before this I just considered Android to be the best of a bad bunch, "least worst option" so to speak, But you managed to convince me I was overly critical, and that actually Android has a pretty flawless security history.

Shame the same can't be said for the alternatives.

84 security issues on ANDROID now (0)

Anonymous Coward | more than 2 years ago | (#38537062)

Anyone that's not a deluded zealot's free to look @ the links I posted, & decide for themselves in these posts of mine as to whether these are "good things" going on with ANDROID (a Linux variant on smartphones) or not:

http://news.slashdot.org/comments.pl?sid=2586024&cid=38463414 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38488282 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495050 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495800 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38507222 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38519768 [slashdot.org]

APK

P.S.=> For "good measure"? Here's 12 more, sending the total up to 84 now:

http://news.slashdot.org/story/11/10/06/0118231/android-malware-using-blog-as-cc-server [slashdot.org]

http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/ [theregister.co.uk]

http://www.theregister.co.uk/2011/11/14/android_anti_virus/ [theregister.co.uk]

http://www.securityweek.com/new-android-trojan-masquerades-google-library-taps-device-administration-api [securityweek.com]

http://www.theregister.co.uk/2011/11/30/google_android_security_bug/ [theregister.co.uk]

http://mobile.slashdot.org/story/11/12/02/1637249/researchers-find-big-leaks-in-pre-installed-android-apps [slashdot.org]

http://www.theregister.co.uk/2011/12/12/android_market_malware/ [theregister.co.uk]

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/ [bgr.com]

http://blogs.cio.com/mobile-security/16704/android-app-permissions-may-spark-false-sense-security [cio.com]

http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android [slashdot.org]

http://www.theregister.co.uk/2011/12/22/android_trojan_maytyr/ [theregister.co.uk]

http://threatpost.com/en_us/blogs/fake-antivirus-scams-targeting-android-users-122911 [threatpost.com]

Re:84 security issues on ANDROID now (1)

mSparks43 (757109) | more than 2 years ago | (#38537596)

Certainly don't min double checking Android is the most secure, good of you to collate them for anyone who happens accross this thread..

http://news.slashdot.org/comments.pl?sid=2586024&cid=38463414 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38488282 [slashdot.org] [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495050 [slashdot.org] [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495800 [slashdot.org] [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38507222 [slashdot.org] [slashdot.org]

http://news.slashdot.org/comments.pl?sid=2586024&cid=38519768 [slashdot.org] [slashdot.org]

Already checked: No critical remote code exploits here
Others are mostly repeats of the same, but this, Dec 20th, is probably the best summary of the current state of affairs, deafening in its silence .

http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android [slashdot.org]

My short summary; up to Dec 20th this year, the only security risk Android suffers is the users of Android phones. And the only way to "fix" this is to not allow users to install custom applications on their phones which haven't been sanctioned by big brother.

I rarely use this meme, but it's always fun when I do.

APK in EPIC FAIL

84 links I posted = Security Issues on ANDROID (0)

Anonymous Coward | more than 2 years ago | (#38537818)

See subject-line: You just can't admit it, can you? Nope!

(Fact is, the 84 links I posted certainly WERE NOT "GOOD THINGS" HAPPENING ON ANDROID (a Linux variant), nor were they running on Windows either...)

* Some folks just can't accept facts - folks like you!

APK

P.S.=>

"APK in EPIC FAIL" - by mSparks43 (757109) on Friday December 30, @08:53AM (#38537596) Homepage

I failed nothing, but YOU on the other hand? Please - tell us MORE about "ping of death" & IIS, won't you? See here, lol -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590 [slashdot.org]

... apk

Re:84 links I posted = Security Issues on ANDROID (1)

mSparks43 (757109) | more than 2 years ago | (#38538050)

the 84 links I posted certainly WERE NOT "GOOD THINGS" HAPPENING ON ANDROID

I completely agree.

They were just "things".

tell us MORE about "ping of death" & IIS, won't you?

Windows = Don't care

mSparks43's "EPIC FAIL" on PingOfDeath (0)

Anonymous Coward | more than 2 years ago | (#38538146)

"They were just "things"." - by mSparks43 (757109) on Friday December 30, @09:40AM (#38538050) Homepage

The 84 links on ANDROID I posted were BAD things in terms of security for ANDROID - http://news.slashdot.org/comments.pl?sid=2586024&cid=38537062 [slashdot.org]

They also illustrate that once a Linux gets some marketshare (better than its 1.19% on PC desktops that is), it too, will be attacked the SAME WAY Windows has been for years!

(Simply due to being used a lot, & that's what malware makers/hacker-crackers target: A platform with MANY unsuspecting users on it, so they can steal their monies (mainly) online).

---

What was it YOU said to me? Oh, yes:

mSparks43 "EPIC FAIL" is next... lol!

"Windows = Don't care" - by mSparks43 (757109) on Friday December 30, @09:40AM (#38538050) Homepage

Oh, I truly KNOW otherwise, or you wouldn't have opened your mouth & inserted your FOOT into it as you did, here, on the "ping of death" -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590 [slashdot.org]

APK

P.S.=>

"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

Ahem: Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level, not IIS, & it was NOT UNIQUE TO WINDOWS @ all...

Read that much here:

http://en.wikipedia.org/wiki/Ping_of_death [wikipedia.org]

---

PERTINENT QUOTE/EXCERPT:

"This exploit has affected a wide variety of systems, including Unix, Linux, Mac, Windows, printers, and routers"

---

* You can quit "talking out your behind" now... lol!

... apk

Re:mSparks43's "EPIC FAIL" on PingOfDeath (1)

mSparks43 (757109) | more than 2 years ago | (#38539644)

In what way were they "BAD"?

Seems to me, if anything, being able to install software on your phone is a fairly useful thing, but mostly its just something you would expect in this day an age.

I can't believe you'd ask that! (0)

Anonymous Coward | more than 2 years ago | (#38541348)

"In what way were they "BAD"?" - by mSparks43 (757109) on Friday December 30, @12:05PM (#38539644) Homepage

Are you serious? Folks money, & personal info., identity, & even more stolen, getting tracked like branded cattle, & that's in addition to malware issues!

* Come on - I can't believe you asked that. You're kidding, right??

See - what I don't *think* you understand, is this: For MANY years since I've been coming here, /.'s got a "clique" of "Pro-*NIX" people who for years said things along the lines of:

"Linux = Secure, Windows != Secure"

Type stuff (even though they have 1% of the marketshare & thus, users on their platform, & thus are less of a desirable target to malware makers)... That's now showing itself to be a lie because once an OS starts getting used, especially by "the unwashed masses", even a Linux like ANDROID IS on smartphones (in other words, non-computer security gurus/techs etc.)? It'll get targetted for all those "not so nice" things happening... things you oddly can't SEE as "bad", which astounds me.

APK

P.S.=>

"Seems to me, if anything, being able to install software on your phone is a fairly useful thing, but mostly its just something you would expect in this day an age." - by mSparks43 (757109) on Friday December 30, @12:05PM (#38539644) Homepage

Even when it installs without a user's permission OR IS INSTALLED to track users before they own it? That's happened on ANDROID, a Linux variant!

Yes, despite all the "Linux = Secure, Windows != Secure" b.s. that flew around here for YEARS unchecked, & it's turning up to be a pile of "FUD" lies in light of what I stated above...

... apk

Re:I can't believe you'd ask that! (1)

mSparks43 (757109) | more than 2 years ago | (#38541876)

If they chose to install software that does all that, whats the problem?

We've already established there are no known remote code vulnerabilities to let such things get on there by accident.

Unlike any of the alternatives.

Problem = stolen money, personal info., & more (0)

Anonymous Coward | more than 2 years ago | (#38542182)

"If they chose to install software that does all that, whats the problem?" - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage

This bug in ANDROID 2.1 & below's what - users didn't INSTALL what took advantage of that bug in ANDROID to bypass "permissions" -> http://www.theregister.co.uk/2010/11/10/android_malware_attacks/ [theregister.co.uk] & again here too -> http://mobile.slashdot.org/story/10/11/14/0115255/android-holes-allow-secret-installation-of-apps [slashdot.org]

(The fact that stuff like that costs folks their money, personal info., privacy, & what-not along with other "woes" due to malware too, is bad!)

I also pointed out other kernel level errors that have occurred in ANDROID too -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel [slashdot.org] ...

There'll be more over time, count on it.

---

"We've already established there are no known remote code vulnerabilities to let such things get on there by accident." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage

Have we? I established gaining a remote shell on ANDROID's been done recently too, per this link:

http://viaforensics.com/security/nopermission-android-app-remote-shell.html [viaforensics.com]

In a way that bypasses permissions, and that perms system gives folks a false sense of security.

(The methods used are still present & will work up to IceCream Sandwich 4.0 on ANDROID to this day...)

If you're talking about remotely exploitable kernel bugs on the latest ANDROID? They'll show up over time if they're not present in latest builds (found yet is more like it). Give it time.

The point is not remote bugs only - it is the fact that ANDROID's turning up HIGHLY EXPLOITABLE!

That means Linux, of which ANDROID is part of that OS family, can be as well...

Despite all the "FUD" spread around here on /. that Linux = Secure etc., it was hiding for YEARS behind "security-by-obscurity" & ANDROID's the proof!

84 security problems I posted aren't lies & are widely known...

---

"Unlike any of the alternatives." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage

PC's are more securable than smartphones presently are.

Personally, though I think/feel smartphones are "cool" (in terms of having a puny screen I can't stand, they can do quite a bit, really a tiny PC in a way), they aren't measuring up on the security front yet... thus, I avoid their tech until it will (NOKIA user here, but not a "smartphone", just a mobile for now because of that).

APK

P.S.=> However, again: I *think* you miss my "main point" here, entirely - that's about Linux, what the "Pro-*NIX crew" around here was way, Way, WAY WRONG about, & security!

So, I am going to "Cut & Paste" it from my last reply to you once more:

For MANY years since I've been coming here, /.'s got a "clique" of "Pro-*NIX" people who for years said things along the lines of:

"Linux = Secure, Windows != Secure"

With ANDROID especially? That's now showing itself to be a lie!

(Linux users have 1% of the marketshare on PC's & that let them hide behind "security-by-obscurity" (no one targetting them because not enough users) & thus, less users on their platform = less of a desirable target to malware makers to justify effort for "ROI" on attacking Linux on a PC desktop!)...

I say that, simply because once an OS starts getting used, especially by "the unwashed masses", even a Linux like ANDROID IS on smartphones (in other words, non-computer security gurus/techs etc.)? It'll get targetted for all those "not so nice" things happening... just as ANDROID (a Linux variant) is seeing happen - just like Windows has for decades!

Things you oddly can't SEE as "bad", which astounds me

... apk

Re:Problem = stolen money, personal info., & m (1)

mSparks43 (757109) | more than 2 years ago | (#38542460)

You're right.

Windows has never even pretended it offered these permissions, guess that makes it much more secure.

Bless.

If only windows had sandboxing (you know, like linux and Android), at least then it wouldn't matter for windowz.

You need to learn more about Windows (0)

Anonymous Coward | more than 2 years ago | (#38542962)

You're "off" on both areas once more (ACL = Win vs. MAC = SeLinux for example):

"Windows has never even pretended it offered these permissions, guess that makes it much more secure." - by mSparks43 (757109) on Friday December 30, @04:18PM (#38542460) Homepage

Windows had ACL (access control lists) level permissions @ both machine, user, & group levels before Linux did (iirc, as far back as 1992) & has always been certified C2 "orange book" level secure (no OS I know of's every gotten an A, @ least afaik). For instance, the NTFS filesystem & Registry itself employ this. User/Group policies take care of the rest (@ the local system level OR domain level - this is where Windows excels, in "volume mgt." of LARGE LAN/WAN setups in fact, ease of use is good for it there).

Linux's MAC (mandatory access control) via SeLinux only came AFTER many years of Linux without it, & certainly after Windows NT-based OS had them...

* In other words, Linux didn't come that way in the original Linux & caught up to Windows a decade later (not for a decade++ in fact, & the NSA "bolted it on" around 2003-2004 iirc!

(THUS, what you speak of? It's a security-feature copied from Windows NT-based OS, but a needed imitation)).

---

"If only windows had sandboxing (you know, like linux and Android), at least then it wouldn't matter for windowz." -

It does though: Ever heard of "SandBoxie"? You can sandbox ANY app with it... that's 3rd party & free too!

Also, it has UAC "virtualization", isolating registry writes/reads to a SINGLE account, rather than system-wide (done via taskmgr.exe by default in the Processes tab & right click on process name).

Windows lastly has hypervisor tech via "Hyper V", where you can VIRTUALIZE an entire machine/OS &, baked into it also.

APK

P.S.=>

"You're right." - by mSparks43 (757109) on Friday December 30, @04:18PM (#38542460) Homepage

Usually am... thank you!

... apk

Re:You need to learn more about Windows (1)

mSparks43 (757109) | more than 2 years ago | (#38545624)

that's 3rd party & free too

lol.

Clutch at straws much?

You opened your mouth & inserted your foot (0)

Anonymous Coward | more than 2 years ago | (#38546704)

Hyper V (full sandbox of entire OS/machine) comes "baked in" natively & so does UAC Virtualization (registry virtualization) + SandBoxie can be used (driver-driven virtualization) for sandboxing aps, & is a freeware as I stated also...

* Any of them can be used for "sandboxing" apps, despite your stating Windows can't do it...

APK

P.S.=>

"lol. Clutch at straws much?" - by mSparks43 (757109) on Friday December 30, @11:02PM (#38545624) Homepage

Don't have to - You proved you're incorrect about some ideas you have about Windows & that because of that, your preconceived notions are wrong about it... apk

Re:You need to learn more about Windows (1)

mSparks43 (757109) | more than 2 years ago | (#38546296)

And, btw, I know everything about windows I need to know.

My main day to day machine is a fedora installation, been on fedora since 2004, and has never been compromised.

My laptop is a win7 machine, and has had to be reset to factory settings 3 times since I got it a couple of years ago, after it got some nasty infection that I could find no trace of to remove (found via networking logs @ the gateway), despite generally doing nothing on it but reading a few word documents and browsing the net.

Tells me all I need to know about windows security.

I'd already have nix on it, but some poor bastards are still stuck on legacy VBA stuff (despite it being a steaming pile of shite, and charging them 5 times as much to work with it) which afaik has no OSS alternative atm.

You don't know much about Windows (0)

Anonymous Coward | more than 2 years ago | (#38546734)

"My main day to day machine is a fedora installation, been on fedora since 2004, and has never been compromised. My laptop is a win7 machine, and has had to be reset to factory settings 3 times since I got it a couple of years ago, after it got some nasty infection that I could find no trace of to remove (found via networking logs @ the gateway), despite generally doing nothing on it but reading a few word documents and browsing the net." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage

This is indicative of you not knowing what the cause of your hassle was... because there's not a virus/trojan/spyware/malware-in-general OR rootkit I can't remove completely from a Windows machine... & fairly easily.

It's also indicative of the fact you're a "penguin" mainly who is biased but you don't know what you're doing on Windows because of your use patterns & "talking out your behind" earlier on sandboxing in Windows too... & being wrong on YOUR PART about it!

---

"And, btw, I know everything about windows I need to know." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage

I'd have to say no, personally... that also tells me, along with your misconceptions about Windows & sandboxing apps earlier here http://news.slashdot.org/comments.pl?sid=2586024&cid=38542962 [slashdot.org] , that you don't know as much as you think... & the paragraph above tells me you don't know that much about how to "security-harden" Windows...

---

"Tells me all I need to know about windows security.." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage

Tells me you don't know that much about it, if you couldn't figure out how to get rid of an infestation (or that you got one in the 1st place)...

APK

P.S.=> You fail to understand apparently that ANDROID is the 1st truly WIDELY USED Linux, moreso by "typical non-tech users" than any other Linux distro is in essence (albeit on smartphones, vs. PC desktops, but still makes my point):

Because of that, it's being targetted by malware makers (because it represents the "unwashed masses" & non-geeks/techs "@ the helm" of them, so that means "easy meat victims")...

Linux on PC desktops NEVER WENT THRU THAT, & thus, it was hiding behind "security-by-obscurity" & never put thru a "test of fire" for security...

However, on ANDROID it NOW is, and it's being torn up pretty good by a LOT of exploits (I posted 84 & there are far more than that) - proving that Linux is just as exploitable/vulnerable to the malware makers of today as Windows ever was in essence... apk

Re:You don't know much about Windows (1)

mSparks43 (757109) | more than 2 years ago | (#38546852)

& the paragraph above tells me you don't know that much about how to "security-harden" Windows...

  like I said before,
Windows = Don't care
  Its more that I can't be arsed "security-hardening" it
i.e.
I need my USB ports
I need the CPU and HDD cycles antivirus would use
I like flash animations
I like porn
I read lots of full featured PDFs

You should try running your windows machine with no antivirus on it for a bit, admittedly it won't last very long (unlike linux, but then secretly you know linux is more secure), but while it does you'll be amazed how snappy it really is.
much easier to use something that works "out of the box", and spend my time being productive, than learn how to actually make the piece of shit work, then just zap the nearly useless typewriter back to factory settings every time it breaks.

proving that Linux is just as exploitable/vulnerable to the malware makers of today

Saying that, when you have as good as acknowledged the only way they can get these "exploits" onto an android phone or linux is if you install them; click the "yes, please install this software from this chinese vendor I've never heard of" button, rather than the apple/windows phones, where anyone can do it without your knowledge, by remotely telling your phone(or windows) to install (or uninstall) malicious programs, shows you have absolutely zero understanding of security.

Because of that, it's being targetted by malware makers, Linux on PC desktops NEVER WENT THRU THAT

I agree, using a Linux Desktop is like living in the Garden of Eden, and using a windows desktop is lot like living in Detroit.

and it's being torn up pretty good by a LOT of exploits (I posted 84 & there are far more than that)

No, not "torn up", that's what happens when a windows machine visits porn sites.

More like lots of burglars asking politely if they can look after your house keys, just tell them no (which you can only do with Android/Linux), simples.

1/2 of keeping Windows clean is (0)

Anonymous Coward | more than 2 years ago | (#38547868)

"Where you go & what you do" - seriously: 1/2 of it's user education/saavy... the other 1/2 "tweaking" for security AND speed!

"like I said before, Windows = Don't care
Its more that I can't be arsed "security-hardening" it i.e.
I need my USB ports I need the CPU and HDD cycles antivirus would use I like flash animations I like porn I read lots of full featured PDFs"
- by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage

I do all of the above except for the "pr0n" part - I had a client/customer who had me 'security-harden' his Window system. He used to get LITERALLY 200++ viruses on it a month. I did the procedures outlined in my guides, & even his outdated no longer patched Windows 2000 system went down to only 1 virus, MAYBE, a month. He was the "worst of the lot" though, but even HE had his infestation rate go down (because other customers I had no longer got infected because of 2 of the guides' MAIN points - don't run javascript/java/plugins etc. indiscriminately everywhere you go, & don't visit disreputable sites) & don't take data from just "anyone", especially on USB sticks!

The "worst customer" in regards to the above though, would "break rules" like leave javascript on, & go to "pr0n" sites. Hence, his 1 maybe virus a month (down from 200++ a month)...

We cleaned him up as usual (removing any malware I have ever seen to date's not that bad, rootkits included, once you know the tools to do it with & my guide covers that too).

---

"You should try running your windows machine with no antivirus on it for a bit, admittedly it won't last very long (unlike linux, but then secretly you know linux is more secure), but while it does you'll be amazed how snappy it really is." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage

LOL, first of all - I don't "secretly know linux is more secure" because I know it's not (heck, refresh my memory - does it have ASRL for executable loads? How about DEP??)... & what shows me that more than anything (again)? ANDROID on smartphones! It's got its Linux heritage there, but is STILL BEING SERVED UP & EXPLOITED BY MALWARES & THE LIKE!

E.G.-> I keep my USB ports here, I watch FLASH stuff on YouTube all the time, PDF files are read here (when they come from reputable sources only though), & I make up CPU cycles on antivirus/antispyware programs by cutting off services I do NOT need but are on by default...

Trust me, I know ALL about this quote from you above on "windows being snappier"... & HOW to make it that way, in detail too!

---

"Saying that, when you have as good as acknowledged the only way they can get these "exploits" onto an android phone or linux is if you install them; click the "yes, please install this software from this chinese vendor I've never heard of" button, rather than the apple/windows phones, where anyone can do it without your knowledge, by remotely telling your phone(or windows) to install (or uninstall) malicious programs, shows you have absolutely zero understanding of security." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage

The last sentence is you trying to "put words in my mouth again that I never said" (like your 'secretly knowing linux is more secure' above)... please - cut that out. I don't do that to you (& you've done it before in this discussion)... & about me NOT UNDERSTANDING SECURITY on PC's & such? Well, I can put out a testimonial here from others that shows otherwise:

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60 [theplanet.com]

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from other users & sites online)

---

"I agree, using a Linux Desktop is like living in the Garden of Eden, and using a windows desktop is lot like living in Detroit." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage

Living in Detroit, lol... try where I am from - 3rd most violent crime ridden city in the USA last I checked... & that makes you tougher & more resilient to bad stuff in life (there is an "up side" to it)... just like in computing really!

That's the point I am making that since Linux on desktops WASN'T a target of malware makers, it never REALLY had to "get tougher" (though it did because Linus & the boys KNEW it was going to face attacks once it got a larger marketshare - lo & behold, on smartphones it's finally got one via ANDROID, & yes - it's being attacked & exploited, proving it's just as exploitable as Windows was on PC desktops, despite such hardening because the OTHER 1/2 OF SECURITY IS EDUCATING USERS vs. THREATS & AVOIDING THEM too... period!)

---

"No, not "torn up", that's what happens when a windows machine visits porn sites." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage

See the fellow above with the HOSTS file stuff? He was "the worst customer" of mine... I kept him OUT of those places via the custom HOSTS file I use, it did 99% of what HE needed (to be kept away from sites like that which you note now), & the rest was cutting off JAVA/Javascript on such sites (mostly in his case, he WAS honest about it too... I'll give he that much credit as well).

Like I said @ the outset/start of my reply to you - 1/2 of keeping Windows CLEAN, is steering clear of threats! Just common-sense really... I mean, for example? If I see a roaring fire going on in a house, doesn't mean I have to go "blindly rushing into it", in other words (steer clear instead = safer).

APK

P.S.=> And, there you go... apk AVOIDING THEM too... period!)

---

Re:1/2 of keeping Windows clean is (1)

mSparks43 (757109) | more than 2 years ago | (#38548102)

don't run javascript/java/plugins etc

but I use multiple plugins, and all the stock trading platforms I use run on javascript and java. Like I said "disable it" isn't a security answer, its a cop out for an insecure operating system.

Now, give me a read only OS, full featured, up to date, no activation, usb bootable installation of windows, like the linux live usb stick I carry round in my wallet for when I use other peoples machines (or just want to do something secure on the laptop), and we can talk.

Until then its linux all the way baby.

Use what U want, but U can't secure Windows? (0)

Anonymous Coward | more than 2 years ago | (#38548312)

You CAN secure Windows with about 1-2 hours of your time, with YEARS up secure, fast, & stable "uptime" as the result...

E.G.-> I've done it, many others applying my guides have (I offered you some testimonials to that effect above that you can verify)...

Your "bold statement" to that effect - you don't see ME saying "You cannot secure Linux" (or MacOS X, because even Apple does a guide for it in fact on their website beyond the stock oem setup of that OS from they by default), is a HUGE MISTAKE on your part:

Simply because I KNOW YOU CAN, with ANY OS, & using "layered-security"/"defense-in-depth" methods as I use them on Windows... it's doable!

---

"but I use multiple plugins, and all the stock trading platforms I use run on javascript and java. Like I said "disable it" isn't a security answer, its a cop out for an insecure operating system." - by mSparks43 (757109) on Saturday December 31, @10:19AM (#38548102) Homepage

Only disable java/javascript/plugins from RUNNING ALL THE TIME/EVERYWHERE on every site you go to, indiscriminately - that "cuts down" on infestation possibles HUGELY in & of itself...

So, go ahead - Use the tools you must, if you trust them especially, & to do your work/fun etc., but be cautious & judicious in their usage!

Simply because they are a "double-edged sword/razor" that "cuts both ways" for the GOOD (work/fun) or BAD (infestation by malware).

Pretty simple! I even state that in my guides - so, attempting to "put words in my mouth I never said" are again, your downfall here...

(Cut that out, it's killing you!)

---

"Now, give me a read only OS, full featured, up to date, no activation, usb bootable installation of windows, like the linux live usb stick I carry round in my wallet for when I use other peoples machines (or just want to do something secure on the laptop), and we can talk." - by mSparks43 (757109) on Saturday December 31, @10:19AM (#38548102) Homepage

You can do that, I have no issue with it, & I hope it serves you well... my point is simple though, based on your saying Windows cannot be secured - it can be, easily enough, with around 1-2 hrs. of time taken for YEARS of safe, secure, & faster "uptime" in the distance as a result!

(I even posted literal examples of others besides myself stating it with dates & longevity data in their replies to the effectiveness of the security guide for Windows I authored... & not only for themselves, friends & family but also for their customers too, experiencing the same!)

---

"Until then its linux all the way baby." -

Like I said above: Suit yourself/whatever works for you, but my point's simple - you said Windows can't be secured: ANY OS CAN BE... it takes some work, but they can be.

Secondly - you've attempted to "twist my words" on java/javascript/plugins etc. & my guides show CLEARLY otherwise as to my feelings on their usage (when/where/how much etc.) to keep safe (& they ARE a huge "disease vector" oft misused, no questions asked)... just be smart & judicious in their usage (because there's no reasons they cannot be misused vs. Linux as they have been for a decade++ now on Windows, & ANDROID shows anyone that much, plain & simple fact!)...

APK

P.S.=> I suggest you read my guides & the part about running java/javascript "all the time everywhere indiscriminately" (because there ARE TIMES you need them, such as database access for ecommerce sites/banking etc.)... unfortunately, they're a useful tool, like a razor is, but they can "cut you" too... apk

Re:Use what U want, but U can't secure Windows? (1)

mSparks43 (757109) | more than 2 years ago | (#38548934)

" YEARS of safe" less secure than read only @ the hardware level.

sorry. but that "can't secure" will stand as long as you can't install windowz on a read only file system, and no amount of disabling insecure services, tweeking round the edges, installing 3rd party addons or handing resources over to AV software will ever match it.

Don't have 2 get so extreme (Neither did others) (0)

Anonymous Coward | more than 2 years ago | (#38549054)

"sorry. but that "can't secure" will stand as long as you can't install windowz on a read only file system, and no amount of disabling insecure services, tweeking round the edges, installing 3rd party addons or handing resources over to AV software will ever match it." - by mSparks43 (757109) on Saturday December 31, @12:05PM (#38548934) Homepage

I don't need to do THAT though... lol, layered security + smarter surfing practices does it for me AND others!

(E.G.-> Neither did the folks who I put up as testimonials (that obeyed my security guide for Windows points TO THE LETTER exactly))...

* HOWEVER: I actually DO use a "read-only" environs to combat rootkits (Recovery Console from the Windows install media & its LIST, & DISABLE commands (along with FIXMBR))...

( &, it works, + even against the latest rootkits it has - good solid technique based on read-only environs is why!)

You saying Windows cannot be secured though? Hey - wrong... I don't go saying THAT about Linux &/or MacOS X though - I truly KNOW better's why!

APK

P.S.=> There you go... See - as was the case in the testimonials I posted: Most folks don't NEED to even do THAT cleaning technique once they follow my guides TO THE LETTER

(Again, see the testimonials I put up verbatim quoting THRONKA, & not only for themselves, but also their friends, families, & EVEN CUSTOMERS (noob ones too, once you 'enlighten them' on what to avoid & when to do things online, where, & when not to & where))... apk

Re:Don't have 2 get so extreme (Neither did others (1)

mSparks43 (757109) | more than 2 years ago | (#38550820)

* HOWEVER: I actually DO use a "read-only" environs to combat rootkits (Recovery Console from the Windows install media & its LIST, & DISABLE commands (along with FIXMBR))...

you do realize I was being serious about that "typewriter" comment don't you.

You have used:
http://fedoraproject.org/wiki/FedoraLiveCD [fedoraproject.org]

Stay as close to a normal desktop install wrt. features

or something similar?

No I didn't use *NIX (I used Recovery Console) (0)

Anonymous Coward | more than 2 years ago | (#38551726)

I use Windows' own RECOVERY CONSOLE (& it's fixmbr, listsvc, & disable commands) to "knock-the-chocolate" of the "allegedly indestructable rootkit" from a few months ago & it works!

E.G.-> Bootup from read-only install media for the RC boot option, then fixmbr clears the contaminated bootsector, & listsvc id's any bogus services &/or DRIVERS it uses, & disable knocks out the bogus bootsector protecting drivers...

For that "design" of rootkit (this is the worst kind, "blended threat" type that uses bogus bootsectors & drivers to protect it)?

It works to kill & clear them.

APK

P.S.=> Typewriter stuff you said - well, apparently you think of 1 of your systems that way & just reset to defaults (this loses setup customizations & potentially data users have also)...

Whereas, by way of comparison?

My way CLEANS IT RELIABLY & thoroughly + preserves the existing setup, customizations & all, because it IS the original setup!

(Especially easy vs. rootkits too, if you have driver ID's, which places like Symantec do for techs such as this one on the "indestructible rootkit" & others like it!)

E.G. -> Search this on GOOGLE/BING -> w32_duqu_the_precursor_to_the_next_stuxnet.pdf , & you'll see what I mean - gives a complete 'breakdown' of the drivers that duqu uses for example & it's updated regularly too!)

... apk

Re:No I didn't use *NIX (I used Recovery Console) (1)

mSparks43 (757109) | more than 2 years ago | (#38552152)

Assuming we've given up on Android for now.

The point you were arguing against is
Linux is as secure as you make it (up to "impenetrable, read only)

you can't make windows secure (since it has no read only full desktop option).

you are talking about "cleans reliably", No need to clean a linux "live" install, because once configured to your liking, its impossible to write malicious software to it in the first place.

Why waste time trying to secure a substandard (not least due to no multiple desktops) OS, when a simple reboot is all you need to guarantee the OS is secure.

I just can't see how you can begin to believe it's comparable, not only are you less likely to get hit by malicious software day to day (even if that is purely because there are less burglars asking for the keys, although it seems to me its also much more than that), but if you really need it (dealing with very high value trades, for example), you can use an identical, completely secure & impenetrable OS, on any machine that will let you boot from USB.

(this loses setup customizations & potentially data users have also)

nope, you make the customisations before committing it (e.g. adding truecrypt capabilities) to usb,
and as per the earlier link:

Current features:
8.Data persistence

Does this mean you are comparing to linux without actually having used it in any serious manner?

shame on you.

Tell us about "ping of death" please (lol) (0)

Anonymous Coward | more than 2 years ago | (#38520590)

"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage

Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level, not IIS, & it was NOT UNIQUE TO WINDOWS @ all...

Read that much here:

http://en.wikipedia.org/wiki/Ping_of_death [wikipedia.org]

---

PERTINENT QUOTE/EXCERPT:

"This exploit has affected a wide variety of systems, including Unix, Linux, Mac, Windows, printers, and routers"

---

* You can quit "talking out your behind" now... lol!

APK

P.S.=> Just like you do about others that have things YOU haven't done or that you could produce proof of that you had:

---

1.) Degrees they earned (myself)

2.) From GOOD schools (ones you said were "shitty" & yet rate #18 on top schools, & in the northeast US where the BEST schools are no less, as well as a "best buy" TOP 10 placement too)

& you try to belittle that!

3.) You also try belittle accomplishments others have in computer sciences areas (you do not yet again)

---

HOWEVER, as-per-your-usual?

Facts from reputable sources PUT YOU AWAY, & make you evade posting proofs you've done the same yourself (evasions galore on THAT account)...

Yes, no questions asked:

YOU like to "talk out your ass", but you've never done what you put down when you talk, no doubt about it!

... apk

Re:OPEN "SORES" SECURITY = oxymoron (0)

Anonymous Coward | more than 2 years ago | (#38465296)

Geez... See what you've done, Toast...

apk, I can see you have a hard-on about Gnu/Linux, Android, and anything resembling Open Source.

What I don't see is some balance between your obvious obsession, and Microsoft products that also have had 15+ years of security issues, the latest being the HTML tag that crashes Win7 64 bit.

Damn, now I'm feeding the trolls.....

I merely post facts to back my statements (0)

Anonymous Coward | more than 2 years ago | (#38465542)

After hearing yrs. of /. penguins & "Linux = secure, Windows != secure" & the data on android that keeps coming in my posts isn't weakening my case.

* I merely state facts when asked for them... plenty more where that came from too! Here are 8 more (making my total @ this point 25 already in my posts here now up to this one):

http://nakedsecurity.sophos.com/2011/09/16/spyeye-targeting-android-users-zeus-strategy/?utm_source=Non-campaign&utm_medium=eNews-newsletter&utm_campaign=eNews-NL-20110912 [sophos.com]

http://www.networkworld.com/community/blog/android-traveling-texts [networkworld.com]

http://www.theregister.co.uk/2011/09/15/android_malware_skyrockets/ [theregister.co.uk]

http://www.wired.com/gadgetlab/2011/08/android-malware-explodes-ios-remains-safe/ [wired.com]

http://www.theregister.co.uk/2011/02/17/android_trojan_click_fraud_scam/ [theregister.co.uk]

http://www.theregister.co.uk/2011/02/07/difference_between_smartphones_and_superphones/ [theregister.co.uk]

http://www.theregister.co.uk/2011/06/01/android_trojan_rash/ [theregister.co.uk]

http://blogs.computerworld.com/17355/zombies_and_angry_birds_attack_mobile_phone_malware [computerworld.com]

---

* Continuing the trend via continuous data in each of my replies to "naysayer trolls" (especially the AC ones), in proofs of ANDROID security issues over time... 25++ & counting thusfar!

APK

P.S.=> I have 25++ recent issues regarding ANDROID (a Linux variant) security problems as of THIS post... Would you like more?

... apk

Re:OPEN "SORES" SECURITY = oxymoron (0)

Anonymous Coward | more than 2 years ago | (#38472786)

U know u made strong points if you got modded down n all troll replies.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...