Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers 'Map' Android Malware Genome

Soulskill posted more than 2 years ago | from the nefarious-base-pairs dept.

Android 67

yahoi writes "Researchers at NC State are sharing their analysis and classification of Android malware samples under a new project that they hope will help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products. Xuxian Jiang, the mastermind behind the Android Malware Genome Project, says defenses against this malware today are hampered by the lack of efficient access to samples (PDF), as well as a limited understanding of the various malware families targeting the Android. The goal is to establish a better way of sharing malware samples and analysis, and developing better tools to fight it, he says."

cancel ×

67 comments

Sorry! There are no comments related to the filter you selected.

Funny how things work out (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40081981)

Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it? Embarrassed yet?

Lemme guess (3, Funny)

Taco Cowboy (5327) | more than 2 years ago | (#40082007)

The malware genome points to Java ?

Re:Lemme guess (4, Funny)

binarylarry (1338699) | more than 2 years ago | (#40082157)

I don't see slow in there anywhere...

Re:Funny how things work out (2)

rampant mac (561036) | more than 2 years ago | (#40082215)

" help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products. "

"Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it?"

Yep, came here to basically say the same thing. I can't believe my phone would need a virus scanner. What's next? Android Security Essentials 2012?

Re:Funny how things work out (2)

Shavano (2541114) | more than 2 years ago | (#40082367)

Virus scanners like they have on Windows would destroy the platform. Phones don't have unlimited battery to throw at security.

Re:Funny how things work out (4, Interesting)

ozmanjusri (601766) | more than 2 years ago | (#40083113)

When you strip the anti-malware vendor hype away, the threat's a lot smaller than most people realise.

Some of the biggest "infections" weren't really malware at all. Kindsight Security Labs Malware Report for Q1 2012 says:

Without Plankton/Apperhand (no longer classified as malware) included in the infection statistics, mobile device infection has actually leveled off in the first quarter of 2012. We believe that this trend in mobile device infections will not last as the target is too tempting to hackers

http://www.kindsight.net/sites/default/files/Kindsight_Security_Labs-Q112_Malware_Report-final.pdf [kindsight.net]

Re:Funny how things work out (2)

ozmanjusri (601766) | more than 2 years ago | (#40082855)

I can't believe my phone would need a virus scanner. What's next?

Depends how firm a grip you have on reality.

In the first half of 2011, the lion share of malware was once again written for Windows systems.

Only one in two hundred and fifty malware programs is not a Windows program file. The proportion of classic Windows program files (Win32) continues to drop. However, .NET programs (MSIL) compensate for this loss of 0.3% and the overall share of Windows malware programs is on the rise.

1 Win32 1.218.138 97,8 %
2 MSIL 21.736 1,7 %
3 WebScripts 3.123 0,3 %
4 Scripts 832 0,1 %
5 Mobile 803 0,1 %
6 Java 313 7 *ix 4 233 8 NSIS 131

http://www.gdatasoftware.co.uk/uploads/media/G_Data_MalwareReport_H1_2011_EN.pdf [gdatasoftware.co.uk]

Re:Funny how things work out (0)

Anonymous Coward | more than 2 years ago | (#40082225)

Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it? Embarrassed yet?

wake me up when drive-by download+installation IE-style happens on Linux. oh also wake me up when the average Android user becomes as skilled as the average GNU/Linux user.

Re:Funny how things work out (1, Flamebait)

Shavano (2541114) | more than 2 years ago | (#40082419)

Wake me up when another Linux variant runs on my phone and doesn't have the same vulnerabilities as Android.

Re:Funny how things work out (1)

Calos (2281322) | more than 2 years ago | (#40082607)

And which vulnerabilities are those?

I was under the impression that most Android malware was of the trojan variety. It doesn't exploit any vulnerabilities in Android, it exploits the users' stupidity. Things you download from the market list the permissions. If a wallpaper app wants access to your accounts, SMS, contacts, phone ID, etc., you install it at your peril.

I'm sure there are other vulnerabilities. But as far as I'm aware they are in the minority. Could be wrong.

Re:Funny how things work out (1)

Shavano (2541114) | more than 2 years ago | (#40082983)

Wy bothter to exploit anything else when you can get the user to download and install your shit?

Re:Funny how things work out (1)

Calos (2281322) | more than 2 years ago | (#40083055)

Yeah, that's pretty much how it works.

That's why I was questioning why you wanted to be [woken] up when another Linux variant runs on [your] phone and doesn't have the same vulnerabilities as Android. The two notions are incongruent. That's why I was asking about specific vulnerabilities, because I wasn't aware of it really being an issue.

And which vulnerabilities are those? (0)

Anonymous Coward | more than 2 years ago | (#40089817)

"I was under the impression that most Android malware was of the trojan variety"

Microsoft Researcher produces a report on 'Android` malware, well who would have thought?

Re:Funny how things work out (-1)

Anonymous Coward | more than 2 years ago | (#40082659)

On point #1, it's been done a long time ago. On Linux I'm sure, but here is the video of drive-by 0wnage on Android since that's what we're talking about:
http://partners.immunityinc.com/movies/Lightning_Demo_Android.zip

Re:Funny how things work out (0)

Anonymous Coward | more than 2 years ago | (#40083415)

Caution: Don't open that link on a Windows machine.

Re:Funny how things work out (1)

Deorus (811828) | more than 2 years ago | (#40084235)

Haven't been using Linux for long, have you? I've had such things happen to me in the past, they were just targeted at Windows, but that didn't stop files named like c:\playerhost.dll from ending up in my home directory, on Linux. I guess you can say that I was saved by Linux's lack of popularity on the desktop, nothing else.

You can claim that many of those vulnerabilities are gone now that Adobe has stopped developing Flash for Linux (as well as for mobile platforms), that address spaces are randomized, that compilers have evolved to generate hardened code by default, and that x86 now supports non-executable pages within code segments, but that's not always been the case, and if you're going to judge Windows for what it was, what it did, and what it does, then at least be unbiased in your judgement.

I was saved by Linux's lack of popularity? (1)

dgharmon (2564621) | more than 2 years ago | (#40089641)

"didn't stop files named like c:\playerhost.dll from ending up in my home directory, on Linux. I guess you can say that I was saved by Linux's lack of popularity on the desktop, nothing else".

No, you couldn't say that, how playerhost.dll got onto your home directory was you saved it there. And even if it was a Linux executable you would still have to perform a numbr of steps to get it to run, as well as supply the root password.

"You can claim that many of those vulnerabilities are gone now that Adobe has stopped developing Flash for Linux"

That's news to me, ..

'Download Adobe Flash Player
Adobe Flash Player version 11.2.202.235
Your system: Linux 32-bit, Firefox
` link [adobe.com]

Re:I was saved by Linux's lack of popularity? (0)

Anonymous Coward | more than 2 years ago | (#40090539)

IANASR, but for a start, just like with any other OS you don't need root password for many useful (from malware author viewpoint) things, like keylogging, uploading your personal data or spamming. Unless most linuxes started hardening acess restrictions usnig SELinux and whatnot, like forbidding network access for non user approved applications, it still works great. Root access is mostly needed for hiding the malware from detection, with added benefit of ability to spy on every user on multiuser system. Latter part is not really important for usual targets of malware, home users.

My guess is getting it to run wouldn't be really a problem for dedicated attacker, something like planting .xprofile along with your executable would do the trick.

So, given possibility of drive-by download, only things stopping dedicated Linux malware is unprofitability of targeting home Linux users. It would probably be noticed and stomped out faster as well, given higher average tech smarts of Linux users.

Oh, and "Adobe has stopped developing Flash for Linux" probably referred to this [adobe.com] (tl;dr: new major Flash versions will be PPAPI only, bundled with Chrome, older versions are getting security updates for 5 years)

Re:I was saved by Linux's lack of popularity? (1)

Deorus (811828) | more than 2 years ago | (#40094959)

No, you couldn't say that, how playerhost.dll got onto your home directory was you saved it there. And even if it was a Linux executable you would still have to perform a numbr of steps to get it to run, as well as supply the root password.

No, I did not save it there, notice the name "c:\playerhost.dll", it was clearly saved by an exploit to the browser or a plugin running on it (most likely Flash). Also, where the hell does your idea that root is needed in order to run executables come from?

Regarding Flash losing support on Linux, I may have been misconceived as I might have gotten it confused with Adobe AIR.

Re:Funny how things work out (1)

symbolset (646467) | more than 2 years ago | (#40083637)

Oh, we're not done with that one yet.

Re:Funny how things work out (1)

Anonymous Coward | more than 2 years ago | (#40083841)

Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it? Embarrassed yet?

Did something change? Windows is still the cesspool of malware and virus laden applications and it's responsible for most of the world's SPAM. It's also the preferred OS of Bots. It's so full of holes they need to release patches for it every week just to keep up with all of the zero days found.

Re:Funny how things work out (1)

RaceProUK (1137575) | more than 2 years ago | (#40085439)

Remember how Slashdot spent 10+ years mocking Windows for being a malware-laden cesspool of unremovable OEM junkware with an antivirus industry built around it? Embarrassed yet?

Did something change? Windows is still the cesspool of malware and virus laden applications and it's responsible for most of the world's SPAM. It's also the preferred OS of Bots. It's so full of holes they need to release patches for it every week just to keep up with all of the zero days found.

All because Windows has over 90% market share.

If OSX or Linux had the same market share, then they'd see the vast majority of malware instead.

Amen: Hahaha to FUD spreading "/. 'Penguins'" (0)

Anonymous Coward | more than 2 years ago | (#40089947)

How's it feel knowing that ur YEARS of "FUD" b.s. is crumbling around ur ears, boys?

Question: What's it LIKE being known as a pack of utter bullshit artists online now, & especially after a DECADE OF SOLID CRAP along the lines of "Windows != Secure & Linux = Secure" horseshit... hmmm??

I knew the day would come when Linux (or variants like ANDROID) would take "top spot" on SOME computing platform (in this case, smartphones) & get "NUKED" as badly as Windows does due to its MASSIVE DOMINANCE of the combined PC & Server world... well, that's day's here on ANDROID (a linux) on smartphones).

It's simply because malware makers in general are JUST LIKE PICKPOCKETS, & go where the "easy meat victims" are, which IS where "the masses" go. They get better "ROI" for their creation of their bogus machinations that way... just like shooting ducks in a pack in the sky.

Of course, I have to "toss this in" also for "good measure" as well from 2011-2012 (which ALWAYS gets "downmodded", facts in it OR NOT):

2012:

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444 [zdnet.com]

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov [netcraft.com]

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov [netcraft.com]

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com [netcraft.com]

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware [slashdot.org]

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch [slashdot.org] , & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers [slashdot.org]

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach:

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach [slashdot.org]

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl [netcraft.com]

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811 [threatpost.com]

---

The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed [slashdot.org]

What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com [netcraft.com]

---

Phishers/Spammers FAVOR attacking LAMP: (Linux, Apache, mySQL, PHP)

http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]

PERTINENT QUOTE/EXCERPT:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey. Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers"

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?

* You get the picture...

APK

P.S.=> Linux Security Blunders DOMINATE in 2011-2012, despite all /. "FUD" for years saying "Linux = SECURE" (what "b.s."/FUD that's turning out to be, especially on ANDROID where it can't hide by "security-by-obscurity" anymore & is in the hands of non-tech users galore - & EXPLOITS ARE EXPLODING ON ANDROID, nearly daily)

... apk

Wow, could you imagine... (1)

freeweaver (2548146) | more than 2 years ago | (#40082043)

the size of a Windows map?

In fact, I don't think there's a super computer capable of mapping it.

Re:Wow, could you imagine... (1)

Anonymous Coward | more than 2 years ago | (#40082103)

Not only is your attempt to distract from Android malware criticism lame, it's not even accurate, as PC usage today is dwarfed by smartphones and tablets. So it would be Android's that is bigger...

Re:Wow, could you imagine... (0)

Anonymous Coward | more than 2 years ago | (#40082265)

it's not even accurate, as PC usage today is dwarfed by smartphones and tablets

[Citation needed]

There's a lot of new smartphones and tablets sold, but there's still almost ten times as many PCs as there are smart mobile devices, and they are still mostly Windows - at least judging by all browser share counters, just check "Mobile vs Desktop" stat at any of them.

Re:Wow, could you imagine... (2)

DarwinSurvivor (1752106) | more than 2 years ago | (#40082409)

If you are going to demand a citation, your rebuttal better damn well include one! I'm not saying I dissagree, but your arrogance is definitely showing.

Re:Wow, could you imagine... (1)

causality (777677) | more than 2 years ago | (#40082919)

If you are going to demand a citation, your rebuttal better damn well include one! I'm not saying I dissagree, but your arrogance is definitely showing.

Eh I don't know. He countered an assertion with another assertion. While he could have invested a trivial amount of effort to do much better, nonetheless they remain on equal ground.

This is speculation, but perhaps that was the point?

Re:Wow, could you imagine... (1)

similar_name (1164087) | more than 2 years ago | (#40083503)

For your convenience Windows vastly out numbers other operating systems either by market share [hitslink.com] or by usage [wikipedia.org] .

Sourced from first hits (at least for me) on searches for operating system market share [google.com] and operating system by usage [google.com] respectively.

Re:Wow, could you imagine... (1)

symbolset (646467) | more than 2 years ago | (#40083663)

Here's an interesting article from last year: Microsoft admits that one in fourteen downloads are Windows malware. [zdnet.com]

I would say Android is a long way from having anything like this sort of problem.

Re:Wow, could you imagine... (1)

symbolset (646467) | more than 2 years ago | (#40083787)

Bonus link [fox2now.com] .

Re:Wow, could you imagine... (1)

ozmanjusri (601766) | more than 2 years ago | (#40083283)

Latest stats say last quarter Apple activated between 613,979 to 692,551 iOS devices per day, Android activated around 700,000/day, while Windows 7 averages out at about 650,000 licenses sold per day. All those numbers are questionable (for differing reasons), but are likely to be ballpark-close.

Windows would have a much bigger installed base, since it's been on the market longer.

http://techcrunch.com/2011/09/13/microsoft-sold-450-million-copies-of-windows-7/ [techcrunch.com]

Re:Wow, could you imagine... (0)

Anonymous Coward | more than 2 years ago | (#40083855)

Android is up to 850,000 and nearing a Million per day.

Trans Europe Express (-1)

Anonymous Coward | more than 2 years ago | (#40082135)

Is it some sort of railline to Siberia? Is Siberia in Europe? Is Russia in Europe? Is Siberia in Russia? Why is Europe so hard to spell? Why are you reading this? Don't you have a life?

Re:Trans Europe Express (0)

Anonymous Coward | more than 2 years ago | (#40083535)

Who says I'm reading?

Apple's closed system (4, Insightful)

grantspassalan (2531078) | more than 2 years ago | (#40082211)

Why is it that there is no malware for IOS? There are millions of these devices out there, so there certainly is an incentive for malware writers.

I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

Re:Apple's closed system (4, Interesting)

Charliemopps (1157495) | more than 2 years ago | (#40082315)

Apple is using that same control to prevent you from scanning for viruses...

http://www.forbes.com/sites/timworstall/2012/05/22/apple-wont-let-kaspersky-develop-tools-for-ios/

Re:Apple's closed system (1)

grantspassalan (2531078) | more than 2 years ago | (#40082697)

So what, if there are no viruses, why does anybody have to scan for them? The only ones being harmed by Apple's business model of this closed system, are the developers of antivirus software. In the new OS X 10.8 OS, users who desperately want to install any software whatsoever, including a virus or Trojan, can still deliberately do so.

Re:Apple's closed system (1)

symbolset (646467) | more than 2 years ago | (#40083671)

Exactly. If you need Antivirus, you're doing it wrong.

Re:Apple's closed system (2, Insightful)

Shavano (2541114) | more than 2 years ago | (#40083015)

The level of access that an antivirus program needs is the level of access that a virus needs. Apple's not giving that to the would-be malware creators either.

Besides, an antivirus program for iOS makes no sense because there aren't any such things to protect against. .

Re:Apple's closed system (4, Insightful)

causality (777677) | more than 2 years ago | (#40082343)

Why is it that there is no malware for IOS? There are millions of these devices out there, so there certainly is an incentive for malware writers.

I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

Many people need to play in the approved sandbox or else they'll stumble and hurt themselves. Others know what they're doing and understand the security implications of actions they take so they don't need Big Daddy Apple watching over them (and would in fact find that restrictive/suffocating).

If you're willing to learn and attain your own understanding you will find that much more information than you would ever need is freely available. Then you achieve independence and freedom. You can then do what you like with equipment that's truly yours. If all of that is "too hard" and you prefer to use a machine for years without ever really grasping the principles behind it, then you are likely to be controlled by somebody: either a relatively benevolent vendor or a malware author. The former wants the money you choose to give to it; the latter will take everything it can.

There isn't a One True Way. The only real mistake is to wrongly assume you are in a given category when you are not. For Joe Sixpack users who do not enjoy discovering and learning new things, the Apple method has a lot of advantages. If its widespread use makes it harder for criminals to make a profit, that benefits the rest of us as well.

Re:Apple's closed system (3, Insightful)

Shavano (2541114) | more than 2 years ago | (#40083045)

Many people need to play in the approved sandbox or else they'll stumble and hurt themselves. Others know what they're doing and understand the security implications of actions they take so they don't need Big Daddy Apple watching over them (and would in fact find that restrictive/suffocating).

No, not many. A few. The iPhone is a consumer device. Opening it up for anybody to program and distribute whatever software they want would be of no benefit to the vast majority of users, no benefit to Apple and no benefit to the wireless providers.

If they opened it up, they'd actually be screwing over their customers and business partners. I can't imagine a compelling argument why they should do so.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40083699)

"For Joe Sixpack users who do not enjoy discovering and learning new things, the Apple method has a lot of advantages."

For Joe Sixpack users that have better things to do (and an outdoor life) than fiddle with a phone, the Apple method has a lot of advantages.

There, fixed that for you.

Re:Apple's closed system (1)

ediron2 (246908) | more than 2 years ago | (#40083727)

Ratfucker slashcode just ate my comment.

Came here to call you a pedant and point out that some of us like iphones because we already have too many other avenues for puttering; sometimes it's nice just to have a phone. Ok, a phone plus games and twitter and gps and media and email and.... but I'm ok that my 4s is NOT where I focus my hackerly urges. I don't have time for all the projects queued up in my home office (or as my wife calls it, that "damn mountain of electronics"). Lost my orig. comment trying to grok why slashcode was ignoring my html tags (my ul's and li's didn't yield bullets!!!) so you don't get a list this time.

I promise, it isn't fear or wanting Apple to be my mommy...

Re:Apple's closed system (1)

Deorus (811828) | more than 2 years ago | (#40084571)

Your train of thought crashed as soon as you failed to realize the difference between research and production. It is perfectly OK to research one platform while using another, there is absolutely nothing wrong with that. I have developed the Linux kernel in the past and that hasn't stopped me from turning into an Apple fag. My understanding of how operating systems work does not make me want to tinker them all, quite the opposite. I am perfectly fine when things just work, that is my goal as an engineer.

Re:Apple's closed system (1)

causality (777677) | more than 2 years ago | (#40089775)

Your train of thought crashed as soon as you failed to realize the difference between research and production. It is perfectly OK to research one platform while using another, there is absolutely nothing wrong with that. I have developed the Linux kernel in the past and that hasn't stopped me from turning into an Apple fag. My understanding of how operating systems work does not make me want to tinker them all, quite the opposite. I am perfectly fine when things just work, that is my goal as an engineer.

I was talking about users who *need* a managed experience or else they get into trouble. *Need*. I think people replying to me didn't get that part and perhaps I should have made it more clear.

Wanting one or finding it convenient is different. If you can do serious kernel development then you are more skilled than I am, and I definitely don't need a managed experience. Yours is a genuine preference. It is not a need. That isn't what I was talking about at all and doesn't fit anything I was saying. I just get tired sometimes of how low the standards are, how little people expect of themselves. If the masses benefit from something, that didn't happen because of them. I'd rather it did.

Incidentally I wouldn't call you an "Apple fag" or any other kind of "fag". The way you articulate yourself is better than that.

Re:Apple's closed system (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40082371)

There is absolute malware proof computing already: just don't install anything on your computer, disconnect it from network, in fact, just cut the power completely.

Oh, and "there's no malware on AppStore" rather depends on your defintion of malware. Sending your contact list to a third party without questions was possible until a recent update. Just junkware and scams? Check. Just google for "pokemon yellow ios", for example.

Yes, iOS malware can't spam SMS or hang in background, but on the other hand iOS apps can't send SMS or work in background.

This security has quite a big tradeoff of censorship and dumbing down, so no, but thanks, no. Judging by market trends, general population seems to lean towards "free (as in freedom), but still has risks" side from "let us tell you what you want" side.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40083229)

Judging by market trends, general population seems to lean towards "free (as in freedom), but still has risks" side from "let us tell you what you want" side.

That explains why iPhone users per capita buy more apps, surf the web more, view more video content than Android users right? A huge portion of Android sales are free/feature phone devices. There is no market trend towards either camp. Get over it.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40092353)

re: per capita
That's only because people on i* devices are locked into the app store and MUST pay for the "privilege" of buying from there.

Android users who know about GetJar, have access to Amazon App Store, or even buy a Samsung Galaxy S / S II / SIII device all have secondary stores that offer company-paid content. This can total over thousands for dollars for the average user while staying legitimate (that's not counting users who can freely pirate content)

Just because an iuser is blind to alternatives has no implications.

P.S. You know what I find odd about the "surf the web more"? That phone has the most dedicated website replacement applications (i.e. applications that provide a native version of the website) -- why are they surfing the web?

P.P.S. There IS a market trend towards Android exactly because what you say: they can get a relatively decent-to-good smart phone for cheap or free. A Galaxy S2 with LTE is now just $50 on a 3 year contract. If you're not into high end games, that's good enough CPU/GPU/resolution with a massive screen.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40082455)

jailbreak apps are malware and the same techniques used by jailbreaking malware can be used by other malware that does something the device owner considers to be "mal"

Re: Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40082603)

unmod

Re: Apple's closed system (1)

causality (777677) | more than 2 years ago | (#40082871)

unmod

That works better when you don't post AC.

Re: Apple's closed system (1)

gmhowell (26755) | more than 2 years ago | (#40082915)

unmod

That works better when you don't post AC.

I haven't tested it, but I've read reports that while you do not get the warning if you post AC to a discussion in which you have posted, it will still remove said moderations.

Re: Apple's closed system (1)

causality (777677) | more than 2 years ago | (#40082995)

unmod

That works better when you don't post AC.

I haven't tested it, but I've read reports that while you do not get the warning if you post AC to a discussion in which you have posted, it will still remove said moderations.

If so I believe that's a new thing.

Also, regarding your sig... His disciples were definitely thick. They were not ordinary. They showed extraordinary courage. I mean... Peter was executed by crucifixion. His lament? He did not feel worthy to die by the same method as his Master. So according to legend, he was crucified ... upside-down. Ordinary people would have been like the "old Peter" who denied Him thrice.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40082733)

There IS malware for Apple. The difference is that Apple doesn't allow antivirus program makers to create apps, so there's no point in those antivirus makers publishing inflammatory, misleading, and mostly-untrue "studies".

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40084411)

Watch out, you'll upset all the fanbois that are here to brag on how their walled kindergarden protects them from the freedom of the outside world!
They are so happy spewing misinformation on the (almost non-existing) android malware and upvoting each other, they might vote you down as troll just for stating the facts!
(Which means this comment will very likely be voted down into oblivion in the next couple of seconds)

Re:Apple's closed system (1)

Lussarn (105276) | more than 2 years ago | (#40083657)

I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

It is obviously a security feature to have trusted sources for your programs, there is nothing new to this, Linux have used this for the last 15 years and I can't believe Linux was the first. You have to understand that Unix was created like 40 years ago, and there is nothing technically secure about it in todays world. This is the same for Linux, BSD, OSX, Android and IOS. Most security is bolted upon it but the fact is that it probably can't be totaly secured, it's not designed that way. Compare with a web browser or Java/Flash/NaCL which is secure by design. Yes, they have security holes but they can be fixed. Unix is "fixed" by having trusted sources, that's not a technical solution. The problem with Apples stance on this subject is that there source is the only source on the IOS platform, and they happen to use it for a lot more than security, like keeping the competition out. Yes, I know *nix isn't really secure, but I still want to be able to run certain programs (this is more important to me than outmost security), and I wan't to use a platform where competition is fair.

Re:Apple's closed system (1)

tlhIngan (30335) | more than 2 years ago | (#40083767)

Why is it that there is no malware for IOS? There are millions of these devices out there, so there certainly is an incentive for malware writers.

I believe that it has something to do with the fact that only Apple approved and checked software can be installed thereon. This closed system may not appeal to many here on /., but it is certainly as close as we have gotten to a malware proof computing experience we are likely to get anytime soon. Mac users will be able to enjoy this form of security with OS X 10.8 this summer.

Because there's accountability in the App Store. You see, to get an app in there, you have to pay $99 a year. Which means you need a valid billing account Sure malware can use a fake credit card, but when Apple gets a chargeback, they'll cancel the account and remove the app.

Next, if there's really a bad app in there, boom, Apple removes all the developer's apps and closes their account. And with a valid billing address means Apple can hunt you down. Hell, if you want to accept money for apps Apple makes you jump through hoops.

It's just like the Flashback trojan - making money is easy, but getting paid is actually quite hard.

The other reason is iOS makes it quite hard - to send a text message requires user intervention - an app can't send a text message on its own unless it uses its own service. Ditto phone calls - you can call up the dialer, but it'll ask if you really wanted to dial that number.

The only real way to get malware onto iOS without exposing a real identity is via jailbreaks and surreptitious installation that way. To which iOS isn't immune.

An interesting Android hack popped up recently - due to the way smartphone data plans work, an Android app with "Internet Access" can hijack any TCP connection [arstechnica.com] on the phone.

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40092443)

Because there's accountability in the Play Store. You see, to get an app in there, you have to pay $15 one time. Which means you need a valid billing account Sure malware can use a fake credit card, but when Google gets a chargeback, they'll cancel the account and remove the app.

Next, if there's really a bad app in there, boom, Google removes all the developer's apps and closes their account. And with a valid billing address means Google can hunt you down. Hell, if you want to accept money for apps Google makes you jump through hoops.

It's just like the Flashback trojan - making money is easy, but getting paid is actually quite hard.

The other reason is Android makes it quite hard - to send a text message requires user intervention - an app can't send a text message on its own unless it specifically tells you "SERVICES THAT COST YOU MONEY; SEND SMS". Ditto phone calls - you can call up the dialer, but it'll ask if you really wanted to dial that number or it specifically tells you "SERVICES THAT COST YOU MONEY; PHONE CALLS".

The only real way to get malware onto Android without exposing a real identity is via jailbreaks and a checkbox that WARNS the user that their safety is in their own hands. To which Android isn't immune.

An interesting i OS hack popped up recently - due to the way smartphone data plans work, an i OS app with "Internet Access" can hijack any TCP connection [arstechnica.com] on the phone. [read the article: "... will also work against computers connected to networks using cellular cards or smartphone tethers. He said there's no reason to believe i OS devices ... can't be hijacked as well." Incidentally, if I wanted to protect myself on Android, all I have to do is go through my applications and remove or not run any that have the Internet permission. Can you guarantee that any applications on any other platform (i* included) do NOT use internet? No, I didn't think so.

P.S. You see what I did there?

Re:Apple's closed system (0)

Anonymous Coward | more than 2 years ago | (#40092045)

Charlie Miller's application was white hat, but it's still malware as it installed a command and control server on your phone masquerading as a stock ticker app. It passed the "review", and was published to the store. His code exploited a privilege escalation bug that he repeatedly told them about but nothing came of it.

The only reason why his app was caught and banned was because he came out and said that he did so.

So I challenge you: prove to me that all 500,000 applications do not have any similar code.

Oh wait, you can't. Well, unless the malware author comes forward with a "guilty" conscience. Nobody can even scan for the exploit Charlie Miller used because it's all wrapped up tight. Out of sight, out of mind, right?

I'm willing to bet (1)

InspectorGadget1964 (2439148) | more than 2 years ago | (#40082217)

It comes from One Microsoft way in Redmond?

Not a new concept (1)

Shoten (260439) | more than 2 years ago | (#40082591)

DARPA has a project going on this right now...it's called the "Cyber Genome" project. The idea is that you can perform a fair bit of attribution to the person/organization that wrote a piece of malware based on the characteristics of the code. It's true, as well...examination of Stuxnet, for example, made it clear that it was probably written by a highly organized team of diverse and very skilled individuals. And that's just looking at a single piece of malware; looking at things like Zeus has shown the progression of it, and even how malware can fork and develop along different lines. If you take it to the next step, the goal is to be able to predict the characteristics of an iteration before it's even written. Yeah, nobody said DARPA tries to solve easy problems :)

I know this is nitpicking, but.... (2)

Johann Lau (1040920) | more than 2 years ago | (#40084629)

Notice how one makes sense, the other doesn't:

Researchers Map Android Malware 'Genome'

Researchers 'Map' Android Malware Genome

Re:I know this is nitpicking, but.... (0)

Anonymous Coward | more than 2 years ago | (#40086637)

'Researchers' 'Map' Android Malware 'Genome'
FTFY

Re:I know this is nitpicking, but.... (1)

Johann Lau (1040920) | more than 2 years ago | (#40088795)

Oh, you mean you "fixed" that for "me"? Why "thank you" :)

myCollege Project :) (1)

dgharmon (2564621) | more than 2 years ago | (#40089455)

How to get Android and Malware in the same article.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?