Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: Malware on the Android platform!

  1. #21
    Join Date
    Feb 2011
    Location
    Falls Church, VA, USA
    Beans
    38
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Malware on the Android platform!

    Quote Originally Posted by tomazzi View Post
    Peoples who blame Google: have you read at least overview of Android SDK? This OS has very good balance between security and ...freedom. The more secure system the less freedom for programmers and more problems for users who wants to do something, but they aren't allowed. Every app is sandboxed, but it can access almost every part of HW if it's needed - that's in short. Thanks to that, I can use my crappy, non-upgradable iRobot (Android 1.6) as complete HVAC control and visualisation, because it's still supported by SDK tools and I can have full root access to the system - otherwise I could only throw this device out of the window
    Actually that is a good point, but there is no excuse for the flaw exposing the ability to contract malware. That is like Windows all over again
    Familiar with and used frequently:
    XP Pro, 7 Pro, Windows Server 2008 (EEW!), Mac OS X 10.5-10.6, SUSE Linux Enterprise, Xubuntu 8.04 LTS, Ubuntu 10.04 LTS.

  2. #22
    Join Date
    Jan 2005
    Location
    Lithuania
    Beans
    204
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Malware on the Android platform!

    Quote Originally Posted by aysiu View Post
    A trojan is a trojan is a trojan. If you give the user any kind of freedom about what to install, the user can be stupid and install malware.
    Sure. But if I see a nice app for my scheduling- how can I be not so stupid and recognize malware if I am not any kind of a coder? Surely I can expect to stay safe while installing apps for my Ubuntu only from repos, but how can I stay safe on Android? Should I study programming and check every code I install or this should be app store provider's care?
    And you know what- if I would purchase some medicine from a drug store and I would get some poison instead of it- I would surely sue this poor store for a decent amount of cash or just blow that store out
    Last edited by Zlatan; March 7th, 2011 at 07:12 PM.

  3. #23
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Malware on the Android platform!

    Quote Originally Posted by fuduntu View Post
    Blaming the victim of a crime isn't the right answer. Your reply is akin to blaming a rape victim for being raped.
    It is not at all the same.

    If a con artist who is trying to steal your car is obviously a con artist and you fall for it, you shouldn't blame the car manufacturer for making the car easy to steal.

    Yes, the criminal is most certainly at fault, but the user was stupid, and "antivirus" won't help in that situation.

  4. #24
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Malware on the Android platform!

    Quote Originally Posted by Zlatan View Post
    Sure. But if I see a nice app for my scheduling- how can I be not so stupid and recognize malware if I am not any kind of a coder? Surely I can expect to stay safe while installing apps for my Ubuntu only from repos, but how can I stay safe on Android? Should I study programming and check every code I install or this should be app store provider's care?
    No, you shouldn't do any of that. If you look at the malware in the Android Market, it's quite obvious, though. Find me an app that is published by a known corporation (Rovio, Google, Microsoft, Dropbox), that has a lot of downloads, and all positive reviews... and is also malware.

    There are clues. Read them.

    I am not a programmer, and yet I somehow manage to avoid installing malware on my Android phone.

    More importantly, so-called "antivirus" will not help the situation. What will help is Google vetting the Market for malware. Ubuntu and other Linux distributions are pretty good at this. They aren't vetting programs for how offensive or useful or high quality they are, but they would definitely not let malware into the repositories.

    So here's what should happen:
    • Google should start screening app submissions for malware.
    • Users should actually be careful about what they download.
    • No one should imagine "antivirus" will do anything useful for Android.
    • People should stop confusing trojans with viruses.

  5. #25

    Re: Malware on the Android platform!

    Quote Originally Posted by aysiu View Post
    It is not at all the same.

    If a con artist who is trying to steal your car is obviously a con artist and you fall for it, you shouldn't blame the car manufacturer for making the car easy to steal.

    Yes, the criminal is most certainly at fault, but the user was stupid, and "antivirus" won't help in that situation.
    I never said con artist, I said valet. I obviously implied that it was not obvious (just as a trojan by definition is non-obvious).
    [ Fuduntu.org ] - [ Fuduntu Forum ] - [ Fuduntu Blog ] - [ Fuduntu Wiki ]

    For a classic desktop with the latest apps, get Fuduntu!

  6. #26

    Re: Malware on the Android platform!

    Quote Originally Posted by aysiu View Post
    No, you shouldn't do any of that. If you look at the malware in the Android Market, it's quite obvious, though. Find me an app that is published by a known corporation (Rovio, Google, Microsoft, Dropbox), that has a lot of downloads, and all positive reviews... and is also malware.
    Unintentional, but not beyond the realm of possibility.
    Microsoft ships Nimda with .NET (oops) - http://www.securityfocus.com/news/480
    Apple ships IPod with Virus (oops) - http://www.apple.com/support/windowsvirus/
    Seagate ships hard drives with a virus (oops) - http://www.pcworld.com/article/13957...rd_drives.html

    Quote Originally Posted by aysiu View Post
    There are clues. Read them.

    I am not a programmer, and yet I somehow manage to avoid installing malware on my Android phone.
    You can't really say that with 100% certainty. You can be reasonably certain though.

    Quote Originally Posted by aysiu View Post
    More importantly, so-called "antivirus" will not help the situation. What will help is Google vetting the Market for malware. Ubuntu and other Linux distributions are pretty good at this. They aren't vetting programs for how offensive or useful or high quality they are, but they would definitely not let malware into the repositories.
    I agree with this, Google should inspect all submissions for malware. Linux distributions are *OK* at this, but I wouldn't say that we are good because there is just too much code to audit and the rumor of 1,000,000 eyes on the code has failed us often.

    Quote Originally Posted by aysiu View Post
    So here's what should happen:
    • Google should start screening app submissions for malware.
    • Users should actually be careful about what they download.
    • No one should imagine "antivirus" will do anything useful for Android.
    • People should stop confusing trojans with viruses.
    - yes
    - yes
    - no, one should always expect the unexpected.
    - I believe the term used was malware which catagorizes both viruses and trojans.
    [ Fuduntu.org ] - [ Fuduntu Forum ] - [ Fuduntu Blog ] - [ Fuduntu Wiki ]

    For a classic desktop with the latest apps, get Fuduntu!

  7. #27
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Malware on the Android platform!

    Quote Originally Posted by fuduntu View Post
    I never said con artist, I said valet. I obviously implied that it was not obvious (just as a trojan by definition is non-obvious).
    Then we aren't sharing assumptions.

    From what I can tell, trojans are obvious.

    Con artists in real life are not.

  8. #28
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Malware on the Android platform!

    Quote Originally Posted by fuduntu View Post
    Unintentional, but not beyond the realm of possibility.
    Microsoft ships Nimda with .NET (oops) - http://www.securityfocus.com/news/480
    Apple ships IPod with Virus (oops) - http://www.apple.com/support/windowsvirus/
    Seagate ships hard drives with a virus (oops) - http://www.pcworld.com/article/13957...rd_drives.html
    Those are mistakes, though. Those aren't deliberately malicious. Apple didn't say "Heh, heh. Let's put a virus on our iPods!"

    Trojans by definition are intended to be secretly malicious.

    You can't really say that with 100% certainty. You can be reasonably certain though.
    Nobody can say that with 100% certainty. 100% certainty doesn't matter because it's not logically achievable. And please no one make me barf by saying they can be 100% certain because they ran an "antivirus" scan.

    I agree with this, Google should inspect all submissions for malware. Linux distributions are *OK* at this, but I wouldn't say that we are good because there is just too much code to audit and the rumor of 1,000,000 eyes on the code has failed us often.
    The failure isn't in spotting malware so much as fixing security holes. Since apps are in a sandbox, all Google should have to inspect for the Market is malware.

  9. #29

    Re: Malware on the Android platform!

    Quote Originally Posted by aysiu View Post
    Then we aren't sharing assumptions.

    From what I can tell, trojans are obvious.

    Con artists in real life are not.
    A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system.[1] The term is derived from the Trojan Horse story in Greek mythology.

    A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer.
    The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

    - http://en.wikipedia.org/wiki/Trojan_horse_(computing)
    [ Fuduntu.org ] - [ Fuduntu Forum ] - [ Fuduntu Blog ] - [ Fuduntu Wiki ]

    For a classic desktop with the latest apps, get Fuduntu!

  10. #30

    Re: Malware on the Android platform!

    Quote Originally Posted by aysiu View Post
    Those are mistakes, though. Those aren't deliberately malicious. Apple didn't say "Heh, heh. Let's put a virus on our iPods!"
    I agree, which is why I implied it was unintentional. The very fact that it happens though implies that one can be careful, and still get infected (or attacked, or rooted, or insert appropriate word here).

    Quote Originally Posted by aysiu View Post
    Trojans by definition are intended to be secretly malicious.
    Yes.

    Quote Originally Posted by aysiu View Post
    Nobody can say that with 100% certainty. 100% certainty doesn't matter because it's not logically achievable. And please no one make me barf by saying they can be 100% certain because they ran an "antivirus" scan.
    The sky is blue, my argument is invalid?

    Quote Originally Posted by aysiu View Post
    The failure isn't in spotting malware so much as fixing security holes. Since apps are in a sandbox, all Google should have to inspect for the Market is malware.
    I agree, except that there is history of malware escaping sandboxed Java environments.

    http://www.winplanet.com/article/2656-.htm
    [ Fuduntu.org ] - [ Fuduntu Forum ] - [ Fuduntu Blog ] - [ Fuduntu Wiki ]

    For a classic desktop with the latest apps, get Fuduntu!

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •