Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Saturday June 14 2014, @09:17AM   Printer-friendly
from the safer-in-the-bubble dept.

ZDNet have put out a story claiming that, although Apple's walled-garden approach is not popular with everybody, it does appear to have prevented almost all malware from becoming prevalent on iOS. From the article:

Everyone knows there's no iOS malware, right? Strictly speaking, there is. As a practical matter, there isn't. At least if you stick with the official Apple store, you are more likely to win Powerball than to be hit by iOS malware.

But to make that "strictly speaking" point, FortiGuard Labs's Axelle Apvrille ("the Crypto Girl") felt it necessary to list all the iOS malware on record all 11 instances, eight of which work only on jailbroken phones.

[....]

It's not like iOS isn't an inviting target. There are zillions of devices out there and iOS customers have shown that they are willing to spend money on apps. And there absolutely are ways that iPhones can be attacked, although more likely through vulnerabilities, especially in Safari, than through malicious apps.

In fact, Apple's rules for what it will allow in its App Store are so strict that they effectively ban security software. It's a good thing there is next to no malware, because what you would need to do to block it on your phone is not permitted. Android, on the other hand, has a burgeoning market for security software and no shortage of malware.

Do you agree with this assessment?

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by stormwyrm on Saturday June 14 2014, @10:21AM

    by stormwyrm (717) on Saturday June 14 2014, @10:21AM (#55252) Journal

    But I'll add that malware is a side effect of having a fully open system where you, the user, are empowered to do interesting things. No freedom without responsibility. It's the difference between living in a functioning democracy and a totalitarian nanny state.

    --
    Numquam ponenda est pluralitas sine necessitate.
    • (Score: 0, Offtopic) by quadrox on Saturday June 14 2014, @10:31AM

      by quadrox (315) on Saturday June 14 2014, @10:31AM (#55253)

      Most insightful comment every. Too bad I have no mod points!

    • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @10:55AM

      by Anonymous Coward on Saturday June 14 2014, @10:55AM (#55261)

      eight of which work only on jailbroken phones

      I live in a democracy, hooray!

    • (Score: 2, Insightful) by Horse With Stripes on Saturday June 14 2014, @12:04PM

      by Horse With Stripes (577) on Saturday June 14 2014, @12:04PM (#55273)

      No freedom without responsibility. It's the difference between living in a functioning democracy and a totalitarian nanny state.

      The iPhone users still have the choice to be iPhone users so there is still plenty of freedom involved.

      • (Score: -1) by Anonymous Coward on Saturday June 14 2014, @12:13PM

        by Anonymous Coward on Saturday June 14 2014, @12:13PM (#55279)

        The iPhone users still have the choice to be iPhone users so there is still plenty of freedom involved.

        Just like you can choose to move to North Korea. But don't be surprised if your freedom disappears after making that choice, just like with Apple. And we can debate whether these people really made an educated choice, obviously not...

        • (Score: 3, Interesting) by Horse With Stripes on Saturday June 14 2014, @12:29PM

          by Horse With Stripes (577) on Saturday June 14 2014, @12:29PM (#55283)

          Wow. Comparing choosing a phone to moving to North Korea? That's quite a bit of hyperbole (and Apple hate).

          In case you didn't know, you can always change phone vendors, models or even carriers. It's not a permanently implanted device that commits your life to some all-controlling oppressive entity. I understand your desire to have the freedom to choose anything you like, as do I. But let's not lose perspective. It's just a phone, and can be swapped, replaced or even put in a drawer if desired. Try some real life oppression some day and you'll beg for the "North Korean State of Apple".

          • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @03:09PM

            by Anonymous Coward on Saturday June 14 2014, @03:09PM (#55309)
            Someone has missed the point behind analogies.
            • (Score: 2, Insightful) by Anonymous Coward on Saturday June 14 2014, @04:44PM

              by Anonymous Coward on Saturday June 14 2014, @04:44PM (#55335)

              North Korea is not an analogy for Apple. Someone has 'overreaction' and 'hyperbole' turned up to 11.

              • (Score: 3, Interesting) by HiThere on Saturday June 14 2014, @06:45PM

                by HiThere (866) on Saturday June 14 2014, @06:45PM (#55361) Journal

                Sorry, but it is *an* analogy to Apple. I.e., there is at least one way in which they are analogous. Singapore would have been an analogy with a closer fit along multiple axis, but wouldn't have had the emotional impact. Even then it's (currently) overstating the case.

                --
                Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
                • (Score: 2) by khchung on Sunday June 15 2014, @06:00AM

                  by khchung (457) on Sunday June 15 2014, @06:00AM (#55510)

                  Singapore would have been an analogy with a closer fit along multiple axis, but wouldn't have had the emotional impact.

                  It HAS the emotional impact, just not the one desired by Apple-haters.

                  If an Android user who has been to Singapore read about this analogy, they might actually decide to switch to iPhone, and we can't have that.

            • (Score: 2) by Tork on Saturday June 14 2014, @07:20PM

              by Tork (3914) on Saturday June 14 2014, @07:20PM (#55373)
              Yeah and he forgot to log in, too.
              --
              Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
    • (Score: 3, Interesting) by BasilBrush on Saturday June 14 2014, @06:25PM

      by BasilBrush (3994) on Saturday June 14 2014, @06:25PM (#55357)

      But I'll add that malware is a side effect of having a fully open system where you, the user, are empowered to do interesting things.

      There are plenty of interesting things to be done on iOS. Here and on Slashdot, we have an unusual niche of hobbyist geeks that want to do things with gadgets that most people don't. And many are prepared to accept the security downgrade that comes with it. For most phone users that's a security cost with no benefit, as thy don't want to do those things.

      The only popular thing the freedoms (and security cost) you are talking about enables is piracy.

      No freedom without responsibility. It's the difference between living in a functioning democracy and a totalitarian nanny state.

      You've been drinking too much Koolaid. People choose the phone they want. They are not born into it. People choose the safe environment rather than spend time in bandit country.

      Android is the Windows of the mobile world.

      --
      Hurrah! Quoting works now!
      • (Score: 3, Interesting) by Anonymous Coward on Saturday June 14 2014, @06:49PM

        by Anonymous Coward on Saturday June 14 2014, @06:49PM (#55363)

        > The only popular thing the freedoms (and security cost) you are talking about enables is piracy.

        Don't confuse your ignorance of what other people want for what is really unwanted.

        For example, XPrivacy [wired.com] on Android is revolutionary but the user-interface is not anywhere near close to mainstream quality levels. That's irrelevant for iOS though, because there are no circumstances whatsoever in which Apple will allow an app with that kind of functionality because it interferes with apple-approved "malware" the kind that sells you out to 'legitimate' companies instead of outright criminals.

        But there are much simpler things that Apple won't let you do with an iphone that regular people want to do. For example, you can't record from the camera or the microphone with the screen off -- apple forbids apps that do that. Another thing you can't do is log what happens in imessage to email - you can do it one message at a time, and you can try to extract it from a device backup, but if you just want a set-it-and-forget it automated external log of the text messages you receive you can't do it.

        I know about those two cases because my friend's daughter has an abusive husband and she needed to do those things in order to get irrefutable proof of his abuse (death threats, etc) because he's smart enough not to leave bruises. Apple wouldn't let her.

        • (Score: 2) by BasilBrush on Monday June 16 2014, @07:19PM

          by BasilBrush (3994) on Monday June 16 2014, @07:19PM (#56062)

          There's nothing quite so ignorant as an AC.

          XPrivacy is an app that only exists to counter the security weaknesses of Android. It's not needed on iOS because users can already selectively deny apps access to user data.

          --
          Hurrah! Quoting works now!
      • (Score: 0) by Anonymous Coward on Sunday June 15 2014, @01:17AM

        by Anonymous Coward on Sunday June 15 2014, @01:17AM (#55445)

        The real question is whether the device you bought really belongs to you, or do you still want Apple to continue to dictate what you can and can't do with the gadget you paid them several hundred dollars for? That expensive gadget is your device only insofar as Apple's goals and yours coincide. If they ever clash, you always lose. It's a secure (as in trusted computing secure) computer, but it's secure as far as Apple is concerned, not you. Bruce Schneier wrote this [schneier.com] about the first mainstream attempts at making such "trusted computing" a reality (Microsoft's Palladium/NGSCB):

        My fear is that Pd [Palladium] will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.

        Arguably many modern-day mobile devices (both iOS and Android) have become exactly what Schneier described in that article from 2002: "owned by a variety of factions and companies all looking for a piece of our wallet." Further extrapolating beyond that into a world where the type of attitude that the iDevices foster becomes still more ubiquitous looks a lot like this famous dystopia [gnu.org].

    • (Score: 3, Interesting) by Tork on Saturday June 14 2014, @07:04PM

      by Tork (3914) on Saturday June 14 2014, @07:04PM (#55368)
      Heh. So with Windows the user has a more fully open system than Linux, right?
      --
      Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 1, Funny) by Anonymous Coward on Saturday June 14 2014, @08:19PM

        by Anonymous Coward on Saturday June 14 2014, @08:19PM (#55391)

        Windows[...]more fully open

        That's how I've always seen it--in the sense of open *wounds*. [google.com]
        A big problem with that ecosystem has always been that its users see the band-aids pasted all over its open wounds as armor.
        I really liked the name they gave to that release of Ubuntu which translated as armor-plated bug eater. [blogspot.com]
        That seemed especially apt for folks migrating from Redmond's stuff.

        -- gewg_

      • (Score: 0) by Anonymous Coward on Sunday June 15 2014, @12:49AM

        by Anonymous Coward on Sunday June 15 2014, @12:49AM (#55440)

        Yes, Windows is perhaps so open that its brains fall out. If we go by analogies with countries, perhaps Windows would be like Somalia (absolute anarchy leading to chaos), GNU/Linux like perhaps one of the Scandinavian countries (perhaps Finland where it was born, reasonable levels of control), Android/Linux perhaps like the United States (Google, like the NSA, is always watching you), and iOS like maybe Singapore (nanny state with a lot of irritating arbitrary rules). I don't know what an OS with policies analogous to China, the old Soviet Union, or North Korea would be like. Perhaps one of those absolute lock-down systems that supposedly exist to process highly classified data.

      • (Score: 2) by bugamn on Sunday June 15 2014, @01:58AM

        by bugamn (1017) on Sunday June 15 2014, @01:58AM (#55459)

        But you can install malware on Linux, just like on Windows. It just isn't a bigger target as it isn't as widely used.

        • (Score: 0) by Anonymous Coward on Sunday June 15 2014, @02:41AM

          by Anonymous Coward on Sunday June 15 2014, @02:41AM (#55467)

          Nonsense. What blackhat wouldn't want a botnet of ten thousand powerful Linux servers which sit in professional data centres and have big fat dedicated links connected to them? Each one of those is probably worth at least ten Windows PCs sitting in someone's living room with pathetic DSL connections in a DDoS attack. The difference is for the most part these Linux servers are run by competent admins who know and care about what they are doing, and are supported by an OS that helps rather than hinders them in their attempts to secure their systems. These people understand that they aren't supposed to run any binary sent to them by some joker on the Internet, and in case they don't, the OS does nothing to help them in their stupidity, as Windows seems ever apt to do.

          • (Score: 2) by Tork on Sunday June 15 2014, @03:52AM

            by Tork (3914) on Sunday June 15 2014, @03:52AM (#55479)
            "The difference is for the most part these Linux servers are run by competent admins who know and care about what they are doing..."

            I don't know if you realize how profound this statement is, but not in the way you intended it. Having the tools available is no good if the person at the keyboard isn't interested in using it. The device is in the hands of millions. You've just illustrated the value the "Walled Garden", that everybody likes to bitch about, is bringing to the security part of the equation. Your smart phone is one of the most personal things you could have in your possession. It has the photos you've taken, the contacts of your associations, a direct link into your communications services/social networking, and it has the ability to easily run up bills on your account. Do you want to be vigilant to keep it 'secure', or do you want it to be as dumb-proof as possible?

            That's not a question intended to only receive one answer. There are very good reasons you could answer either way, I'm not judging you for choosing either. Me personally? I've chosen the pretend-I'm-dumb path. My phone is an iPhone, it's value is that it is as appliance-like as possible. I cannot install MAME on it, but at the same time I'm not too worried about getting malware from the App Store. I have an Android tablet I use for the tinkering stuff I like to do. If I render it unusable or it goes rogue on me, no biggie. I just don't want to combine tinkering with sensitive-to-my-personal life.

            Thank you for bringing up exactly the reason the Walled Garden has value.
            --
            Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
  • (Score: 3, Insightful) by maxwell demon on Saturday June 14 2014, @10:46AM

    by maxwell demon (1608) Subscriber Badge on Saturday June 14 2014, @10:46AM (#55255) Journal

    If you only install software from a trusted source, you're unlikely to get malware, although it's not entirely impossible. No surprise there.

    The only thing you might derive from that in favour of Apple's walled garden is: Many people obviously cannot be trusted to only use programs from trusted sources unless you force it on them. But even then, "trusted source" being restricted to "Apple store" is too restrictive, as it gives Apple too much power on what can and especially what cannot get on it.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: -1) by Anonymous Coward on Saturday June 14 2014, @11:49AM

      by Anonymous Coward on Saturday June 14 2014, @11:49AM (#55268)

      Really only "too restrictive" if iOS devices were numerically superior in the global market - and last I checked, they're not.

      I quite like my Apple pocket appliance, it requires nearly no maintenance. Suits me just fine. I used to run linux on a Sharp Zaurus. Was really only good for reading books and playing MP3's, but it could do one hell of a lot more than an iPod, at the time. It was however, quite the special hell to maintain back then.

      In the meantime I prefer to build my own computer systems - for specific purposes - entirely from RTL in FPGA. Far better control than the monstrosity that x86-64 is. Modularise - one thing per function, then hide the lot in a box if necessary. Makes troubleshooting much easier.

      My standard "dev platform methodology": Whatever is #1 on distrowatch.org 12month chart, with an exactly-noted install script for everything beyond what can be had from apt-get. (there isn't any open sourced FPGA dev software, more's the pity).

      Minimal barrier to entry for newbies - means people can spend their time and effort working on the thing, not working to try and match whatever custom spread of particular version unique distro my gentoo box had become.

      So far as walled garden applies: Stop thinking of Apple iOS things as personal computers =- they're clearly just communication appliances.
      And if you want the control, there is a huge collection of Android-compatible devices out there - get one you can easily jailbreak, and take control.

      You don't *have* to buy Apple. Their present "comparatively smallish" marketshare is quite healthy. They're doing just fine, and the majority of people have cheaper, freer options. Apple are very closed and secretive to be sure, but at least they do manage to build well.
      The secrecy is because their development process has no manageabiliy at all, and their non-employee investors would be scared at the seemingly unplanned and chaotic nature it has. But in reality, all new development always looks inefficient - like no-one knows what they're doing. This is obviously necessary where a new thing that has never been build is being attempted.

      But it's exactly the opposite of how most conservative engineering firms work: They work to a plan, and do with absolute certainty jobs they know exactly how to plan. They consequently can't innovate to save themselves, mostly because such firms simply don't have the necessary culture to handle the unavoidable chaos.

      Apple is a rare beast - an engineering firm in a market that (was) dominated by "technician" firms who could sure code, but not *produce* non-virtual products in the real world. Yet the furthest thing from the ultra-conservative engineering firms who do hydraulics, say. Or build bridges.

      They keep leading their field, because they're good at development, and they're good at engineering. (applying science, with a plan, and *forcing* reality to submit).

      The smartphone industry is a breath of fresh air - because to compete, each company has to be at least ok at engineering - if they aren't, their (battery life * capability / weight*cost) ratio is too low. And so competition is quite fair.

      Software efficiency has finally become necessary: The PC market never had that limit, vendors could simply require more powerful computers which they could then manage inefficiently to do even less in less time, whilst seeming to give more. (really, they only had to give the appearance of novelty to retain their market share). Apple inverted that, giving novelty in physical form. Prior to that they had been giving only technical excellence, which their competitors need not have afforded. All the engineering firms were too busy competing to supply just PC components - the "PC" companies didn't need engineers at all. Just technicians.

      So they maintain their little walled garden: Good. So long as people arn't "Born into" it, it's just fine. It's only a virtual dictatorship, and one whose existence totally depends on providing benefit: Keeping out most malware certainly qualifies.

      It'll only be a problem if the law were to decide that you really need to be a professional in order to sell software. Like they do with that oldest of professions: Medicine.

      And civil engineers too. Those component makers have to deliver parts that really do as their spec sheets say, or they're guilty of fraud.

      The point is that iOS device == Appliance, not computer.
      Computer == something that to be literate with, and fully use, you need to be capable of programming.

      Apple actually does still sell those, and whilst these days they stop casual users from just running randomly downloaded apps, it's fairly trivial to authenticate on a per-executable basis. If you buy one, they will even give your their SDK for the asking.

      If a computer manufacturer today made it difficult or impossible for their users to program their own computers, or even decide for themselves what they wanted their personal computer to do, we'd rightfully be up in arms.

      More so if there were no alternative.

      Thankfully that hasn't happened, and whilst it sorta did for software, those of us who left and formed the OSS community built something superior, even if we only contributed another user, we helped the marketshare of OSS grow to where engineering firms saw the benefit in supporting it. (Even while the competition shot its own foot by effectively eliminating casual "piracy", the true source of their own market dominance!)

      That said - make sure you don't buy a personal computer with a TPM, and consider how much you do trust the manufacturer of each of your appliances.

    • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @07:16PM

      by Anonymous Coward on Saturday June 14 2014, @07:16PM (#55372)

      only install software from a trusted source

      First, on non-iOS systems, if you wait 24 hours from the time you learn about an app until you get/install the app, does the problem resolve itself?
      (Does the rogue app disappear from the OS's approved/vetted store?)
      How often have you actually encountered this in the approved repo?

      Second, does "malware" include adware?
      Does it include a trojan that you PURPOSELY downloaded from a non-vetted source, PURPOSELY installed, PURPOSELY gave executable permissions, and PURPOSELY ran?

      As an aside, does your mother still breast-feed you?
      As has been mentioned multiple times, if your software ecosystem allows you to use a repo/store outside their mainstream, freedom -does- incur individual responsibility.

      people obviously cannot be trusted

      Something that Cupertino does "add" to the picture is limited choice:
        - Too much skin on display in that app? Can't have that. Nanny|Big Brother.
        - A dev submits an app where Apple is working on something similar? Rejected.
          iOS is ideal for those who groove on anti-competitive environments.

      -- gewg_

  • (Score: 5, Insightful) by Pav on Saturday June 14 2014, @10:54AM

    by Pav (114) on Saturday June 14 2014, @10:54AM (#55259)

    ...for over 20 years. Without the DRM. A repo is hardly a novel thing. Todays signed packages/repos are reasonably secure by todays standards - an iOS-approximating level of protection without the bars. DRM != security, especially since someone else has the key to your panic room.

  • (Score: 4, Insightful) by anubi on Saturday June 14 2014, @11:14AM

    by anubi (2828) on Saturday June 14 2014, @11:14AM (#55262) Journal
    My biggest problem is I need to communicate to businesses. The reason I run Windows is because businesses will talk to Windows. I highly begrudge businesses for demanding I "drop my shields" ( enable popups and tell NoScript to go ahead and run their useless script ) in order to talk to business.

    If I had my way, all email would still be text files or a really stripped down HTML which only supported images( .png, .gif, .jpg ), audio (.mp3 only) and video (.mp4 only ). No other codecs supported. If you wanted to play businessman and insist on nonsupported codecs, it would be widely known that business was to be held 100% liable for problems caused by the plugin he demanded. Just like we hold a restauranteur 100% responsible for an outbreak of food poisoning resulting out of his kitchen.

    Instances of malware would be considered a perfectly good reason for investigate any further releases of code from any company. Do you think Sony would have released rootkits on their CD's if we had Congressmen who would tell them if they put a bug in the code, people have a perfect right to fish through their products to find and remove it.

    If Apple can make an environment where people can communicate to business, and can keep business from requiring use of risky technologies in order to satisfy the requirements that business has in order to communicate with it by use of "walled garden" controls, than so be it, and I will adopt it as a communication appliance.

    However, when it comes to me being able to tell my machine what I want it to do, I still want the ones I can program directly - you know I trust my Arduino far more than I trust my windows box. However, you know as well as I that with a lot of businesses, you can't even talk to them via text files anymore... they insist on some sort of scripting stuff if you can talk to them at all.

    What scares me the most is I see the day looming our government will insist our taxes be done via internet. I have already been recipients of phishing scams ( quite well done ones too ) because someone found out I had a business relationship with a business, and tried to impersonate that business. People will go to damn near any length to phish. Emails purporting to be from the IRS are going to be taken seriously. Now, most people doing business know their supplier/customer and will quickly establish contact with each other to resolve a problem, however just how many of us know anyone at the IRS? We end up having to call the number they give us which makes a phish attempt even more successful. The mess is all in the ether, served across international borders, where US dollars are taken but US law does not apply. At least the United States Post Office has authority over what gets delivered to my mailbox and would be quite fast at picking up on letters purporting to be from IRS and they were not, and also taking responsibility that letters to IRS got there. It would be damned hard to proxy the USPS.

    Did anybody read that book, "Little Brother" by Cory Doctorow what was discussed on a story earlier here at Soylent? I provided a link to that book, downloaded, and read it. I think Cory has a good idea of the mayhem that can be caused by an untrustworthy computing infrastructure, however I do not feel it will be San Francisco kids that will be doing it. I get the idea the mayhem will be coming out of countries that see things like spoofing tax forms and government litigation as being a good way of tangling the US workforce, the US government, and US Businesses into all sorts of money-snarls so that nothing gets done. Most people do not fear businesses sending out unwarranted threat notices - heck, I get those all the time. Businesses do that so their sales letters at least get seen, however by the time I figure out it was just a tactic to get me to open the letter, I have absolutely no trust for them because they got my attention under false pretenses. But emails from a nameless IRS division are going to be responded to. Right now, being I have only dealt with IRS via USPS, I know they will not contact me via E-mail. If anything gets serious, I am counting on USPS to vouch for who sends me anything, as it will come registered mail.

    Things are getting nasty in the high-tech area. I was just over at Krebs security a little while ago being quite impressed on how the "bad guys" are using 3D printing technology to make ATM skimmers. [krebsonsecurity.com], which was a sidelink from my researching about Cryptolocker malware.

    The things I do and the risk I put myself in just because some business wants to run javascript and insists I do not block it.
    • (Score: 4, Interesting) by Horse With Stripes on Saturday June 14 2014, @12:15PM

      by Horse With Stripes (577) on Saturday June 14 2014, @12:15PM (#55282)

      My biggest problem is I need to communicate to businesses. The reason I run Windows is because businesses will talk to Windows.

      I'm not sure I know what this means. I use Mac & Linux. I have never owned a PC (or any Windows device), though I can fully support and service my clients that do. None of my clients are Mac or Linux shops. One is now using a Chromebase as the only device for their online banking (minor victory but some progress nonetheless).

      If using Windows was a requirement to do business with other businesses I would be out of business. That is not the case. Most businesses are entrenched in MS Office, though there are plenty of non-MS and non-Windows options that can use the MS Office file formats. Using Windows is not a requirement to do business.

      • (Score: 4, Interesting) by physicsmajor on Saturday June 14 2014, @03:46PM

        by physicsmajor (1471) on Saturday June 14 2014, @03:46PM (#55317)

        Just a guess: many companies require a bullshit script to be rerun every time you VPN into their network. Often this is ancient and riddled with crap requirements like must have antivirus and firewall software from a vendor whitelist, which may well not even produce software for *NIX.

        They don't care about real security, they care about claiming they cared about security when (not if) their network is breached. It's all about pointing fingers.

        • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @06:10PM

          by Anonymous Coward on Saturday June 14 2014, @06:10PM (#55351)

          It is called a fitness test, system health check, and many other names. They have lists of known vendors because, well, how can you know what you don't know? Nothing is secure. Nothing ever has been. Security as a profession is all about mitigating risk. You complain about vendor whitelists while saying "They don't care about real security." Real security is not allowing anything anywhere near your system without knowing what it is. If you aren't on the list and don't pass the checks, you don't get on. It is rather frustrating to see people still whining about 'crap requirements' while saying that the people imposing those same requirements do not care about security. Why do you think those requirements exist? You are a 'physicsmajor' you would not expect someone in the IA field to know the nuances of yours, and likewise you do not know the nuances of security, or even what it is for that matter.

        • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @07:01PM

          by Anonymous Coward on Saturday June 14 2014, @07:01PM (#55366)

          crap requirements like must have antivirus
          Regarding this topic, whenever I want a smile, I go back to this item. [googleusercontent.com] (orig) [blogspot.com]

          It's all about pointing fingers
          Amen.

          -- gewg_

    • (Score: 2, Insightful) by waterbear on Saturday June 14 2014, @07:45PM

      by waterbear (4447) on Saturday June 14 2014, @07:45PM (#55383)

      I totally agree with this (quote below). If there was a way to support attempts to make it happen, I would go for it.

      >"If I had my way, all email would still be text files or a really stripped down HTML which only supported images( .png, .gif, .jpg ), audio (.mp3 only) and video (.mp4 only ). No other codecs supported. If you wanted to play businessman and insist on nonsupported codecs, it would be widely known that business was to be held 100% liable for problems caused by the plugin he demanded. Just like we hold a restauranteur 100% responsible for an outbreak of food poisoning resulting out of his kitchen."

      There's a lot of pressure out there to use the latest thing, even if it's nearly-broken and/or vulnerable to exploits, but the pressure isn't always explicit. Non-IT-expert business-folk rely on their web designers and other IT guys to come up with something useful, and if the answer happens to be something whizzy, barely tested and needlessly complicated and vulnerable, the person commissioning the system might not be aware of any of that.

      -wb-

  • (Score: 2, Funny) by Anonymous Coward on Saturday June 14 2014, @12:14PM

    by Anonymous Coward on Saturday June 14 2014, @12:14PM (#55281)

    i think the apple logo reflects this beautifully:
    you don't get the whole healthy apple. the rotten wormy-malware part has been removed : )

  • (Score: 3, Insightful) by lajos on Saturday June 14 2014, @01:03PM

    by lajos (528) on Saturday June 14 2014, @01:03PM (#55287)

    how about built in malware like facebook?

    • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @02:48PM

      by Anonymous Coward on Saturday June 14 2014, @02:48PM (#55304)

      > how about built in malware like facebook?

      100% agreement on this sentiment. It isn't that iOS is risk-free, it is just that the set of applicable risks aren't what (most) people yet understand to be risks. Same sort of thing happened when viruses and trojans were relatively new - most people didn't realize that viewing a spreadsheet attached to an email was a risk. Our understanding of our own vulnerabilities is a constant evolution.

    • (Score: 2) by BasilBrush on Saturday June 14 2014, @06:13PM

      by BasilBrush (3994) on Saturday June 14 2014, @06:13PM (#55354)

      Just because you don't like a service, doesn't make it malware.

      --
      Hurrah! Quoting works now!
      • (Score: 2) by everdred on Monday June 16 2014, @10:07PM

        by everdred (110) Subscriber Badge on Monday June 16 2014, @10:07PM (#56108) Homepage Journal

        Over-simplifying what GP said does not make you correct either.

        Here's a test for malware: give the average Facebook user a plain-language list of ways in which their data can be "legitimately" used under the ToS, and see how many uses they would classify as going against their wishes.

        • (Score: 2) by BasilBrush on Tuesday June 17 2014, @08:56PM

          by BasilBrush (3994) on Tuesday June 17 2014, @08:56PM (#56644)

          That isn't remotely the definition of malware. Again, just because you don't like their service, doesn't make it malware.

          --
          Hurrah! Quoting works now!
    • (Score: 3, Insightful) by Tork on Saturday June 14 2014, @07:25PM

      by Tork (3914) on Saturday June 14 2014, @07:25PM (#55376)
      Are you really sure you want to compare that to having a Google account in charge of all your contacts etc on the phone?
      --
      Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 0) by Anonymous Coward on Saturday June 14 2014, @08:19PM

        by Anonymous Coward on Saturday June 14 2014, @08:19PM (#55392)

        > Are you really sure you want to compare that to having a Google account in charge of all your contacts etc on the phone?

        Fortunately that is not a requirement. [tomsguide.com] Which ought to be have been obvious given the context of android not being locked down. But, never let facts get in the way of a good zinger!

        • (Score: 2) by Tork on Saturday June 14 2014, @08:31PM

          by Tork (3914) on Saturday June 14 2014, @08:31PM (#55394)
          You don't have to have a Facebook account, either. So... you still sure you want to compare that to having a Google account in charge of all your contacts etc on the phone?
          --
          Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
  • (Score: 1, Insightful) by Anonymous Coward on Saturday June 14 2014, @03:38PM

    by Anonymous Coward on Saturday June 14 2014, @03:38PM (#55315)

    I'd feel safer locked up in a padded cell with no natural light, but I choose not to live that way. Freedom is risky and dangerous.

  • (Score: 2) by Hairyfeet on Saturday June 14 2014, @09:12PM

    by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Saturday June 14 2014, @09:12PM (#55400) Journal

    And in both cases you have a corp deciding what you can and can't have. Thanks but no thanks, I'd rather have control over my devices and not have to use third party hacks just to wrest control over the device i paid hundreds for from some corp.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
  • (Score: 1) by VitalMoss on Saturday June 14 2014, @10:48PM

    by VitalMoss (3789) on Saturday June 14 2014, @10:48PM (#55418)

    I found that if I cut my foot off and lock it in a sanitized box, it can't get infected! How smart am I? *Internet Pat on the Back*