“The discovery, reported by John Hering of the Lookout security firm, was covered in a report by Reuters, which inaccurately described the malware a ‘virus’ and misleadingly referred to the exploit as being orchestrated by ‘hackers,'” McLean reports. “In reality, the malware was simply the product of malicious mobile software developers who misrepresented their work as safe, and distributed it through ‘sites that provide legitimate software for mobile devices.'”
“The fraudulent mobile software for Microsoft’s smartphone platform punctuates the warnings Apple has been sounding about security-free software distribution, and underlines why the company has maintained a strict policy that forces iPhone mobile developers to get their work approved by and cryptographically signed for distribution by Apple itself,” McLean reports. “Critics have chafed at Apple’s secure software signing model and have praised Google’s alternative Android model, which enables users to download software from any source, without any security model in place, at their own risk.”
McLean reports, “The appearance of malware on Windows Mobile is particularly interesting because the motivation of this assault was entirely financial. That being the case, the fact that the malicious developers targeted Windows Mobile, which is almost entirely limited to the US and now trails Symbian (42%), RIM (21%), and Apple’s iPhone OS (15%) in market share (9% over the last year), throws decades of Windows-based punditry on its head because ‘malicious hackers’ supposedly only target the largest platform.”
Read more in the full article here.
MacDailyNews Take: Security via obscurity disproven yet again. For further reading, please see: Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 04, 2010
@ MadMac – Good to see you responding to the logical counter-arguments myself and others have made here.
…oh wait, you haven’t done that at all.
So thank you for proving *our* point, that you don’t have a logical leg to stand on, and you know it.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
@ Gabriel
No amount of logic will convince those that are high on the kool-aid.
However, my point was that the article stated that malware has been embedded in apps and there are those here that seem to think that Apple is immune to this. The incident with Flurry shows that it has happened to Apple. That’s a fact. Some want to ignore the facts and change the argument to say that Apple can quickly track it down. True. But that does not negate the foregoing facts even though some want to live in an alternate reality.
To your point, Gabriel, making a distinction of what the malware does will not change the fact that both are instances of malware. Again, diverting the argument so as not to have to accept the facts. Sounds like you’re the disingenuous one. The point you missed was not one of trying to equate the functions of the malware, merely its existence on both platforms. Sorry if you refuse to acknowledge facts and continue to kid yourself. Reminds me of Windows fanboys who keep telling themselves that Win 7 is the greatest incarnation ever bestowed upon the tech industry. Keep lying to yourself and maybe you’ll feel better. But the facts won’t change.
@ myself,
That was one helluva post! Now go back to your pathetic little life.
MadMac,
Your argument may hold some water, but there is still some fundamental difference. Let us disregard for the moment the fact that raking up charges (i.e. stealing from users) is most certainly NOT on the same criminal level as breaching users’ privacy. The main difference here is, as soon as Apple finds out that an app is malicious, that app is GONE and NOBODY can use it anymore. It’s gone from the existing iPhones/iPads, as well as gone from their store. When Microsoft (or anyone else) discover that there is a malicious app out there, they can just shrug their shoulders about it, tell users to be careful and carry on with their business.
MS/Android/Pre/Symbian/RIM markets are wide open to any malicious developer, and none of these have any mechanism that would prevent their user base from installing the malicious software.
Therein lies the fundamental difference. Not to mention that having some vetting process significantly reduces (albeit doesn’t eliminate) the chance of a malicious app making its way into the market in the first place. I will take this ecosystem any day rather than shifting that burden completely onto my own shoulders. I’ve got tons of other stuff to carry on my shoulders, I don’t need this as well.
@singidunum,
Again, you side track from the fact that malware showed up on both platforms which was my only statement (a FACT). You try to rationalize it by saying that Apple can magically make it go away even on installed phones (yeah, I’d like to see that). Don’t put words in my mouth. I never tried to imply that the actions of the two types of malware were similar in any way. That was your inference.
Rationalize all you want and ignore the facts if it makes you feel better.
@MadMac/Truck Driver
Not “being on the koolaid” is one thing. Failing to take twisted satisfaction in the ongoing saga of Windows and Windows Mobile insecurity would be a waste of yet another glorious opportunity.
Windows lovers have shot their mouths off for years, and payback is hell. Sanctimonious? Well, in some cases it is justified. Hypocrites? Not sure how that applies in the context provided. Given the quantity of FUD that still turns up with every story on Apple, you won’t find too many people on this forum who feel kindly towards Microsoft lovers or Microsoft defenders.
Contrary to your belief, only a very few misguided people on this forum truly believe that Mac OS X or iPhone OS are “immune” to attack. No OS is. But comparing extremely rare and isolated incidents with Apple software against frequent and significant incidents with Microsoft products is ridiculous and worthy only of bottom-feeders like Enderle and Thurott.
If you have to exaggerate your case to make a point, then you have little or no case at all. You cannot be the voice of reason with that approach, and you aren’t going to stop the M$ bashing party around here!
@KingMel,
No MS lover here. No exaggeration either. Just facts.
Ling live Steve Jobs and long live Apple!
“No amount of logic will convince those that are high on the kool-aid. ”
Oh please. You were caught spreading FUD. It’s as simple as that.
This article is about malware for Windows Mobile that dials up foreign telephone numbers to rack up insane bills and comes hidden inside innocent looking games.
You said “Remember, Apple had this same problem with apps they approved. “
…Umm, yeah. Except that Apple hasn’t approved malware disguised as games that dials up foreign telephone numbers to rack up insane bills, so no, they have not infact had this same problem with apps they approved.
So are you a liar, or do you just not quite know what the word ‘same’ means?
Then you tried to claim the incident with Flurry Analytics was a malware attack on par with this phonebill scam, which is total horseshit. Flurry got a little too stupid and gung-ho with its analytical data harvesting, and while that’s a problem, it wasn’t a criminal scheme to rob people, and it certainly wasn’t malware.
So are you a liar, or do you not quite know what ‘malware’ is?
I think all signs point to you being a liar.
Bonus points for throwing in that jab against Windows fanboys. It probaly isn’t fooling anyone, though.
@ the guy guy who is too chickenshit to give a name,
Try again. Please address the facts then we can talk. Apple had approved malware, there is no disputing that.
Keep trying.
“Remember, Apple had this same problem with apps they approved. It started sending info on the device and it’s whereabouts and ultimately disclosed the presence if the iPad before it was launched.”
That is exactly what you said. In the first sentence, you say that Apple had the same problem.
In the second, you describe the problem, and it turns out, it was NOT the same problem.
In subsequent posts, you backtrack to claim that Apple had the “same problem, approving malware…”. You should be making a beeping sound when you backup like that; somebody might get injured…
No matter how you try to present your “truth”, Apple obviously did NOT have the same problem. The problem was nowhere near serious as distributing software that steals money from users.
Steve had every reason to be livid about breach of privacy of Apple’s customers. But nobody was robbed of their money, and nobody suffered any meaningful damage from it. Put it this way: for the ‘problem’ that Apple had, nobody can be prosecuted. For the other one that Microsoft’s platform went through, authors of that software could end up serving jail sentences (assuming they find themselves in a jurisdiction that has decent laws regarding online theft).
And to sum it up in short: your statement (“malware showed up on both platforms”) stretches the definition of malware beyond reasonable points.
And beyond your statement, my argument remains standing: Apple will REMOVE any malware from YOUR iPhone (remember the remote ‘kill switch’ that was so vigorously discussed some time ago?) and purge that malware from the App store, and nobody will be able to get it anymore. Other platforms cannot do any of that (yet).
In addition, Apple’s vetting process puts an immense obstacle before malware writers. They would have to write a fully functioning application that is attractive to the broad range of users (in order to get any chance of reasonable deployment), and then embed the malware piece, and do it in an extremely clever way in order to smuggle it by Apple’s inspection. Once in the App store, the’ll have to hope for rapid deployment before Apple finds out about the malware component and wipes it out, so that they could do any reasonable damage with it.
Compare that with no restrictions for deployment into Android (or WinMob) store, no need to carefully and ingeniously conceal malware inside the app (in order to fool some filtering entity), and no chance that, once deployed, any single entity could delete your malware form users’ devices, other than users themselves.
As I said, your point may be valid (if we stretch the definition of ‘malware’ far enough), but it may be irrelevant. Apple’s ecosystem puts up so many obstacles to malware writers that the lure of such wide user base is just not enough of a motivation, when there is so much more low-hanging fruit out there to be picked.
“Please address the facts”
Ahh, the old “ask somebody to address the facts right after they just finished addressing the facts in order to exasperate them and distract from your inability to refute their points” schtick.
…It doesn’t work on me. 😀
I suppose enough has been said. MadMac has stated his position and shows no inclination of budging despite some valid responses and clarifications.
This is a case in which we should probably just let MadMac take solace in his slightly flawed, but well-meaning, beliefs and move on.
If there is a key takeaway from this discussion with which most people in this forum would agree, I believe that it is the so-called “open” strategies touted by Android and Microsoft are actually lazy approaches that invite exploitation and are, therefore, ultimately user unfriendly. The best way to stop malware is at the source, not retroactively after it is sprayed out to thousands of end users.
@KingMel
I don’t know that “Lazy” is a good way to describe it. They are approaching it from a different philosophy.
I think the key thing is that most people want to flip their phone out of their pocket and do something useful with it. A smaller subset of people want to tinker with their phone, use task killers to manage apps, download from random places, etc. They see that as a benefit over the iPhone because they really just want to tinker around.
That’s why I don’t think you will ever see app adoption rates on Android devices ever approach the iPhone rate. The tinkerers will continue to play, but the average user who is simply using Android because it just happened to be what was installed on the phone when they bought it will just use the device as is.
@KingMel,
Well said!
“… throws decades of Windows-based punditry on its head because ‘malicious hackers’ supposedly only target the largest platform.”
Darn. The ‘Security By Obscurity’ myth has been obliterated into a pile of steaming BS once again.
But of course, lunacy lives forever. The SBO myth will froth away in the minds of the vehement ignorami until doomsday. More reason for us to laugh and laugh at their foolish adherence to Microsoft whatever.
FACT: Windows always has been, and remains to this day, the single LEAST secure operating system anyone can use. It is still dead last in safety despite all the work put into Vista and 7ista. Enjoy fantasyland kiddies.
@ Ampar,
“Ballmer was heard screaming, “Where are I my fucking Twinkies?””
I had no idea Ballmer was gay.
@ C1,
Lighten up, that was funny and did not make fun of non straights.
Kendrick: These cookies are really hot. Don’t touch them.
Boys: Can we have a cookie!
Kendrick: Not right now. They’re for after supper.
Boys: Awww!
Everyone leaves the room.
Kid A (hehe) sneaks back and takes a cookie. Kid Z burns the house to the ground.
Kendrick: Both of you have – committed – a – crime. No XBox for a year!
—
Dear reader: please note,
– the ‘fact’ that two wrong doings occurred
– that the ‘parent’ believes each crime is equal — because they’re crimes
– that the XBox is now a pile of melted goo. Enjoy the irony.
So much for “hackers only target the largest platform”
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />