December 14, 2011 at 9:49 pm
Comments posted to this topic are about the item Careful with your Smartphone
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
December 14, 2011 at 10:03 pm
Steve
One of the not-much publicized facts about Win7 Phone development: you are running in a sandbox. To run outside of that, you have to have a special one-case-at-a-time agreement with Redmond. If you want to talk about getting one, you better be a Certified Gold Partner for five or more years (my guess).
Note similarities: Apple owns the closed platform. Microsoft has an "open" platform but if you want to run Win7 on your phone, you have to meet every single criterion listed in a quite voluminous doc. To quote Wikipedia, "Microsoft offers a new user interface with its design language [sic] named Metro, integrates the operating system with third party and other Microsoft services, and controls the hardware it runs on."
http://en.wikipedia.org/wiki/Windows_Mobile_7
To drive it home: Microsoft, for all their failings, does give a hoot about safety of Win7 phone users, on all levels they can control.
December 15, 2011 at 1:33 am
Steve, I disagree. The apple process offers no protection at all as has been proven and shown. They do not discover malware / spyware / rootkits etc. What you get from apple is a false sense of security.
I would say that apple and google still have a lot of work to do here.
December 15, 2011 at 6:31 am
I was thinking of the same thing as IceDread - Apple just had an app revealed that had all sorts of unacceptable code inside of it, approved by Apple and out there for a while. I know the app was pulled from their app store, but only after the dev had let it sit there a while after it had passed through certification. The dev then revealed what was in the app publicly, Apple pulled the app, and Apple blocked the dev from being able to submit any future apps. (Sorry I don't recall the details on the app or the dev, but this was in the last month or so.) There was also the great "tethering flashlight" app from the earlier years where someone wrote a flashlight app with the hidden benefit that while it was running you could tether your phone to use that for network access. I'm not trying to knock Apple's process, but they've had their issues missing things in code reviews.
WP7 does run in a sandbox, but I'd imagine MS will eventually let something slip through that they don't intend. To date, the worst I've really heard about are apps pulled because some other big name is going to release their version of the app. (Doodle God being the most recent example coming to mind.)
Your last point about setting a PIN and not saving passwords in the browser holds true for any platform and is probably the best advice. We see a lot of companies pushing down those policies for their corporate smart phones now. Ours even has a "wipe after 10 incorrect passwords" setting.
December 15, 2011 at 6:53 am
IceDread (12/15/2011)
Steve, I disagree. The apple process offers no protection at all as has been proven and shown. They do not discover malware / spyware / rootkits etc. What you get from apple is a false sense of security.I would say that apple and google still have a lot of work to do here.
Apple doesn't really check for malware. They're more policing for porn, or violations of their political beliefs. They've had several threats get by them.
Google doesn't really check their market, and you get whatever is in there. There have been hundreds of malware applications sold there, some even masquerading as popular apps like Angry Birds. Same name, same icon, sends expensive SMS messages to steal money directly from you. That kind of thing. Google removes stuff that other people point out is malware, but they really, really, really need to start paying attention to security for the first time in their corporate history. (These are the guys who keep getting hacked by the Chinese government because of HUGE gaping holes in their Google search server security, and their g-mail security is virtually non-existent.)
Amazon's android market is more secure, since they do test all apps, but how much more secure is still not known.
The Windows mobile apps market is highly secure. Better than Apple, and not even comparable to Google. But then MS has been dealing with fixing security issues for years now and they finally actually got good at it with XP SP2 and have stayed good at it since then.
Beyond malware apps, there are a LOT of threats to mobile devices. Blue-Tooth hacks that allow phone takeover, malicious QR codes, Twitter "short URLs" that install malware then pass you through to the site you thought you were going to in the first place, and so on.
And none of that addresses the physical security aspects of this. Like FourSquare and other location-sensitive social networking tools, which also allow stalkers to know where you are, burglars to know when you're not home, and so on. Police and FBI are running into more and more uses of that in organized crime.
But, as always, it's about the tradeoffs, and personal responsibility. I have a smartphone and a tablet. Both Android. I use them as responsibly as I know how, and they are absolutely wonderful, both for productivity and for fun.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
December 15, 2011 at 7:14 am
GSquared (12/15/2011)
Beyond malware apps, there are a LOT of threats to mobile devices. Blue-Tooth hacks that allow phone takeover, malicious QR codes, Twitter "short URLs" that install malware then pass you through to the site you thought you were going to in the first place, and so on.
And none of that addresses the physical security aspects of this. Like FourSquare and other location-sensitive social networking tools, which also allow stalkers to know where you are, burglars to know when you're not home, and so on. Police and FBI are running into more and more uses of that in organized crime.
I was surprised to see all of the unprotected Blue-tooth networks in a public place just the other day. For many people that is not even a temptation to jump on the device and use it in any means they desire.
Malware - at least there are apps to help with the spyware/malware threat.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 15, 2011 at 9:56 am
GSquared (12/15/2011)
. . . Amazon's android market is more secure, since they do test all apps, but how much more secure is still not known.The Windows mobile apps market is highly secure. Better than Apple, and not even comparable to Google. . . .
Important part of Win7 security, which I did not mention in my initial post, is that you cannot install an app on the phone except from the MS Marketplace or by Visual Studio if the phone is directly connected to the machine. So it is darn difficult to install malware.
December 15, 2011 at 10:17 am
Important part of Win7 security, which I did not mention in my initial post, is that you cannot install an app on the phone except from the MS Marketplace or by Visual Studio if the phone is directly connected to the machine. So it is darn difficult to install malware.
True, but the homebrew scene is trying to make some inroads on that for homebrew. It requires a custom ROM to accomplish, though, so highly unlikely that it will affect the average user. And yes, that means malware would have to go through MS to work and somehow gain elevated rights to affect anything outside of the app itself. Installing an app through Visual Studio requires a Developer-unlocked device, too. Most people won't have that unless they are a developer or paid the Chevron team for an unlock. Guessing the majority of those people are likely careful about what they side-load. 🙂
December 15, 2011 at 10:53 am
Peter Schott (12/15/2011)
Important part of Win7 security, which I did not mention in my initial post, is that you cannot install an app on the phone except from the MS Marketplace or by Visual Studio if the phone is directly connected to the machine. So it is darn difficult to install malware.
True, but the homebrew scene is trying to make some inroads on that for homebrew. It requires a custom ROM to accomplish, though, so highly unlikely that it will affect the average user. And yes, that means malware would have to go through MS to work and somehow gain elevated rights to affect anything outside of the app itself. Installing an app through Visual Studio requires a Developer-unlocked device, too. Most people won't have that unless they are a developer or paid the Chevron team for an unlock. Guessing the majority of those people are likely careful about what they side-load. 🙂
Careful, or don't care.
No amount of making a safer car can prevent a suicidal driver from slamming into a bridge abutment at 100 Mph if he really wants to.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply