Don't give malware for Christmas (1 Dec, 2014)

Have your say on today's Aardvark Daily column

Don't give malware for Christmas (1 Dec, 2014)

Postby aardvark_admin » Mon Dec 01, 2014 8:38 am

This column is archived at: http://aardvark.co.nz/daily/2014/1201.shtml

Beware the gift you give this Christmas, lest it contain a nasty and unintended payload or constitute a major threat to the recipient's security and privacy.

And "step away from the E-card", unless you want to show folk just how little you really care.
aardvark_admin
Site Admin
 
Posts: 3593
Joined: Wed May 07, 2014 2:10 pm

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby latewings » Mon Dec 01, 2014 9:44 am

One of the winglets goes to High School next year. The school has implemented a BYOD plan where students should have a fondleslab of fruity lineage. The advantage of bulk buy has also extended to software, where apps the greasy fingered layabouts need can be downloaded from the school's very own malware^w app server.

Damned if I'm going to let him connect to my home's wifi network with it without corralling the thing in it's own vlan.
latewings
 
Posts: 349
Joined: Thu May 08, 2014 10:18 am

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby virtualkiwi » Mon Dec 01, 2014 9:56 am

aardvark_admin wrote:This column is archived at: http://aardvark.co.nz/daily/2014/1201.shtml

And "step away from the E-card", unless you want to show folk just how little you really care.


Given the proliferation of print on demand photo printing sites all competing against each other, and the cheapness or reasonable digital cameras - or decent camera capabilities of high end smartphones, there's actually plenty of opportunity to send decent, truly personal Christmast cards.
Even NZ Post have got in on the act, and although theirs may not be the cheapest on the market, they do included postage, and they have an app, so smartphone users can sort out their Christmas card list with minimal effort, and none of that old fashioned going into the post office with a stack of envelopes. For PC users they support CSV recipient lists, so it's never been easier to send a bunch of decorated bits of dead tree. Hopefully the price will at least put off spammers.
virtualkiwi
 
Posts: 49
Joined: Thu May 08, 2014 1:44 pm

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby enerider » Mon Dec 01, 2014 11:24 am

latewings wrote:The school has implemented a BYOD plan where students should have a fondleslab of fruity lineage.


They can go suck eggs. Education should not be vendor-locked. Especially not vendor-locked to overpriced landfill. :evil:

Electronics Recycling? That will only happen when you're not penalised every time you try to do it. (you have to pay to get it done, at least in this neck of the woods).

Better still would be having electronics built to last so they didn't *need* thrown out, but that baby got defenestrated with the bathwater long ago at the altar of "Profit!".

[/end offtopic rant]

http://cdn.meme.am/instances/500x/56699502.jpg

Android-based devices will have this issue forever, as the companies churning the landfill-grade slabs out have zero incentive to update the OS or use a new version. Add to that the complexities involved in even attempting to update the OS to a later (and less vulnerable) edition and you might likely find yourself with hammer-in-hand with the only decisive solution to the problem. (or is that just me?)

In this regard, fruit-slabs are slightly more attractive as here there *is* at least a mechanism for upgrading the OS to a later edition for a while.

If it comes to android, your best choice will be the Google-blessed ("Nexus") devices as these will also sport a means of getting the latest OS updates as they arrive. Samsung and others simply don't have an interest in providing a newer OS edition as they'd rather take the opportunity to sell you a new radio locator beacon.
enerider
 
Posts: 144
Joined: Tue May 13, 2014 11:01 am

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby Stevesub » Mon Dec 01, 2014 12:20 pm

My first tablet was a fruity one that I gave away to the Grandkids after 18 months as the OS reached the end of its life and could not be upgraded, apps stopped working because of the old OS, etc. I have had Samsung devices since then and even though the OS is not the latest, all the apps still work. My wife's fruity tablet is barely functional now but all she wants to do is simple games, email and the net so no problems so far.

As for apps, all mine are download from the appropriate official store (Google, Samsung or Apple) so with any luck, they have been vetted and are clear of nasties - I hope. Until now, I have only bought "Name" brand tablets/phones and steered clear of the cheap, cheerful full of problems el cheapos from China - and they have all lasted well except for the fruity tablets with old cannot be updated OS's.
Stevesub
 
Posts: 220
Joined: Fri May 09, 2014 5:14 pm

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby par_annoyed » Mon Dec 01, 2014 3:20 pm

I'm very ignorant about tablets and what hardware they have....

I do see though that if you get an x86 tablet, you can run Linux on it, which sounds good to me, and generally Linux supports some quite old hardware - for PCs at least.

I thought Android was [originally] Linux based ? However given how much negative press I've seen since, looks like they moved away from the security model.

I don't intend to get a mobile device, and if I ever do, there will be some serious questions about its hardware and OS.

I agree the popular new vector will be attack via mobile tablet connected to home WLAN to get to PCs and whatever else it can find. (your TV ? probably)

Note though that even the OFFICIAL apps leak all sorts of personal info all the time - have a look at 'the register' or other techie sites to confirm.
par_annoyed
 
Posts: 596
Joined: Sat Oct 18, 2014 8:03 am

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby enerider » Mon Dec 01, 2014 3:31 pm

Android you basically have the hamburger arranged as follows for tablets and phones (heavy generalisation ahead!):

1) ARM hardware of some description with accompanying system-on-chip bits (So hardware media decoders, WiFi, Bluetooth, etc)
2) OS layer. Linux kernel usually goes here. Drivers for all the ARM/SoC bits are usually compiled into the kernel.
3) Dalvik, the Google Java VM. The very same thing Oracle got their panties in a bunch over and fired the lawyer cannon multiple times
4) Android system + applications

Android itself is merely the part running inside the Dalvik VM, which is the go-between for what Android wants to do on the device and the Linux kernel that is running the bare-metal side of things.

So Android itself doesn't have drivers, that's a problem for the Linux kernel to handle. The VM inbetween insulates kernel stuff from Android stuff. Feel free to correct my limited understanding of how the whole caboodle meshes together :mrgreen:
enerider
 
Posts: 144
Joined: Tue May 13, 2014 11:01 am

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby par_annoyed » Mon Dec 01, 2014 8:25 pm

OK, that makes sense to me.

Of course ANY system, including Linux, is only as secure as the apps that run on it, and as soon as you add custom kernel mode drivers and/or application software
that runs in kernel level, you have effectively broken through the Linux security model......so again, that would fit the above description too....

I can see how the metadata level can be actually within the hardware, visible to outside.
par_annoyed
 
Posts: 596
Joined: Sat Oct 18, 2014 8:03 am

Re: Don't give malware for Christmas (1 Dec, 2014)

Postby Malcolm » Wed Dec 03, 2014 8:58 am

The trick is not to buy the cheapest chinese made Android tablet, probably subsidised by the Chinese intelligence community.
But to buy Nexus branded ones as they are meant to be able to take updates of Android direct from Google without the manufacturer getting in the way and dragging their feet.
Either that or one with good Cyanogenmod support and use that build of Android which usually is better than the versions put out by the big manufacturers.
Malcolm
 
Posts: 346
Joined: Thu May 08, 2014 9:43 am


Return to Today's column

Who is online

Users browsing this forum: No registered users and 4 guests

cron