View Single Post
Old 05-24-2012, 12:02 PM   #11
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 889
Karma: 4383958
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
Quote:
Originally Posted by Kali Yuga View Post
Yeah, there's a whole strain of "security through obscurity" vs "security through openness" debate that's gone on for a long time.

My guess is that neither works better than the other. If a platform is going to be an attractive vector for malware/viruses, then malware writers will go after it.
I tend to favour the openness as more secure argument, but, only when the developers of both products are on a par skill wise. Both products will release with bugs, hopefully the open one gets peer review and quicker identification of flaws/fixes before they become zero days.

It's 6 of one and half a dozen of the other though when it comes to open software that doesn't get many eyes over it, since the few eyes it might get have no intention on reporting flaws they find On the flip side, it's not much harder for people to find potential areas to exploit in closed source apps, they just pound on them until they find a way to crash it then focus on that area to see if it's exploitable. Obscurity may delay things, but when they are found, it's likely they'll be found by those up to no good before a more honest dev happens across it in a general code review (which can't happen in prop software), not always of course, some security researchers focus on closed source software (has a high install base after all)

When it comes to security based systems though, anything doing encryption or managing passwords, then imo open source and peer scrutiny is the only way.

I'm speculating now, but the reason we may be seeing more malware on android, is that it's currently easier to drop a trojan'd app onto someone's phone via the more open google app store than it is on iOS. That doesn't make iOS more secure, as Apple can and do miss apps that are up to no good in their review process, but maybe there's a perception that you'll get onto more phones via Android before been detected?

@RainingLemur, as people start to do banking over their phones and payment processing becomes more common, I expect the number of reported malware attacks on both platforms will increase. There'll be a bigger incentive for phones to be targeted.

Last edited by JoeD; 05-24-2012 at 12:08 PM.
JoeD is offline   Reply With Quote