Malware... easy for Android!

We are all aware of the terrors that lurk in the depths of the internet and the script-kiddies who try to steal our money.

I’m sure you’ll all agree one of the reasons we use Linux is because it is a very secure platform. Which is why I worry when I read articles like this.

Android is one of the most popular Linux based systems purely because of people using smartphones. These people proabably don’t even know what Linux is, even though they use it on a daily basis.

(Before anyone jumps in, I know Android differs massively from Linux but it is based on the Linux kernel so I feel these problems should be relevant to us all).

It isn’t ideal that it has such massive security issues (I know this isn’t the first problem they’ve had) as it gives Linux a bad name.

I am a big user of Android smartphones because yes they are Linux based but more importantly they ARE NOT iPhones!

In the article David Ermm, senior security researcher at Kaspersky Labs, is quoted as saying

"The platform is popular, it’s easy to write apps for it and it’s easy to distribute them via Google Play – so it’s little wonder that cybercriminals are making use of Google Play, where malware masquerades as a legitimate app."

He is totally right in what he is saying, and because anyone can publish apps it is a major security issue.

Does this happen because it is so popular and if not why doesn’t it happen on Linux? I know viruses can be made for Linux but there are very few, if any, malicious viruses out there. Windows however has thousands. I always thought a reason for this was because every mindless numbskull uses it and the people who use Linux have some respect for each other.

With Linux distros becoming more and more popular is the security risk going to go up as well? How can we reduce the security risk on Android without compromising everything we love about it?

I want Android to be loved and respected because for a lot of people it is the gateway to a brighter future where we all use Linux.

[EDIT] Source - TheRegister

I’m glad you used the word “a” there, and not the word “the” … otherwise we’d be having words at this point :wink:

Linux has “paranoid level” security, so IS secure … full stop … nothing to do with how many people use it

Android less so … by choice … in favour of “ease of use” and a software distribution model that is “closed source” (and idiot) friendly.

That fake angry bird app took advantage of the differences between Android (and the mobile device ecosystem) and Linux … and wasn’t even (in my eyes) a real security issue … more of an idiot user issue … there’s no protecting ANY system against them, Linux included, but to me it only becomes a real problem if it can propagate beyond the idiot that installs it.

Android/Linux, very similar yet worlds apart … an enigma ? … nah, just used for different things, and with VERY different expectations from the user base.

Android still seems pretty secure from where I stand … it aint idiot proof … but then what is ?

And don’t you think it’s odd that the messages of doom and gloom are coming from Kaspersky and F-Secure … I mean they don’t stand to gain anything by frightening everyone do they ? … I also seem to remember Kaspersky telling the Linux community they needed virus protection based on the fact that there ARE Linux viruses, yet failed to mention most of them were proof of concept viruses and not in the wild, and that any that have appeared in the wild have been unable to do any real damage or propagate, and are quickly eradicated without the need for AV … and the fact that the Kaspersky labs servers were compromised so they themselves became a source of virus distribution.

Linux will NEVER require third party AV (unless you need to detect Windows viruses on sommat like a mail server that services Windows PC’s) … it already has proactive AV built in :slight_smile:

I agree it is more of a user issue but it may be the start of the snowball. Especially with Linux/Android becoming more and more well known.

But like you said Linux may never suffer from these issues and even though viruses have been proven they are not in any way a threat.

I just feel it is a blow for Android. I am constantly trying to explain why I don’t have an iPhone and I praise Android but these news articles don’t help my case.

Linux WILL suffer the same issues … but they aren’t “real” security issues … there’s nothing to stop an idiot Linux user with admin privileges installing malicious software as root … and suffering the consequences … but it will still find it hard to propagate to other systems, unless that idiot physically gets up and goes to the other system and acts like an idiot “as root” again.

As I said, there’s no protecting a single system from an idiot user with local access and admin privileges … but Linux (and Android to a lesser extent) protects the whole community admirably, by putting MANY obstacles in the way of the “spread” of malicious code .

Windows (historically) on the other hand will just execute code, and shove it across the network to another Windows system without a second though.

Linux as far as a single PC goes is no more proof against idiots than Windows, unless the user is locked down to a “user” account.

The only real difference is Linux will protect non idiots automatically and without the need for third party and often ineffectual AV software … Windows doesn’t discriminate … in this respect Windows is an equal opportunity OS :wink:

I agree it is more of a user issue but it may be the start of the snowball.

It WILL snowball … as more idiots use Linux/Android, more idiots will install malicious code (stupidly) as root and give it permission to screw up their system… but they’ll only have themselves to blame, and it won’t affect others … as I said, there’s no protecting ANY OS from an idiot, short of making it impossible to install anything … or as Apple do, only allowing “approved” software.

Windows (all versions) = You WILL get stung, idiot or not, and no matter how good your security practices and AV are … just a matter of time.

Apple iOS= You’ll only get stung when something slips through the App Store safety net, but you’re limited to what you can install.
(but when things do slip through the net, they’ll affect large numbers because people put too much trust in the App Store safety net)

Linux/Android/BSD/OS X/other *nix = don’t be an idiot, and you’re safe … you still have the choice to be an idiot, but being an idiot will only sting YOU.

More Linux users = More idiot Linux users = More screwed Linux systems … but unlike Windows, someone else’s idiocy is unlikely to affect you, Linux puts too many obstacles in the way of that happening :slight_smile:

In fact it’s probably “easier” for an idiot to screw his own Linux system … sudo rm -rf blah blah … but only an idiot admin

I do tend to go on a bit when Linux and AV are mentioned in the same topic … so I’ll shut up now :o

Further reading: -

Rick’s Rants - Should I get anti-virus software for my Linux box?

The short life and hard times of a Linux virus

A previous rant of my own on “so called” Linux viruses

I agree with Mark, as Linux grows we will start to get more idiots, but because Linux was built from the ground up with networking in mind, we won’t fall like Windows did. Infact, it’s even better that we’re open-sourced because if there is a virus somewhere in the wild, it won’t be long until it’s shut down and killed.

Malware on Android isn’t the first time I’ve heard it. There have been many cases, mostly fakes though. I’m surprised Google would even think about lessening the security to make it easier to use.

If you want easy to use, go use iOS. Now that might sound like me pushing away Android users but I’m not, I’m just pushing the idiot users because they don’t understand how it works.

I think personally Google should approve apps, or have a repository system like Linux does, but also be more open-sourced. That way we can crack down on the idiots who try and write malicious code.

Personally I think Google/Android are doing it right … it’s as secure as an iPhool, but you get the choice to be an idiot.

Seriously … I don’t want Google to go down the route of “policing” my phone and apps for me … I’d prefer the choice, otherwise I’d buy an iPhoney.

Yup, that may mean a fool will be stung quicker on an Android device rather than an iPlode … but do we really want to go back to the idea of a phone with ONLY approved apps.

Google had no intention of Android becoming Apple iOS … thank god.

From what I’ve seen so far, Android is secure … but a user CAN sidestep that security if they choose … it’s only a problem when stuff can get on without user intervention (stupidity).

Would you like Linux to govern which apps you can install, or do you prefer the choice to install what you want, and see your Linux PC’s security as rock solid, but in your hands ?

Give an idiot a guard dog, and he’ll get bitten if/when he mistreats it, or tries to break into his own place :o ← don’t know where that came from, but it seemed amusing at the time :slight_smile:

That said … I’d still prefer a proper Linux smartphone if there was such a thing … but that could be why I aint got one :slight_smile:

http://androidforums.com/android-applications/36936-android-permissions-explained-security-tips-avoiding-malware.html

I bought my first smartphone a couple of weeks ago, a galaxy note which is an impressive piece of kit, I was worried about permissions when downloading apps, so i didn’t.
android forums and xda-developers have pretty impressive sites and are very helpful ,

the above link has loads of information on apps and malware

keith

I don’t have a phone either. I’m waiting on either Ubuntu For Android, or an Ubuntu phone… or someone who just makes a Linux phone…

ubuntu can be put on most high spec android phones

Huh ??? … how ?

If you mean Ubuntu for Android … it’s not available to you and I … Ubuntu are directing it SOLELY at phone manufacturers … so you can’t get it yet.

They also say it WILL NOT be released as an app.

http://androlinux.com/android-ubuntu-development/how-to-install-ubuntu-on-android/

if you google ubuntu on android, loads come up similar to link above
on android forum.com and xda-developers there plenty of postings
I’ve only seen the topics as its not much interest to me at the moment, therefore i havn’t a clue how it works , just thought it might be of interest to you :slight_smile:

Well … OK … hacked on … at the risk of your phone and guarantee … I get your point, but I’m not going to go buy a new Android phone just to risk it.

My (and I think BkS’s) point was I’m not interested in an Android/iPhone … but I will be if/when a decent Linux phone appears … or maybe an Android phone with Ubuntu on Android.

Hacking phones is something you do after owning the phone for a while … not something you generally buy it to do.