Superphones: A security nightmare waiting to happen If I sit down with a PC from the late 90s and a modern PC I bought yesterday they are quite obviously the same animal. The operating system has changed, and there have been some minor innovations. With the exception of speed and support for the newest protocols, a PC from the late 90s could be used to perform exactly the same …
Bollocks. If you're having to do that, you don't know what you're doing.
With XP, my home machine lasted 4 years, till I replaced the hardware. I'm currently at 5 years on my work machine, and my new home machine is now hitting 16 months on Win7, no issues.
I have anti-malware software installed, I run, at all times, as an unprivileged user (if it works for *nix..), which is not so hard as people like to make out, and I use an offline scanner once every couple of months, nothing turns up. This is how I work on all my machines - my Linux server, my (now departed) Mac, and Windows - and I take nothing for granted and check them all.
Windows makes it too easy to run with elevated permissions, if you change your work methodology to stop this, it's not too tricky to secure.
If you know enough about cars you can baby one along for over a hundred years. Most people don't. If you know enough about comptuers to alter your work methodology when using Windows, you're also perfectly capable of both using operating systems like Linux and digitally cleaning up after yourself.
I just did a first reinstall of XP on my g/f's Dell Inspiron 6000, which is at least three years old. She is not a "power user" and the reinstallation was more due to getting a bigger disk than slowness. Same with my mum's two year old Lenovo 3000, she was complaining that it was slow at the weekend, so I uninstalled all of the bloatware that her HP printer driver CD had installed and just ordered her another 2 gig of RAM as she only as 1 at the moment.
I've been using the same Windows XP machine as my primary development box for nearly three years. It's been used to develop everything from MS Exchange and MS SharePoint recovery tools to a device driver that let's you mount almost anything and have it appear as a disk device.
It hardly ever crashes (although the device driver development did trigger one or two (ahem) BSODs) and I've never had to reinstall anything.
I also have two VM servers which are both over a year old. One is nearly four years old. They run 24/7 and generally only reboot for Windows Update or the occasional power cut that hits our office.
>> "You’ll likely be reinstalling your PC at least once a year" #
>
> Bollocks. If you're having to do that, you don't know what you're doing.
Unfortunately, that describes the vast majority of the user base.
Consider this a side effect of celebrating willfull ignorance.
The YOUNGEST Windows XP install in my home is over 3 years old. I have 1 running near 5 years without a re-install. The only reason any of them perform slower now than when installed day 1 is they have more software one them, more background tasks that they were previously asked to handle, and the application requirements themselves have gone up. IE has gone through 4 major revisions, Flash has gone through a bunch, iTunes, Quicktime, Office, all these apps have been upgraded, and are more demanding, thereby making the old systems work harder and appear slower. Even the base requirements for Windows itself have increased a ton. An XP machine with under 1GB of RAM is almost useless with modern software on it where, and I recommend 2GB standard, but I sold XP machines with 128MB of RAM when they were released, and that was plenty.
It only takes a small bit of care and effort to keep a machine running smooth. Keep it virus free, uninstall stuff you don't need anymore, if you add/remove a lot a registry cleaning might be needed, defrag as appropriate, and add hardware upgrades every 12-18 months (RAM and/or disk), and keep good backups (hardware failures can not be avoided, and software does cause issues, but why re-install when you can simply "recover"?).
"If you're having to do that, you don't know what you're doing"... so that's 90% of PC users then? The very people that use their phones for logging into facebook and their bank on open wifi connection at starbucks, and the very reason the last sentence in the article is so pertinent?
"Windows makes it too easy to run with elevated permissions, if you change your work methodology to stop this, it's not too tricky to secure."
OK, so I make myself a limited user.
Try to install software from LAN share.. and told I must logon again (or RunAs) as Administrator.
OK, done that... and in the process lost all network shares, so now I can't install the software!
Try to re-create shares.. and get told that I need another CAL, as I'm now effectively a second 'user' even though it's the same computer. Fork-out cash to Microsoft, and try again.
Install software.. seems to go OK. Whew. Software now asks if I want to configure it.OK, seems sensible so I say Yes, and spend 30min getting it working the way I want.
Job done, logoff and change back to my own account, eager to use the new software.
But.. to my dismay, the settings have mostly defaulted. Nothing works properly. Groan inwardly, and go through the whole config process all over again. Only to hit certain items which I'm told can only be set by an Administrator.
At this point, seriously consider screaming and banging my head on the wall, but then decide that typing "net localgroup Administrators <user> add" might be less painful.
Meanwhile, limited-rights Linux user types "sudo apt-get install<whatever>" and it just works.
The difference is in the 'works' word. A small word, but a significant one.
The very fact that you can run "sudo" means that you are NOT a limited user, but rather like a Windows Power User with UAC on.
And by the way, normal people don't install new softwares or change system settings everyday. Once a system is properly setted up, normal people just work with them, not keep tinking with them. Just like what normal people only do to their cars everyday: they drive them, not take them all apart and put it back together.
To run sudo, you need to enter a password. That is, unless you configure it not to ask for one. Which, is up to you.
UAC never requires a password, plus it has the same problems of losing network connections, kicking-off VNC access, etc as logging-off and logging-back on. Worse, you can never tell when it will interrupt your work.
Sudo does work, and doesn't cause the same troubles as UAC. What's more, it's under the control of the user, rather than 'going-off' at random.
"UAC never requires a password"
Unless you configure it to do so, which is trivial. If you can learn how to configure sudo, you can learn how to configure UAC.
"plus it has the same problems of losing network connections, kicking-off VNC access, etc as logging-off and logging-back on."
UAC is a completely different process from login, and there's no reason why it should lose network connections. I've seen a couple of reports of UAC causing network connections to drop, but no signs of any actual evidence UAC was the problem. As for VNC, if UAC on the VNC server is the issue, configure it to not use the secure desktop for the UAC prompt (which makes perfect sense, given how VNC and UAC work).
Granted, the OYS ("Over Your Shoulder" - what Microsoft called the heuristic automatic invocation of the UAC mechanism, back in '05 when they introduced it as Limited User Access) "feature" is a pain in the ass, particularly since many of the heuristics are idiotic. (It can be triggered by running a no-manifest executable with the letters "inst" in its name, for example.) But overall UAC is not nearly as bad as you claim.
And, of course, you always have the option of not running as a UAC-controlled administrative user on Windows, and using runas when you need elevation. Just like the other grownups.
The few times I have had a problem changing parameters that required administrator rights, I have logged in as the Administrator, changed my account to an administrator account, logged back in as myself, changed the parameters, gone back as the Administrator and changed myself back to a non-administrator again.
Problem solved (albeit not in the most fashionable and easy way).
What I find irritating, though, are the programs that keep writing information to some odd file in some odd subdirectory that I, as a "normal" user, do not have rights to use, which requires some hunting and gratuitous use of CACLS to give myself access to do the changes. Personally, I hate the Registry, but now it is there, the software should use it!
That definition of a superphone is really just a portable computer that can be used to make phone calls.
So, use a computer for computing, and a phone for phoning. You can upgrade one without changing the other, your phone battery lasts longer, you don't need to cart a kilo of computing power around when you're just popping out to the shops.
I've run PCs with no protection other than Windows firewall for longer than that, and then installed scanners which find no (or at best minimal) threats.
When did this huge improvement occur? Was it XPSP2 because I know Win9x could be full of viruses before you even finished installing the broadband!
Yeah, if you're an idiot.
As others have pointed out already, it's not normal to system restore even half that much.
My brother isn't very computer handy and he's never system restored in 5 years.
I myself have gone a good 8 at least but that doesn't count incompatible Zonealarms bad driver on my Windows 7 last year.
Basically to state that "You’ll likely be reinstalling your PC at least once a year." you either have access to very crap test subjects in the questionnaire who gave that figure or your attempt to attack Windows wasn't very good.
By my reckoning, pocket PC devices have been capable of what you reckon to be "superphone" things since well before the iPhone.
Since the first versions of Pocket PC with phone support, there's been multimedia playback, WiFi access, full multitasking and whilst there may not have been integrated appstores, there's been massive amounts of third party software easily accessible.
In my opinion, the ability to download software outside of a walled garden is more of a smartphone feature than having a lock down on the content you can access and use.
The security risks have always been there. It's entirely possible to write an application for PocketPCs that copies all your PIM data and then emails it away, and in fact, it's possible to do a lot more with the older (and far more open in terms of what you can run on them) devices than it is on your definition of a "superphone".
The integrated software store limits massively the potential for malware, since it's mostly checked (and if you're using an Android device for sensitive information handling, it serves you right), and if it's on the marketplace and gets reported, there's always a killswitch.
Palm Treo's were able to surf the Internet years before either iPhone or Blackberrys were available. And although there was not an app store as such, it was possible to download free and paid applications directly to the phone.
3rd party add-ons also gave WiFi connectivity, although some of the non-phone Palm devices had it built in. And there were media and productivity apps available, and they were touch-screen devices.
I really wish there had been a Palm TX with a phone built in. That would have been an interesting device, doing much of what the iPhone became famous for.
Perhaps I missed it, but I thought you were going to talk more about the new opportunities for virus writers to propagate their wares through the homogeneity of the execution environments.
Surely the real story (sorry if I missed it) it the nature also of the phone execution environment and the common leaning towards ARM and a small number of made-for-mobile chipsets in addition to their connectivity to the internet. One of the main reasons for Windows/i386 being a big virus target is the ubuquity of it which ensures a certain take up and spread.
With mobile environments being more targeted around Android, iOS and Microsoft's latest offering, I think we can safely see a rocketing in phone viruses in the near future.
Bullshit.
I haven't run antivirus software on any of my home computers ever with exactly no virus infections during that time. And yes, I'm running Windows (2000, XP, and 7).
I don't enable any auto-run anywhere; no auto-launch from downloads, no auto-play from CD or Flash drive, no unnecessary web plugins (Adobe's PDF viewer for example). I also don't click on links blindly, I pay attention to what sort of files come in as email attachments, don't visit dodgy websites, and generally don't do anything stupid. I also keep everything behind a NATd firewall to keep the script-kiddies out.
You practice safe browsing, but how about legit sites which are compromised? Unless you browse with images off, I think you have been lucky, or don't really browse at all.
Saying that if you mentioned using a sandbox browser with your list of things u do, then I would have been impressed :D
...that all your good intentions bite you in the ass so I can laugh at you. I can;t count the number of idiots I've supported through identity theft issues and rancid infections who had the exact same ideas as you. "If I know what I'm doing i can't get an infection."
It doesn't take downloading an infected torrent, or putting in an infected CD, or going to a "dodgy" website to get a virus. All it takes is a hacker infecting a WELL KNOWN web site you visit, or anyone bringing an infected machine into your network (or you connecting to public WiFi or tethering over 3G which has no firewall). Even major retail applications have landed on the shelves of bestBuy infected in the box, and disabling auto-run doesn't prevent the installer you told to run from installing the payload as part of the application install. If you use any e-mail app at all you can get an infection from an attachment simply by it arriving in your inbox (no need to open it at all). You can get an infection from a word doc just as easily as a PDF or a bit of flash or java (and good luck doing much without java, Flash i can get by without but not java).
There are a dozen quality and free AV/AM solutions outhere, including one from Microsoft which is actually one of the best. RUN ONE, and spare us all your becoming the next bot infected PC. Odds are, you think you;re clean, but you are already infected by numerous bots. See, in the old days, viruses were designed to cause havoc, and you knew you had one, now, they're designed to run SILENT, causing as little disruption to YOUR machine as possible when you're logged in. If you;re not scanning, you have no idea the damage you could be causing. If you ARE scanning ,WTF are you doing it remotely and why not just simply install the app to prevent the infection in the first place. AV takes VERY little load off a modern PC.
Anti Malware is a necessity for all those people who can't resist anything with the word Free in it.
There's only really one way people get their computers infected with malware...that way is via the interwebnet and always involves the word FREE usually combined with the words Porn,Boobs, Sex or Fart Jokes...
"I haven't run antivirus software on any of my home computers ever with exactly no virus infections during that time."
And you know this exactly how?
While there is a great deal of malware out there that noticeably affects the performance of a system, there is also some out there that does not. Safe surfing, firewalls, etc, are all well and good, but even the most respected website can get hacked, and even the most secure browser can be pwned. If you're networked, you may have gotten something, and if you're not scanning for it, you may not even know it's there.
So if you don't run any antivirus or antimalware on your computer at all, at least to do a scan, you don't really know whether you've been infected or not.
"I haven't run antivirus software on any of my home computers ever with exactly no virus infections during that time."
You dont happen to have a quantum computer do you?
(I've recently (reluctantly) moved over from an increasingly bloated AVG to Microsoft Security Essentials. I'm actually pleasantly suprised, would reccommend. Seems unbloated, no adverts, flags up naughty files and its free.)
You realise that- aside from the App Store- smartphones with WiFi and multimedia playback have been about for years, right? Even my ancient 2003/2004 HTC Blue Angel can play DivXs (other codecs are available), has WiFi (limited to 802.11b, but that's because it's so old that was the only one available!), and has GPRS.
Since then I've been continually upgrading through the HTC range- from the BA to the Charmer, to the Wizard, two Artemises, one I can't remember the code name for, a Hermes and a Kaiser.
The last few years have been pretty stagnant in terms of Smartphone development. We've got capacitive touchscreens and accelerometers, that's about it.
The Kaiser (launched 2007, about the same time as the iPhone 1) had a keyboard, HSDPA ultra-fast-3G, could play movies, could stream video from the internet, had WiFi, Bluetooth, integrated AGPS, 3D acceleration, Videoconferencing (with front and rear cameras- over WiFi OR 3G! Non-Apple Witchcraft I hear you cry!), etc, etc.
With the extUSB port (an excellent design- a custom connector that's backwards compatible) and some custom software it could even talk to serially-controlled devices (which is a large chunk of industrial machinery and pretty much everything at my work). Something that modern phones can't do without resorting to Bluetooth.
And yes, they've been browsing the "proper" internet for that long as well. Not the snazziest of interfaces (though Opera Mini wasn't bad) I'll admit, but still perfectly adequate for 99% of browsing on the web.
Smartphones matching your description of SuperPhones- aside from the App Store, which is a ridiculous thing to base a definition of a generation of phones on- have been about for at least a 6-year-old donkey's years.
Icon because... Fail, Trevor- Epic Fail. You're late by 3 or 4 years...
Why do ppl stop at the term superphone.
It's a term coined by NVidia to promote their Tegra2-chips inside phones (hence phones with a Tegra chip are "superphones"). Who the hell cares. Their just smartphones.
The article goes about suposedly higher risks with these smartphones. Not to mention many featurephones are also blessed with surfing, youtube-media and facebook-integration.
IMHO this is all farfetched. Sure, we'll have more devices roaming our networks but they just behave as laptops. So if your network is "safe" for your employer's laptops. Then they should be okay as well for their phones, tabs, streaks, wifi-watches or whatever network-aware gadget they bring in.
I fail to see the importance of this FUD. Unless building up mass-hysteria towards IT-ppl is El_Reg's new plan for world dominiation >:->
Your point that superphone is an NVIDIA marketing phrase is accurate, but I think there's also something to the notion that there's been a line crossed in capability.
For a long time, one of the best definitions of supercomputer has been "a computer that costs over a million dollars." This isn't really tied to a notion of absolute performance, but that at a certain size and level of complexity, there is a change in the sort of problem that can be and is tackled. I'd suggest as a similar stab at superphone, "a phone that offers comparable performance and capability to a desktop two generations from the cutting edge."
In practice, that means that a superphone you buy today would have equivalent performance to the average desktop you already have. Under that logic, a superphone would be something that is comparable to a core-2 duo with a G80/G90 or R600/R700 GPU, 2GB of RAM, running WinXP. I think it's a slight stretch from Tegra2 + Android to that sort of spec, but it's not completely insane and this is probably the first time that phones have been in shooting distance. This is kind of a tipping point in phone performance at which people reasonably start asking why ARM shouldn't be in desktops too, and why Photoshop, folding at home, and games like Crysis aren't on their phone or tablet as well.
Maybe it's all the same to you, but personally I think there's something there that is fundamentally different from the smart phones and feature phones, and I don't think anyone really has a handle on where all of this is going yet. Security is just one tiny bit of the bigger picture.
The biggest difference between these phone-enabled mobile computers ("super phones"? pah!) and their stone-age cousins is the app store. One thing that Apple have succeeded to do is shut off the flood of "stuff" that made PCs what they are today. Now, yo can only run stuff that Steve himself has blessed.
They've effectively got back to the 1960's when IBM ruled the roost. You rented the hardware from them. You rented their apps and ONLY their apps. You upgraded when told to, You clucked like a chicken when required and gave thanks and praise for their little logo on the side of the box.
It was only when those people from Amdahl came along and effectively "jail broke" the mainframe (a thing that would never be allowed to happen today) to let all the exploited and bitter users feel slightly less exploited and bitter with a slightly cheaper competitor that things started to go wrong. And from there we ended up with computers that would run any old software ... and viruses ....
In some respect the closing and uber-controlling of OUR iPads, phones and gizmos is just a symptom of the uncertain and fearful world we now inhabit. However, from the perspective of the new-generation of portable appliances it's all they could have ever hoped for. They don't have to worry about people running any old stuff, they are getting to the point where you can only load the DATA they want to you (and take their 30% for pimping it to you). This form of marketing is obviously a success. While Apple have a smallish share of the flash-git phone market they have an enormous profit-share of modern phones an' stuff. A position all the other vendors must be looking at to see how they can do it, too.
The answer is to close off as much of the feature-scape as possible. Control the access to the device and make money off the content (old man Gillette would be proud). While this may well be a route to shutting off security issues, it vastly reduces the utility of portable devices - which presumably means they won't be sold on their uses, but on their looks.
You're proposing the term "superphone" to describe a high end smartphone. That seems to require a distinction which doesn't exist. A new term only works where there is genuine market divergence. The mobile phone market still has only 2 parts: the "feature" phone and the "smartphone".
Also, "superphone" is a bit of a tongue twister.
Probably not, but there is something which seems to drive them to lower their guard, cast away security concerns of the past. It's perhaps a shift in culture thing and it will only get worse the easier and more convenient it is for them not to care about security. It is a disaster waiting to happen.
I have friends who were ultra-cautious with their desktop PC, quite paranoid about security and their data, not trusting Wi-Fi or email from unknowns. A couple of years on and they have laptops, are on Facebook, and are downloading this and that with not a care in the world, will click on invites and emails from people they don't know, will follow links to almost anywhere.
They didn't even asked me to lock-down their laptops so I know one day I'm going to "get that call".
One of the main problems of Android/Blackberry/WP7/IOS-devices is that they confuse DRM with security. The idea that software that goes through a marketplace is automatically secure is just plain stupid. In fact DRM causes the user to "jailbreak" the system.
What is needed are "communities" instead of "market places". That doesn't necessarily mean that there is no payment, but that there is a group of people responsible for the software. And if you don't like the decisions of that group of people, go to another one. Essentially it's the "Debian" way of doing things. You have repositories, and if you can't find what you like in one of them, just go to another.
And then add real security. Don't leave a default root password in like on the iPhone. Take care of buffer overruns and similar problems. Enable the user to encrypt the flash if he chooses to.
Security which restricts the user to much isn't helping. Just like when you force the password to contain at least 3 letters and 4 numbers most users will have "Feb2011" as their password for this month, the inability to get a root-shell will cause them to jailbreak the device.
...and hopefully I'll come across in a constructive way. (At least that's my intention, because I generally do enjoy your articles.)
It seems that the point about the longevity of a Windows installation has been beaten to death here already, but I just...can't...help...myself. My personal laptop is chugging along under Windows 2000 Professional (quite possibly the best release of Windows ever) and has been doing so since March 2005 with few issues. I have a Compaq Deskpro EN SFF box (you gotta love 'em) that is also running Windows 2000 Professional. It has been up for 399 days, 16 hours, 3 minutes and 20 seconds as I'm writing this. That is probably some kind of a record. :-)
I do have to disagree with your response to another commenter that "you're also perfectly capable of both using operating systems like Linux". Capable...oh, quite possibly/most probably yes. Desirous of doing so? Not yet. Linux keeps getting better all the time, and it's been a while since I had a truly impressive show of vitriolic behavior, but I'm not ready to use it as my primary desktop environment yet. (Look back through my commenting history to see my reasoning here.)
Now to the point of your article. Smartphones and their security risks...well, let's see. I don't implement corporate Wi-Fi access, and as long as the situation is mine to control, I won't. (I do have my reasons, and they're quite good.) The operation I'm in charge of is small enough that it's desktop computing stuff only, with only one laptop in use. There's no doubt that smartphones (or "superphones") can contract malicious software or that their operating systems have vulnerabilties.
I don't see either of those possibilities making up the largest threat to an enterprise. There are three others that come to mind. First, there is the well meaning employee who plugs their phone into a company computer's USB ports just because they want to charge it up. They usually mean nothing by this, but I've caught people doing it a time or two and had to tell them that they must not be doing this. That leads me to number two...when some smartphones are connected to a computer, they become a USB mass storage device. It won't take you long to realize that a virus-infested home computer can latch onto that storage, put something nasty on it and leave it to infest a corporate computer. Or, as much as I even hate suggesting this, there is the possibility of a malicious employee copying company data to the storage memory in their phone.
Finally...camera phones. This probably fits into the "malicious employee" concept above, but it could also be done without malice. It used to be that the camera modules contained in phones were of pretty dismal quality. These days, there are phones that will take pictures rivaling those of good quality point-n-shoot cameras and some will even record HD (or very close to) video. I've seen applications offered that allow phones to function as makeshift document scanners. (Heck, some digital cameras even have a "document mode".) In a less malicious sense, let's say someone at work is doing something "funny", interesting or whatever and someone snaps a photo. Well, maybe they snapped that picture in an area that's not open to the public? Or perhaps it reveals something in your building that an enterprising criminal or mischief maker can exploit?
No, I'm not a terribly paranoid person. I am nothing if not an optimist, but it's tempered with reality and the knowledge that not everyone is a sort of "reasonable person" who thinks before they do.
(...coat icon chosen because I like it, same as the "badgers" icon...)
I never found any reason to re-install my last XP system over the three or four years I had it. Didn't seem to have any virus problems and I only got rid of it to upgrade to 7.
My kids' computers were another story entirely. Every day they grew five new toolbars and some new thing had pwned them generating popups about casinos whatever. Several times I had to re-install after it would have been just too time-consuming to defeat the malware du jour. And yes I did try making them login as non-administrators but many games are very poorly written and I got endless complaints of "But Dad, Lucy's Little Horsebox 3 says Access Denied".
I don't even want to think about superphones in the family!
I have to respectfully differ with your assessment of "non parents". I'm not a parent of any children and very likely never will be. (Bear with me on this.) I do have to temper what I'm about to say--yes, I know not everyone is a computer technician. And far be it from me to tell *anyone* how to raise their kids, everyone has to make their own decisions there. Even so, what I'm about to say is offered with nothing more than the hope it will be useful or informative. Take it for what it's worth, the 'rantings' of some random commenting dummy on the 'net.
(Yes, I feel I can get away with making some of the suggestions here that I do, because I'm assuming things about The Register's readership and feel pretty safe in doing so.)
I do have younger brothers, and I felt it important that they have access to computer technology. This was back around the Windows 98 days, and both of them had old Compaq Deskpro/M 486 class machines, the idea being that if they tore up an old PC, nobody would be too upset. There were a few lessons had to be learned around this point about how to treat computer equipment with reasonable respect. Of course, Windows 98 has no meaningful security model, and this also led to some interesting experiences. One brother deleted the startup files from his computer and the other experienced what happens when you go pr0n surfing.
As time went on, they got newer computers and moved to newer operating systems. One got a Lenovo laptop (upgraded from Vista to XP) and the other a Deskpro EN P3 with Windows 2000. At that point, they both had limited rights accounts. I took other measures to be as sure as I could that no issues would break out--I talked with my brothers about how having a computer is both of a wonderful privilege and a huge responsibility, installed AV software, and enabled operating system resident security features (system-wide DEP in particular on XP), amongst other things.
Now, granted, having a limited rights account on Windows has always been something of an uphill battle, but it was one that I fought and managed to win. I got their games and software working. It wasn't my first go-round, most of you here will know what it's like to get some stupidly-coded line-of-business application working in a corporate environment without handing your users any remotely privileged user account.
These days, one of them has their own computer that they purchased with their own money. As such, they do have an admin-level account (because it's their box). Yet they have gained an understanding of the machine, its power and how to stay out of trouble with it. (Still, I did do the initial setup, because they requested that I do so, and I went through dotting all of the i's and crossing the t's.)
So you don't want to do that? Don't have the experience? As a freelance consultant, I've worked with parents who are interested in getting their children a computer, and one of the first things I always say is "make the computer a family experience and know what is going on". When they do, it does make a difference much of the time. When you're involved and know what is going on, a lot of problems really do disappear. Even if you do have technical experience, it's not a bad idea to make the computer a family experience and to provide some guidance along the way.
Isn't that "phone with email", aka a "corporate mobile communication appliance", not eerily similar to that featurephone but with proprietary sauce to replace the java me sauce?
If so, then smartphones are still your "superphones" and no real shift in terminology is necessary.
I for me am looking forward to seeing devices built on top of seL4, perhaps with different sandboxes for the corporate and operator crap, the things /I/ want the thing to run, and one to try out untrusted stuff.
"You’ll likely be reinstalling your PC at least once a year."
For my part, I only reinstalled XP on my six-year-old laptop because the drive needed a reformat due to hardware degradation, and my company's help desk only does so as an absolute last resort. XP can certainly benefit from the occasional reinstall, but there are plenty of tools to freshen an install without a complete wipe, and Windows 7 is significantly improved in the area of "creeping Windowsitis."
The issue of the personal smartphone/tablet is a tougher one to tackle, but I find a decent sledgehammer to go a long way in that direction. A good three-pounder only needs one hit, two if your arms are exceptionally flaccid.
Who cares if XP does/does not have to be re-installed? Is that the main point?
If you are computer-savvy, then you may be installing new proggies often on an XP box. I do. If you do that, and even if it never gets a virus or malware, the machine usually benefits from a from scratch reinstall every 18 months - big performance boost.
Of course, if you are not computer savvy then you don't hit that trap.
And it's just silly not to run a free antivirus on Windows, even though I almost never hear a peep from mine.
But the main point being made is more important. We have a number of existing, if imperfect, ways to address security issues on PCs. They range from running firewalls &, antiviruses to changing from XP to MacOS or Linux. We usually know not to download random software from untrusted sites. We know not to click on email executable attachments and we now know not to follow URLs blindly in emails. I use a lot of freeware/open source stuff and I usually look around for malware remarks about a new program, whenever I don't download it from a trusted hosting site. Some of us encrypt our sensitive data.
A lot of this transfers to the new generation of phones, but not all. There is no huge security software ecosystem. User best practices have yet to be established. Contact information is in known locations and we expect it to be accessed (imagine a senior salesperson getting her contacts pilfered by a competitor). We kind of hope that the App Stores do a reasonable job of vetting what system data the applications they host will be accessing once it is installed, but we don't really know that either.
Basically, we trust our phones.
It'll take a while to sort this all out on smartphones - just like it took a while to sort out that USB autoruns were a security risks. The learning curve will most likely be built up from security incidents along the way.
This post has been deleted by its author
I believe the author makes some valid points.
You guys (and gals) here wouldn't be here if you weren't IT savvy, but the vast majority of the PC population and those that use the latest and greatest smartphones, are not up to speed on all this stuff and frankly, either don't want to know or perhaps it is beyond them.
AppStores on Blackberry, Android and iPhone have become simple to use for consumers - so there is a ready made initial distribution model for viruses.
The development tools being either low cost or free and learning how to develop simple code is just a matter of googling for any wanabee virus writer/programmer. So how to create a virus or malicious application became a whole lot simpler.
As mobile phones incorporate a built in charging mechanism there is a simple method to make money. Simply set yourself up a premium rate SMS number or telephone number and away you go.
To me, it is the combination of these three things, all put together, that dramatically increases the level of risk.
Add the fact that, as the previous poster says, the security systems/apps arent mature in this market and we will probably see some high profile media stories about this over the next year or so.
The "average user" is. Since the advent of the Apple II and IBM PC, the expansion of the market for PCs, then laptops, then the WWW, mobile phones and all other digital derivatives has depended on bringing in ever-widening circles of less and less sophisticated users. It's just a statistical fact.
That is why software vendors can keep "retreading" their junk with add-ons and patches and leave security to an "after-the-fact" task to be faced as problems arise. The cognoscenti can holler all they want, but they are an ever-diminishing proportion of the total market, the software vendors know it, and satisfying those critics is not what floats their boat.
A bigger problem is the oligopoly that exists in each of the market niches - something the U.S. has totally ignored and the E.U. has made only small attempts to remedy.
Yep, with a sentance like:
"If you are using Windows then anti-malware software is an absolute necessity, as are good (non-image) backups. You’ll likely be reinstalling your PC at least once a year."
There's an Apple Fanboy.
Just for the stats, I've never had to re-install windows and I have hammered both my Dell PC and Laptop for the best part of 7 years...they still refuse to die. I'm a web designer, IT Consultant, writer and book publisher. If hammering the PC with all that lot entails, and adding the usual stuff on to doesn't kill them, I'd say the systems are doing very well!
As for "Smart Phones" and "Super Phones", quite honestly people should take responsibility....or if they won't they should be made to.
"You kept your bluetooth/wireless internet connection on all the time and now the phone has been cloned/accessed/scanned/attacked...well you should have read the documentation telling you that it should be turned off when not in use."
BOOTNOTE: The reason idiot sales assistants tell you smartphone batteries have short lives is because they don't realise turning the wireless stuff off when not in use improves performance...it's not about how big the screen is!
I call them dumb-smartphones. A smartphone is a phone running Blackberry OS or Windows Mobile. All these devices influenced by the iPhone are the same thing: a smartphone OS with the good power user features hidden, locked-out, or outright missing. And instead they have lots of DRM and protections to keep you from installing any good software (without jailbreaking/rooting). Since they are not as smart as traditional smartphones, they are dumb-smartphones.
The iPhone was the biggest regression in technology since the ringback tone was invented. If these so-called "superphones" are better, why have they been missing features for years that old smartphone OSes have had, in some cases, for a decade? I'm talking about tethering (for free, not the carrier-controlled tethering Apple put in the iPhone), cut/copy/paste (that took 2 years to show up), and multitasking (took 3 years). The consumer traded a lot of power away to carriers and OS makers in order to have a device with a capacitive touch-screen and an accelerometer. The worst part is that they've turned a powerful productivity tool into a glorified Game-Boy, and nobody seems to care.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
