"There's no money in it"


Daniel Eran on why the iPhone "security problems" are overblown and why the free market is your best defense

Great piece here and worth your time. Emphasis added.

...Any phone that can run software is vulnerable to malicious software. The reason why we don’t have outbreaks of malware on phones to the degree of PCs is that there is little business model for doing so: no practical way to roll out spambots or popup advertising schemes. Part of the reason is that there is no common platform at all; it’s hard enough to design a small Java game that will reliably run on a variety of phones, let alone devise a way to roll out viral adware, particularly since its tough to install software on phones, intentionally or nefariously.

So everything is vulnerably in theory, but there are few actual exploits happening because there’s a) no money in it, b) it’s not as easy as infecting PCs, c) infections could be easily cleaned up because they’d only affect a specific group of phones due to the lack of portability. Some Symbian phones were infected with a Bluetooth virus that could spread itself. The infection was mostly a proof of concept design, but the result was an immediate fix that shut down that entire angle of attack.

Compared to the PC problem, Microsoft allowed spyware and adware to get out of control on Windows PCs because it had a financial interest in data mining itself. It bundled Alexa software on Windows starting with the first versions of IE, and was in talks to acquire Claria, the maker of the notorious Gator spyware. Microsoft didn’t act to stop the problems when they were beginning to take off, because it hoped to own the market. Once it became entrenched, the problem is much more difficult to attack.

With the iPhone, Apple has the opposite circumstances: it wants to market its own product in a tightly controlled way, not use software to data mine consumers of the PC maker’s products. That gives Apple a financial motivation to stop any outbreaks before they become serious.

The problem is that security is the opposite of convenience. It is very likely that when Apple launches its SDK (software dev kit) for the iPhone, planned in February, that third party software will only be made available through a secure downloading mechanism in iTunes, just like today’s iPod games, and that Apple will keep the web available as its more open API for shareware developers who don’t want to deal through Apple. This will allow the company to tightly manage software and prevent malware or malicious software from gaining any business model or distribution mechanism.

His answer to question number six is terrific. Go read, you'll be glad you did.

— NeoWayland

Posted: Wed - November 21, 2007 at 05:24 AM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library



Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved