[ParoleGA]

So, I am not a member of the tinfoil hat society, by any means. That being said, this is scary. I know this is not really new information.

For instance, one ex-official said that the bureau's analysts (shown above) can routinely turn on the microphones in laptops and Android devices to record conversations without a person's knowledge.

Open source code has it's merits, but has it's drawbacks, too. I am not saying a determined hacker can't find exploits in code that isn't open source, but when it is open, it has to be that much easier. Apple and MS, please keep your source in the safe. Thx.

[Blkacesvf41]

I hear ya. As much as I like my Nexus 7, I never, ever! Do any banking or any activities that would include entering either my credit card, SSN or any sensitive information on it. I save that for my desktop at home or my WP8.

[NTUser]

Well, sh*t.
Currently thinking of all the things I've bought on my N7. Oh well, my fault for trusting Android for anything.
All for keeping source a secret at this point.
Windows Phone why can't I have you faster. :'(

[tgp]

I hear ya. As much as I like my Nexus 7, I never, ever! Do any banking or any activities that would include entering either my credit card, SSN or any sensitive information on it. I save that for my desktop at home or my WP8.

Isn't it ironic that since you're worried about security you use your desktop, which I assume is running Windows, for sensitive information?

[dlnorton2014]

What am I supposed to do, buy a Nokia 3310 and throw away my computer? It's like companies are quietly forcing me to reveal more and more about myself.

[Res215dg]

It's a good thing I always held off on buying a Nexus tablet and instead picked up my Surface

Good Information posted by OP- thanks for the heads up

[Blkacesvf41]

Isn't it ironic that since you're worried about security you use your desktop, which I assume is running Windows, for sensitive information?

With the little knowledge I have, I'll go ahead and say that I think when compared to Android Microsoft has a better track record when it comes to security. As good as Android is, believe me I like it quite a bit, being an open source is a hacker's dream.

[thed]

I have to take issue with people saying that open source = less secure. In fact, you can find a lot of developers out there that would argue that open source = more secure. In my opinion, neither option (open vs closed) is inherently more secure than the other. It's all about the individual piece of software. Projects that are continuously maintained with a focus on security are more secure than those that are not.

On a broader level, open source projects generally have more sets of eyeballs looking for security vulnerabilities. Some of these may be malicious, but they're offset by the larger amount of people looking to fix vulnerabilites. On the flip side, closed source projects generally have a smaller team maintaining the code. While this may mean that more vulnerabilities go completely undiscovered, it also increases the likelihood that a vulnerability already discovered by the black hats stays unpatched.

[ag1986]

OP and everyone else has it completely wrong.

So we have Windows, generally acknowledged as the worst OS in terms of security. It is closed-source.

We also have UNIX/Linux, completely open source. These are used in all sorts of mission-critical enterprise deployments all over the world. Open source, currently far more secure than Windows.

We have Mac OS, which is really a POSIX-compliant UNIX system with a proprietary user interface and added features. Everyone will acknowledge that OSX is for now at least, more secure.

Any security engineer will tell you this: No system is safe. There is no such thing as a secure computer. Windows and Android are just that much more popular and have more people targeting those systems.

Finally, please see the pwn2own and pwnium results for 2013. Everything was broken; a Surface Pro included. In fact, the only system that was not cracked was Google ChromeOS (Chrome itself was compromised, however). And Chrome OS is again, an open source project.

[Krishnachandran M]

the point to note is that the Hacker is interested in affecting more systems, not small number. So the prime focus is on the Popularity of the OS. Windows is one of the most used operating system by Naive users, who are vulnerable. where as the Android is the Mobile OS that has the higher Circulation. so more attacks can be expected there than the Windows Phone.

I am not an expert, still think system works like this.

[ParoleGA]

OP and everyone else has it completely wrong.

1. So we have Windows, generally acknowledged as the worst OS in terms of security. It is closed-source.

2.We also have UNIX/Linux, completely open source. These are used in all sorts of mission-critical enterprise deployments all over the world. Open source, currently far more secure than Windows.

3.We have Mac OS, which is really a POSIX-compliant UNIX system with a proprietary user interface and added features. Everyone will acknowledge that OSX is for now at least, more secure.

Any security engineer will tell you this: No system is safe. There is no such thing as a secure computer. Windows and Android are just that much more popular and have more people targeting those systems.

4.Finally, please see the pwn2own and pwnium results for 2013. Everything was broken; a Surface Pro included. In fact, the only system that was not cracked was Google ChromeOS (Chrome itself was compromised, however). And Chrome OS is again, an open source project.

My point was really about phone OSes, while most of your comments were about PC, but points taken; nothing is secure. That being said, there is nothing you can say to make me believe that an open source code OS, with huge popularity (Android), is more secure than iOS (also hugely popular), or WP8 (relative deployment makes it far less targeted), when it comes to remote attacks. But to your direct points...

1. Also the most used OS, by the least tech savvy users base, making it a prime target for exploit by determined hackers.
2. Probably true, but it's enterprise use still doesn't approach Windows. Lower user base, and a more tech savvy one, at that, makes it a far less opportune target.
3. Certainly true. Personally, I think that is because of it's relative deployment AND it's closed source nature.
4. Chrome OS....really? There would be no money, and little data to be had breaking an OS with such a low user base.

I guess the point is, yes, everything can be broken. The more used the OS, the more valuable the target. And nothing you said makes me believe that an open source code base isn't easier to exploit than a closed source.

[snowmutt]

There is no doubt as far as OS's go, WP is the safest behind only BlackBerry due to it's closed source, controlled system and smaller user base. It is not as easy of a target, nor as profitable. Android is the complete opposite. That being said, I am surprised Google has done as good of a job as they have as far as damage control with security.

It does make me want to see BB10 succeed. They are still the only one determined to keep your system safe. They deserve a nod and some credit for that.

[z33dev33l]

There is no doubt as far as OS's go, WP is the safest behind only BlackBerry due to it's closed source, controlled system and smaller user base. It is not as easy of a target, nor as profitable. Android is the complete opposite. That being said, I am surprised Google has done as good of a job as they have as far as damage control with security.

It does make me want to see BB10 succeed. They are still the only one determined to keep your system safe. They deserve a nod and some credit for that.

It has a bigger user base than bb10 and bb10 was a bad joke.

[thed]

And nothing you said makes me believe that an open source code base isn't easier to exploit than a closed source.

Did you read my post above? A lot of experienced software developers disagee with you.

[ParoleGA]

I have to take issue with people saying that open source = less secure. In fact, you can find a lot of developers out there that would argue that open source = more secure. In my opinion, neither option (open vs closed) is inherently more secure than the other. It's all about the individual piece of software. Projects that are continuously maintained with a focus on security are more secure than those that are not.

On a broader level, open source projects generally have more sets of eyeballs looking for security vulnerabilities. Some of these may be malicious, but they're offset by the larger amount of people looking to fix vulnerabilites. On the flip side, closed source projects generally have a smaller team maintaining the code. While this may mean that more vulnerabilities go completely undiscovered, it also increases the likelihood that a vulnerability already discovered by the black hats stays unpatched.

What you said is largely correct. More eyes looking for bugs increases the chances of friendly and malicious eyes finding problems. This means that a well maintained open source OS can be secure.

A well maintained closed source can be as well. I get security patches weekly on Windows. The problem with Android is, once the issue is found, Google can not simply patch it. They need to send an update through many companies first, for approval and modification.

If I would ever use Android again, it would be Vanilla Android. But I won't. I see little effort, even from Google, to quickly patch vulnerabilities.

[ag1986]

What you said is largely correct. More eyes looking for bugs increases the chances of friendly and malicious eyes finding problems. This means that a well maintained open source OS can be secure.

A well maintained closed source can be as well. I get security patches weekly on Windows. The problem with Android is, once the issue is found, Google can not simply patch it. They need to send an update through many companies first, for approval and modification.

If I would ever use Android again, it would be Vanilla Android. But I won't. I see little effort, even from Google, to quickly patch vulnerabilities.

Re well maintained closed OS being secure, I present to you Windows again. Possibly MS' most used product, their most valuable IP, hopefully their most well maintained one, yet in the security context it has about as many holes as a colander. IF there is a security hole found, MS ' policy (done this many times) is to keep it within themselves, take their sweet time to fix it, all the while some hacker could also have discovered it and be exploiting it in the wild. With open source code, this never happens.

Re security patches, do I with Windows 7 which to me indicates what a crappy job they did with developing the damn thing in the first place... though to be fair most updates are apparently just Defender database updates and Safe Browsing list updates.

About the patching again, I believe the process is the same with WP - carriers have a say in what goes out (see Data Sense, also Verizon breaking group messaging). Google has always been on the ball about fixing truly broken things, which is why I carry a Nexus 4 - gets updates just as soon as they are released.

[ParoleGA]

Did you read my post above? A lot of experienced software developers disagee with you.

Yes, I read your post. You do realize there are at least as many experienced software developers on the other side of the argument...right? Linus is not the second coming.

[ParoleGA]

About the patching again, I believe the process is the same with WP - carriers have a say in what goes out (see Data Sense, also Verizon breaking group messaging). Google has always been on the ball about fixing truly broken things, which is why I carry a Nexus 4 - gets updates just as soon as they are released.

You do realize that the biggest security measures taken in both iOS and WP are the extremely locked down sandbox apps live in, not regular patches, right? When an OS is compromised, the attacker is far more limited in what he can do when he doesn't have full resource access.

Not much else new in your post. I get it; a lot of people prefer open source for many reasons. I am not one of those people. We won't argue our way to an answer in this thread. The argument is as old and older than Linux. I was simply sharing an article, and my feelings on leaving Android. They still stand.

[ag1986]

Yes, I read your post. You do realize there are at least as many experienced software developers on the other side of the argument...right? Linus is not the second coming.

With desktop PCs, empirical evidence has proven the point; closed-source vs open source does not imply secure or unsecure at all.

[ParoleGA]

With desktop PCs, empirical evidence has proven the point; closed-source vs open source does not imply secure or unsecure at all.

The only thing proven has been stated by both sides in this discussion. Nothing is "secure", and the bigger your user base, the more people will try and compromise your security. Until Linux based OSes have the same number of users, there isn't any fair way to compare successful exploits.

But again, this thread had nothing to do with desktop OSes. It was simply about how the FBI was hiring hackers to gain remote access to Android devices (the article actually mentioned PCs, as well), and was able to turn on their mics and record audio. I also assume hackers could do this without the FBI, albeit illegally, if they had something to gain from it.

[cckgz4]

I've had to replace my debit card twice this year. Once was cause of a local grocery store getting hacked, but the other one was weird. Makes me kind of cautious to keep doing my money online

Sent from something UhMEHZing using Tapatalk

[ParoleGA]

Apparently, even the FBI is afraid of Android.

"primary target for malware attacks due to its market share and open source architecture"

[gollum18]

Actually if you know anything about android, you'll know that only about 80% of its total code is actually a part of aosp. All of the proprietary Google functions and apps are not. Any Google apps have to be side loaded through a gapps zip on all Google unapproved Roms. That would be any that don't come from Google or a manufacturer.

I should also add that malware can't actually damage a phone, unless it has root access. Which the majority of android users don't even know exist, only ~15% of all android users even know about it and even less are actually rooted. Thanks to Microsoft and Apple being overly zealous in their attempts to downgrade Linux, the uneducated public are afraid to try it, as they have given it the bad stigma of being "unreliable and unstable". Even if they have tried Linux, the average user doesn't know anything about the su program and doesn't need to access it

Now then, I will go back to my point, android, Linux and Mac os are inherently more secure than windows. Hence all of the band aids Microsoft has to release for it on a monthly basis. Microsoft makes it far to easy to access and modify the system partition.

Hence this command in cmd which will hose your system. "del C:/*.*" Notice the simplicity involved with that statement. Any hacker could include this in a batch file or program, and the average user wouldn't even know. Unlike Linux/Unix filesystem's where you need to type "rm -r" just to be able to delete into the file structure. It also requires root access, and to get that you need to know the root/administrator password. And even if they do, rm still asks the user if they are sure they want to issue the command (as it deletes recursively). Whereas the equivalent does command I entered earlier has no check to keep the user from accidentally entering it, once you do it starts deleting.

Sorry for the lengthy response, but I hate seeing posts that claim that windows is the most secure os in the universe. If you don't believe me try entering that command into cmd yourself. Its a very simple command and doesn't really require any technical knowledge at all to do, just basic cmd knowledge that every user should know any way.

Sent from the stars...

[ParoleGA]

Sure, just tell me how to bring up the command prompt on my Windows Phone again...oh, wait. You are comparing Android to a desktop OS. I see what you did there.

No one said anything about Windows being secure...anywhere. Or anything about hurting a phone. The initial post was about hackers helping the FBI turn on Android microphones to record convos. The most recent link was about the FBI being worried about law enforcement using Android, and fragmentation leading to 40+% running older unpatched versions.