China's Android users warned of giant botnet Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform. The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular …
Android should let users block any apps they want from network access.
I hear you say: "yes but poor developers need ads revenue to survive and apps need network access to fetch ads". Fine. Provide an API which allows apps to fetch ads in a [i]controlled[/i] manner.
I mean, this is not paranoia. There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it. I see no reason why it should not be the case for phones.
> There [i]are[/i] people out to get you. It is now standard on non-mobile machines to get a warning whenever a program accesses the web for the first time, giving you the choice to block it
Oh sure, asking users to click yes to get the free stuff they want has really proven to be an effective security model. Numerous studies have shown that unless the box says "this app is going to steal your stuff" most users will just click yes because they think it is needed to play the game/app. The spread of the first Symbian worm required the user to click yes to:
* Do you wish to accept a bluetooth connection from an unknown device
* Do you wish to accept a file from <<device>
* Do you wish to execute file from <device>
No user in their right mind would click yes to any of one of those, but there were still some who clicked yes to all three. The average user does not have sufficient knowledge to make informed consent, so this method doesn't work.
I (happily) use Avast, but another of its most valuable features (the firewall) also requires root.
All that means is that people should buy a phone that's easy to root; perhaps the existence of botnets, trojans, etc. will make that more likely the next time contracts run out.
> We need proper technical education in schools
I don't think that would help, at least in this respect (be good though for a whole range of other areas), kids are probably more aware than your average non tech adult. My 3 year old daughter knows more about my wifes phone than her.
>Why no giant botnets or other malware on iOS with its larger market share?
There *IS* malware on iOS. The thing is that you need to jailbreak your device to load apps from anything other than the Apple app store. With Android, you just need to go to settings and enable sideloading to load apps from the SD card.
However, you still do need to explictly go and enable that setting, and when you do it pops up a big warning message saying something like: "ATTENTION: Your phone and personal data are more vulnerable to be attacked by applications from unknown sources blah blah blah".
Not a peep out of the normal suspects (read "jihadists") who are first to jump on the "... because it's Microsoft" band wagon when it's Microsoft in the firing line.
Yes, I acknowledge that Microsoft may not have done a very good job of security with a lot of their stuff. But like I've said before - the bigger your market share, the bigger target you present, and there's no such thing as a secure system.
What is it with people in the IT industry who will insist that anyone who's not an expert in their field is a dumb ass?
Get a sense of perspective man! Most people know bugger-all about my area of expertise, because it's a specialised area. Yet everyone in the industrialised world uses the products I sell (drinking water kit), and if I screw up a design people might start dropping dead. People aren't idiots because they can't design and operate the water infrastructure for the building they live in, just like they're not idiots for not understanding the fundamentals of other technology they use.
Sure, it would be great if everyone understood everything, but until we can train people hypnotically in their sleep - or until we live for 1,000 years - there's simply not time enough to learn everything.
That little rant also applies to the anonymous coward above, who made the same arrogant and unrealistic point.
Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).
People drive vehicles everyday. Most of these people aren't experts at driving. You can tell by the emergency vehicles blocking access to a vehicle accident, the idiot not looking before merging, the other idiot blowing through a stop sign or a red traffic signal, and countless other driving offenses committed by countless other idiots. Some idiots are punished by the state, or are otherwise inconvenienced. Others are not.
And yet, they still have a license or other document, given to them by whatever state they live in, telling other people that they are allowed to drive a vehicle on the roads. More often than not, this license has an expiration date, and must be renewed periodically, often for a small fee.
It's the same thing with being allowed to access the internet. People ARE idiots.
Spartacus, this isn't about people not experts in a certain industry being idiots because something they use has something to do with that industry. This is about idiots not seeing the potential consequences of their actions, and then doing something that will ultimately affect other people (who may or may not be idiots themselves).
NukEvil,
How are people supposed to see the consequences of their actions, if they don't understand that the technology is flawed? Do Google run adverts saying that there's a risk of getting nasty malware on your Android phone, so you should check the permissions when you download from the Play store? Do Google check all the apps before they go in the Play store for rogue behaviour? Nope. They don't. They (and the manufacturers) tell their users how great the phones are, and how you can download all these lovely apps. I suspect many people don't realise that Android phones are basically computers, and not everyone has got their head round how easy it is to get their computers taken over.
Should we say those users are stupid? Or should we say the manufacturers and the software industry are stupid for producing stuff that's insecure?
I'd argue neither. My point was that it's more complicated than that.
Not all issues are black-and-white. Not all users care about their tech. Which in some ways is a bad thing and shows a lack of care (if not a certain amount of stupid-arsery). But on the other hand, why should they? They pay good money for stuff, and want it to just work.
When my Mum says to me that a pop-up came on her computer saying she'd won a prize, and then she clicked yes a couple of times "was that alright?" - that's laziness/stupidity, and I get annoyed with her. She knows she just clicked OK when she shouldn't, to get on with what she did care about, otherwise she wouldn't mention it to me a week (and a virus) later. But it's Dell's fault that they put an out-of-date version of Flash/Java/PDF on her PC, and Adobe/Oracle's fault that they don't auto-update and are about as secure as Charlie Sheen's grasp on reality. I don't think she should be expected to know that the PC was vulnerable to drive-by nasties out-of-the-box, without her doing anything but end up at the wrong website.
As usual the car analogy is rubbish. There ought to be a law (like Godwin's) talking about the prevalence of car analogies on tech discussions. People are trained how to drive. People know the consequences of crashing. There are laws, and publicity campaigns to make them aware, or punish bad behaviour. Some people are still lazy and stupid. But it's not stupidity not to understand how your engine works - you don't need to know the theory. And if there was a widespread fault with engine management systems that caused crashes people wouldn't blame 'stupid drivers', they'd blame crap car makers for: a) Causing the issue, and; b) Not fixing it.
It's your industry, or your hobby. So you've some level of expertise in IT. That doesn't make you special. I'd be surprised if you know how to deal with the risk of contracting Legionnaires Disease from your shower, how high that risk actually is, and what steps your plumbing design already goes to, in order to minimise it. Even though that's more likely to kill you than a computer virus. People can only know a certain number of things. Lack of knowledge of any subject is not the same as stupidity.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
