首页
社区
课程
招聘
[转帖]Android,IOS和BalckBerry哪个最安全?
发表于: 2013-2-6 11:47 1394

[转帖]Android,IOS和BalckBerry哪个最安全?

2013-2-6 11:47
1394
转帖:http://www.csoonline.com/article/696493/android-vs-ios-vs-blackberry-which-is-the-most-secure-holiday-gift-

In short, our recommendation for each type of phone user:

Non-technical person:        iOS (iPhone/iPad/iPod touch)

Techie:        iOS/Android

Business user:        Blackberry / iOS (but check what the company standard is first)

Android
Google's Android operating system is the most widely deployed platform on tablets and smartphones at present, with a large number of vendors providing their own customized versions. Integrating smoothly with many Google services, Android is rapidly evolving with the latest version (the very well reviewed Ice Cream Sandwich) offering a slew of new features.

Unfortunately, when it comes to security, Android still has a long way to go. The large delay in releasing fixes for security issues is problematic as it requires a different release for each carrier, manufacturer and model. As a result, many Android devices are stuck using old and insecure versions of the operating system.

When it comes to applications, the primary source of applications is the Android Market, which contains tens of thousands of applications, most of them free. These applications are uploaded by developers and go through no review before being published, allowing fast turnaround, but leaving the door open for malicious apps to linger until Google hits the remote kill switch to remove them from devices (as has happened numerous times). Alternatively, curated markets such as the Amazon Appstore show promise for preventing malicious apps getting in—however they also have drawn complaints for the slow rollout of application updates.

Because it uses a very flexible model for applications, Android apps can do things that cannot be done on the other platforms. A user is notified what an application will be allowed to do at install time, and can choose to install it or not. Once installed, third party apps can (if authorized at install time) read and send messages, make and receive calls, access the internet and turn the microphone or camera on and off.

Because users are not very good at either reading or understanding the implications of these permissions, Android applications have been caught sending and receiving premium rate calls and messages, recording users keystrokes or sounds, tracking user locations, or even containing botnet-style malware as might be found on a desktop machine. There are quite a few third party solutions available that purport to secure your device, but their effectiveness is in many cases under question.

The flexibility of Android makes it a great choice for a highly capable user, but it can require quite a bit of knowledge to keep secure in the long run—often this will require that users root the device and install their own custom updates directly if the carrier does not provide them. Clearly not for the technical novice!

Blackberry
While Android is taking the biggest bite out of the consumer market, Blackberry has been very much the jewel of the business world. With its users being likened to drug addicts for their dependence upon the device, RIM's Blackbery devices have earned the designation Crackberry. Even President Obama couldn't part with his device, reportedly much to the irritation of the Secret Service and delight of Research in Motion.

Security and control are some of the main selling points of Blackberry, with the ability to completely encrypt data, tightly control what is done with the device, restrict what individual applications can and cannot do, require tunneling of any and all internet traffic through the company's servers, control apps and much more. The downside is that this control comes at a cost, and the ease of management to keep your device secure can be time consuming for a non-enterprise user.

Blackberry App World, the source for third party applications, offers a degree of review over all submissions. However, source code is not reviewed by RIM, and only so much can be understood of application behavior. While Blackberry hasn't been targeted by nearly the same amount of spyware or malware as Android, there have been instances of nefarious applications and spyware-trojaned carrier updates.

The ability to lock down and secure Blackberry devices is definitely a plus, but because much of it was designed with enterprises in mind it can get a bit complex for a standard user unless they are careful. The release of more consumer oriented devices based upon Blackberry 10 shows promise, but as it is unreleased at present, this one should stay on hold for individual users for now.

IOS (iPhone / iPad / iPod Touch)
In a market where the market leader is represented by a green robot, and the trailer (Blackberry) is likened to a notoriously addictive drug, the company with second-place market share has a level of customer loyalty and satisfaction often described as a cult. (All of which gives you some idea about how seriously people take these devices!) We are, of course, talking about Apple's iOS, the platform where it seems every new addition will sell more than the predecessor no matter what they do.

iOS is a slower-moving and far more tightly controlled platform than Android, with features designed to give a consistent, fluid, and controlled experience. As a result, the platform is great for doing things within Apple's designs, but beyond that it is by design inflexible. Because of the level of control Apple exerts over iOS, users cannot patch vulnerabilities until Apple releases an update - which in sometimes takes months and in many cases older devices are not compatible with the updates and so are never patched.

For applications there is the Apple app store, which Apple can be quite restrictive over. There have been many reported instances of applications being rejected for mysterious/unknown reasons, most famously Google's voice app in 2009. Because applications are all granted the ability to do everything allowed (with the exceptions of some things such as notifications and reading location) there are no complex permissions for users to keep track of and manage. While there has been at least one instance of a malicious app getting into the App Store, the most notable example was only a researcher's proof of concept.

Also of note though is the parallel ecosystem surrounding Jailbroken (where users have forcibly removed Apple's software protections) Apple devices. Jailbreaking gives users the ability to give devices new features, protect themselves from issues which Apple has not yet fixed, and install unapproved (or pirated) applications. At the same time, however, the removal of these protections potentially leaves users more vulnerable from a security perspective, as happened with the ikee worm in 2008.

iOS devices are a good balance when it comes to security, but this does come at a cost of flexibility that more experienced smartphone/tablet users may not like.

Windows Phone 7 and Other Aspirants
There are numerous other potential contenders in the smartphone space, most notably Microsoft's Windows Phone 7, but also including the Linux Foundation's Meego and Samsung's Bada. Symbian (formerly pushed by Nokia) and WebOS (formerly from HP) may in future rise or reappear as contenders, but at this stage they have both been dropped by their main proponents and open-sourced and so we will wait and see.
The other platforms all have their own pluses and minuses when it comes to security, and they seem to have learned from the experiences of the big players. However, they also all have much smaller market shares so we will not discuss them here. In particular we will be keeping a close eye on Windows Phone 7 as the relationship between Microsoft (big software) and Nokia (big hardware) may provide some interesting results for enterprise consideration.

Conclusions
So, which platform should you buy from a security standpoint? For most users the answer will be iOS, but for the technically experienced Android can work if they are careful. However, if a user is willing to jailbreak they can get many of Android's benefits anyway. Blackberry may be a good choice from a security standpoint, but generally those who want a consumer device will prefer the others for non-security reasons. Windows Phone and the other platforms may be good in future, but at present there probably has not been enough exposure to make this risk a good long term bet, especially after what happened to the touchpad.

In short, our recommendation for each type of phone user:

Non-technical person:        iOS (iPhone/iPad/iPod touch)

Techie:        iOS/Android

Business user:        Blackberry / iOS (but check what the company standard is first)

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//