What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Apple and Google. And their apps one needs to avoid like the plague.

Status
Not open for further replies.
L&LD

L&LD

Part of the Furniture
  • Like
Reactions: Gar
Gah - webkit is what it is....

That being said - peeling an edge up, and setting forth a chain of events to get to root - the path might be different with Android vs iOS, but the effect is the same.

Apple has released updates for many of their devices, that's perhaps upside of being vertically integrated...

With Google, Android, the OEM's and various Carrier Approvals - there are additional steps between the chipset vendor BSP, the OEM's code/release and Google's fixes in Android - that'll take a bit of time to get deployed...

And that depends on Carrier Approval for many devices - OpenMarket devices might get a fix earlier, or not at all - depends on the changes...
 
FWIW - the Apple fixes for the issues noted are around the Pegasus Spyware/Malware discovery/disclosure - most of the players for the first round of patches are the same for the second round....

Apple patched it first round last week with IOS 16.6.1, and additional patches went into iOS 17.0.1 and iOS 16.7.

iPhones, iPads, and Watches are the most urgent to get fixed up - MacOS gets an update for 13 (13.6) and 12 (12.7) along with Safari updates...
 
Since Apple & Google patched the bug (which was in a library, not an App) their Apps should actually be safe to use now (as far as this particular exploit is concerned).

Does anyone know how this affected image library is used by third party Apps?

(Statically included in the binary, dynamically linked against the OS, something else?
 
L&LD said:
arstechnica.com

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.
arstechnica.com arstechnica.com
Click to expand...

I mean in reality, they're both fairly evil and even if they don't get compromised, the data they're collecting is concern enough.

But unless you live off the grid in the woods somewhere, there is no getting around that. You can take some steps to minimize it, but they both make sure that anything you disable removes something useful as well (even if that thing wasn't critical for said feature to work). I hate to be complacent but I've accepted it to a certain extent and focus more on reducing what other things I run on those devices and isolating them from my more trusted devices. I have an old android phone that is not logged into any account, location services disabled, it runs on isolated guest wifi (which I've added extra ebtables and iptables rules to) and if there is an app I need to try out (or really any app that I don't need with me all the time) I put it on there.

Android does have sandbox features, "work mode" being the most common but many phones you can now create a different personal profile that is supposedly completely isolated. I don't trust it enough to rely on it though.

When you can't really control the attack surface, you have to think more along the lines of controlling what can be exposed should it get compromised, that's more my mindset with phones these days.
 
I'm at the point where I don't think I need a cell phone anymore (at least, not a 'smartphone').

Not that MS is more trustworthy (but that is the evidence today), but if I could buy a Windows phone again, I would, immediately.

Right now, as from the beginning, no apps, no features, nothing except phone/messages on my Android. Everything else is just an info grab and time waster.
 
L&LD said:
I'm at the point where I don't think I need a cell phone anymore (at least, not a 'smartphone').

Not that MS is more trustworthy (but that is the evidence today), but if I could buy a Windows phone again, I would, immediately.

Right now, as from the beginning, no apps, no features, nothing except phone/messages on my Android. Everything else is just an info grab and time waster.
Click to expand...

I was forced to have a Windows phone for work for about 2 years and you know what? I liked the damn "tiles" and I miss them still.

I cringe when I see people's phones. Not just the obvious stuff like TikTok which at best is questionable, but Temu/Wish, various games from unknown sources, just everything they've ever thought to install even if they don't use it anymore. I will at least give Google credit that newer Android versions remove permissions for unused apps automatically. But these people will come on my guest network and that's basically the only time I see the trend micro stats increase. So they essentially test that out for me I guess. And its not just 1 or 2, its hundreds of hits.

I do have apps I could live without, but I give each a cost/benefit (convenience/risk) thought and decide whether it is worth it.

I have not yet put the Wyze app on my main phone (yes there are a lot of rumors out there about Wyze, but in reality most are urban legends, did a lot of research before buying them and pretty much the worst thing about them is they nag you to pay for the monthly service a lot). But if I were going to be away for a couple weeks I'd probably put it on and take it off when I got home. So far my spare phone on my guest network, I ran a sniffer on it for a week and the only thing Wyze communicated with was https with AWS, but unfortunately you have no idea what is behind their AWS infra. I'm not concerned with them seeing whats on the cameras as they are outdoors, but more about access to other stuff on my main phone.

Still waiting for the sandbox feature to come out of beta on my Pixel 4a 5G (if it ever does). I can't root or run beta due to also running work mode on it.

Actually I believe they make VNC and/or teamviewer for android so in reality I should just access my spare phone when I'm away and run the apps that way :)
 
The evidence is in the use of MS products. Beginning with Windows 11 Pro, MS 365, OneDrive (which offers even further protection), and other related products.

I've seen many more users of other platforms get their credentials, data, and/or personal information get hacked than anyone within the MS ecosystem.

Apple, Google, Android, and other smaller players have been hacked repeatedly. I don't know of one instance of a normal MS user (i.e. not a corporate user), who has been hacked though. At least, not when they haven't done it to themselves by sharing passwords, using '1234' as their password, etc.

MS' reputation is just the best of all the mega-tech corporations out there. For a reason.

Just search and see what you find on MS vs. others, for yourself.
 
L&LD said:
MS' reputation is just the best of all the mega-tech corporations out there. For a reason.
Click to expand...
Ever read the monthly security bulletin they have to put out with the monthly security updates? They regularly need to fix issues that involve RCEs and privilege escalation flaws.

Microsoft's security model used to be so bad that their CEO had to put a stop on all ongoing development projects and launch a company wide security review project, which led to Windows XP SP2.

Google and Apple both have a better security track record than Microsoft. Exchange had been swiss cheese for decades, the last major event happening as recently as last year. We've also had security issues in Microsoft Office that could be exploited just by opening a malicious document.

www.deepinstinct.com

Malicious Office files: 20+ Years of Microsoft Office Exploits | Deep Instinct

Weaponized Office documents pose a large risk to organizations. From embedded active content, such as scripts and HTML code in Word and PowerPoint files to Excel macros, this is an attack vector every organization must pay attention to.
www.deepinstinct.com www.deepinstinct.com

How many attempts did it take them to resolve that printer-related issue a few years ago?

Microsoft is also the company that brought us Internet Explorer and ActiveX...

L&LD said:
I don't know of one instance of a normal MS user (i.e. not a corporate user), who has been hacked though.
Click to expand...
I do. First example that comes to me: just a few years ago, there was a flaw in RDP that allowed to remotely take over machines. I had a customer whose PC needed a complete reformat because he got compromised that way.
 
sfx2000 said:
With Google, Android, the OEM's and various Carrier Approvals - there are additional steps between the chipset vendor BSP, the OEM's code/release and Google's fixes in Android - that'll take a bit of time to get deployed...
Click to expand...
Project Mainline greatly helps there.
 
RMerlin said:
Ever read the monthly security bulletin they have to put out with the monthly security updates? They regularly need to fix issues that involve RCEs and privilege escalation flaws.

Microsoft's security model used to be so bad that their CEO had to put a stop on all ongoing development projects and launch a company wide security review project, which led to Windows XP SP2.

Google and Apple both have a better security track record than Microsoft. Exchange had been swiss cheese for decades, the last major event happening as recently as last year. We've also had security issues in Microsoft Office that could be exploited just by opening a malicious document.

www.deepinstinct.com

Malicious Office files: 20+ Years of Microsoft Office Exploits | Deep Instinct

Weaponized Office documents pose a large risk to organizations. From embedded active content, such as scripts and HTML code in Word and PowerPoint files to Excel macros, this is an attack vector every organization must pay attention to.
www.deepinstinct.com www.deepinstinct.com

How many attempts did it take them to resolve that printer-related issue a few years ago?

Microsoft is also the company that brought us Internet Explorer and ActiveX...


I do. First example that comes to me: just a few years ago, there was a flaw in RDP that allowed to remotely take over machines. I had a customer whose PC needed a complete reformat because he got compromised that way.
Click to expand...

They're addressing those issues. That is far different than 'we're secure by default', or, 'let's ignore this and it'll go away'.

I'm talking about compromised systems. Mentioning how a single customer got compromised isn't degrading my perspective.

I've no doubt many have been compromised to one degree or another. The point is, that they are far fewer than Apple, Google, Android, etc. And not only far fewer but also with far fewer consequences to those users too.
 
L&LD said:
They're addressing those issues. That is far different than 'we're secure by default', or, 'let's ignore this and it'll go away'.

I'm talking about compromised systems. Mentioning how a single customer got compromised isn't degrading my perspective.

I've no doubt many have been compromised to one degree or another. The point is, that they are far fewer than Apple, Google, Android, etc. And not only far fewer but also with far fewer consequences to those users too.
Click to expand...

Eh it's a matter of perspective and opinion. How many people (and companies, and governments) have been hit by ransomware attacks on windows? How does an OS even allow that to happen?

My view is trust no OS. Mitigate as much as possible, reduce your attack surface, isolate, and most importantly, think before you click, open, etc.
 
@drinkingbird, agree with all you wrote above. I don't believe the ransomware attacks on a Windows platform are due to Windows insecurities (quite the opposite I believe). They are due to user error, almost 100% of the time. Or, apps, other mobile devices, etc. that can't adequately protect users from those types of attacks and compromises like a full Windows install can (as I stated further above).
 
L&LD said:
@drinkingbird, agree with all you wrote above. I don't believe the ransomware attacks on a Windows platform are due to Windows insecurities (quite the opposite I believe). They are due to user error, almost 100% of the time. Or, apps, other mobile devices, etc. that can't adequately protect users from those types of attacks and compromises like a full Windows install can (as I stated further above).
Click to expand...

It would still be nice if an OS would say "hey, something is attempting to encrypt your files, is this OK?". Especially after say the first 5 major ransomware attacks happened years ago. However I think they saw a sales opportunity with using MS365 and Onedrive as a "solution", which is basically what is offered in the windows security options. Ransomware protection - buy MS365 is basically what it says.

I've also seen the variants of AgentTesla very easily bypass both windows and 3rd party virus detection using simple things like echoing a string of individual characters instead of specifying a path.
For example instead of
c:\windows
it will use echo "c"+":"+"\"+"w" and so on. And it actually uses aspnet compiler to do this, a microsoft product! A pretty simple workaround, seems like it should be harder.

I was also disappointed by the vast majority of antivirus programs (including MS defender) not being able to detect that something was issuing a command to encrypt your files and halting it until you said it was ok. I still haven't seen any with this functionality (but they may exist now). They are looking out for known ransomware, but not looking out for this generic function being performed, which seems like a much better defense against 0 day.

I guess I just don't understand why UAC can pop up a "hey this program is executing, are you sure" but not a "hey something is going to encrypt your files, are you sure".

It is at least nice to see that everyone who said Apple and even Linux are "immune" to viruses finally shut up. They were not immune, they just were not as common and thus not as valuable of a target, better ROI to invest your time in programming viruses for Windows. But now vulnerabilities in both have been exploited and brought to light some of these practices and people are starting to wake up.

Obviously Windows is still the main target for corporate attacks, but for home/average users, they're fully focused on phones now. By far the most common computing device and definitely easier to penetrate, especially with most users not really thinking about it as a computer and thus assuming there is no virus concern etc.
 
It doesn't matter what is implemented. The malware agents will find a workaround. That's their job.

You can't blame the gun for the killing. The motive is what determines guilt. Not the hardware/software/Bioware used.

All I know is that using safe browsing/email practices, I haven't been infected in decades. Contrary to when I was relying on third-party programs that were in their best interest to let me get infected and then sell me 'up'.

Encrypting files isn't an extraordinary process for a user, most would find that more annoying 99.99% of the time than the few who do get a virus and run it on their systems.
 
RMerlin said:
Project Mainline greatly helps there.
Click to expand...

It helps - should also note that Google does path the GMS layer from time to time outside of the OEM's firmware, which for some urgent items can be effective enough...

While the thread is focused on handsets, we should also note that there's a lot of Android based Media Players that might not ever get patched up as many are based on AOSP and don't have official GMS or Play Store support.
 
L&LD said:
It doesn't matter what is implemented. The malware agents will find a workaround. That's their job.

You can't blame the gun for the killing. The motive is what determines guilt. Not the hardware/software/Bioware used.

All I know is that using safe browsing/email practices, I haven't been infected in decades. Contrary to when I was relying on third-party programs that were in their best interest to let me get infected and then sell me 'up'.

Encrypting files isn't an extraordinary process for a user, most would find that more annoying 99.99% of the time than the few who do get a virus and run it on their systems.
Click to expand...

Yeah the same 99.99% that found UAC annoying at first, MS ended up de-tuning it a bit, and yeah it probably still doesn't work. But a popup with a fairly urgent warning that something is attempting to encrypt your files, the only false positive would mostly be if you password protected an Office file or something, seems logical. But you can't save everyone from themselves I guess.

Especially when you can make money by selling people MS365 as a "protection" against ransomware. Of course only a matter of time before the ransomware figures out how to purge your version history off onedrive, or after encrypting the files changes their attributes a couple dozen times so every version is encrypted.

My PCs firewalls pop up a warning every time a new or changed process tries to hit the network, one of the main reasons I still use Symantec Endpoint as it has that feature. I like to know what is going on. While I am very careful, doesn't mean I'm going to uninstall AV and firewall and be left without some sort of safety net.

For me it isn't really about my stuff, I haven't gotten a virus in many years either, but parents, friends, relatives, etc I end up having to clean and fix their stuff. I put as much in place as I can (one particular offender got demoted to a user account so they couldn't blindly click "OK" on every UAC prompt) but I still feel like it wouldn't be that hard for MS or the AV providers to detect malicious/bulk encryption attempts. Oh well.

A sad fact is that our company sends out fake phishing emails periodically and even though there is this mandatory annual training that makes it crystal clear the stuff to look out for, and the "test" emails are painfully obvious, so many people, even technical ones, still get caught. People are like fish in a barrel for the hackers.....
 
sfx2000 said:
here's a lot of Android based Media Players that might not ever get patched up as many are based on AOSP and don't have official GMS or Play Store support.
Click to expand...
And a lot of these are actually shipping with malware/ratware built-in. There's been a few studies recently about these, including one from LTT.

I would never trust an Android box coming from some random Shenzen company. I love my current NVIDIA Shield, and if I ever needed to replace it, I would possibly go back the HTPC route rather than trust a cheap Android box. At least there are good fanless options now, which would be better than the Zotac box I used back in the day.
 
Status
Not open for further replies.

Similar threads

sfx2000
News Google and Apple - WiFi AP's and mapping
Replies
2
Views
2K
sfx2000
sfx2000
L&LD
IoTs are bad enough. 'Connected cars' take that to a ridiculous level.
Replies
4
Views
519
sfx2000
sfx2000
B
Dual WAN and mesh Wifi - what's the best way to increase internet bandwidth and wifi coverage?
2
Replies
25
Views
5K
Tech9
Tech9
Viktor Jaep
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)
2 3
Replies
48
Views
4K
Viktor Jaep
Viktor Jaep
sfx2000
SmartHome - myQ integration for Chamberlain/Liftmaster and HomeAssistant
Replies
2
Views
3K
oldguy
O
Similar threads
Thread starter Title Forum Replies Date
sfx2000 News Google and Apple - WiFi AP's and mapping General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 656 (members: 15, guests: 641)
Back
Top