Insecurity expert Steve Chang, who is the chairman of Trend Micro, has just declared himself the sworn enemy of the Open Sauce movement by saying that Android is less secure than the iPhone because it is Open Sauce.
Chang claims that because Android was open sauce a hacker could understand the underlying architecture and source code and work out new ways to do it over.
Steve Chang said that you had to give credit to Apple, because they are very careful about it. It's impossible for certain types of viruses to operate on the iPhone.
Of course the comments will be greeted by a "what the fsk" from almost everyone in the industry. Apple's iPhone security is faith based and the shiny gear is the first to get knocked over during Black Hat competitions. If a security error is spotted it takes time for Apple to admit it, let alone fix it. Open Sauce problems are usually fixed quickly.
Open Saucers can claim, with some validity, that security problems in Android can be swiftly spotted and fixed because people know the system very well.
In short does Chang know what he is talking about? He appears to be mostly talking about the application vetting process. Anyone can write code for Android, but getting code approved by Jobs' Mob requires the developer to juggle flaming swords over a pit of hungry crocodiles while smeared with bacon grease. Obviously with central controls like that it is possible to weed out a few rogue applications that spread malware.
But that is not actually what Chang said. He actually blamed the Open Sauce process for making Android less secure. Which it doesn't. He added that Apple has a sandbox concept that isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners. However that does not make it more or less secure, it just means that you have to use a different attack vector.
Chang said he's betting Android users will start to buy more security software for mobile devices. This is fair enough, however how much security software is there for the iPhone? For years Apple hardware has based its security on faith alone and depends on hackers not bothering to attack the minority OS. How is it that Trend Micro can believe that Apple is safer and, more to the point, why would you trust a security company that spouts such rubbish?
Chang's comments might have something to do with the fact that this week Trend Micro released Mobile Security for Android, software that users can install on a mobile phone to block viruses, malicious programs and unwanted calls. So if Android users feel secure they will not buy Chang's app.
But you have to wonder if Apple's security so wonderful, why Trend has been running its Mobile Security App for the iPhone for a while now?
Chang admitted to Business Week that Apple's iOS wasn't fully immune to security threats and may be hit with so-called social-engineering attacks, which tricks users into authorising the download or installation of malicious software. But not viruses? So what does Trend's AV software for the Apple do?
Given this weird message, it is not surprising that Trend Micro's 2010 revenue is expected to have dropped 1.3 percent and its net income is forecast to be 22 percent lower.
The Trend Micro ad inserted adjacent to the article was a source of amusement for me...
http://www.reluctantgourmet.com/sauces.htm
Apple.. Open Sauce.. Apple Sauce..
Very Clever!
Apple Sauce...
I see what you did there.
It's less secured because it's open-source???
how the heck can you call this guy "security expert", it's more likely to call him "Mega-Retard"...
Shame on you Trend Micro aka Epic Fail "Security" company.
Try to sell your fake AV elsewhere.
Study this next sentence very carefully. Learn it well:
A joke is only funny... once.
I had a boss that ALWAYS said "right arm" instead of "right on," and "internet exploder" instead of "Internet Explorer." Fortunately he worked in another office and mostly communicated by phone, because after the first week I generally just rolled my eyes whenever he said those things.
Quit with the Open Sauce schtick. Once may be funny (although IMO it's just barely amusing)... but when it's in every other sentence, you just look like an idiot, or at least someone with a buggy spellchecker.
http://www.theinquirer.net/inquirer/news/1016083/the-inquirer-guide-inquirer-jargon
He obviously doesn't know what is talking about, or got paid by Apple "sauce" to talk a load of crap about Andriod!
But it is security by obstruction in regards to actual socially engineered viruses in that most malicious trojan horse apps are unlikely to ever be approved by apple. Of course, this means that it is almost immune to that kind of viruses, but it also means that it is a gate that is completely closed. It will eventually translate into less apps being made for the iphone because the gate keeper decides what users can install and what they cannot and eventually apple's abuses like not enabling certain apps from competitors will make them pay.
VLC's case is egregious in that a great app that many users found useful was banned because of apple's obstructionism "security" model. Users wanting to use software like VLC will have to stick to android.
So, in regards to viruses, an iphone is more 'secure' than an android phone, but that's because of the hugely restricted functionality and control freakness iphones have. A similar comparison would be one between Microsoft windows and a SNES. There are less viruses for the SNES, but windows allows developers to make and release apps on their own pretty easily.
Ultimately, I'd dare predicting that just like windows vs. Mac, users will end up choosing the platform that has more apps due to development being much freer and easier.