Java and Android "wide open" in 2013

Started by Gary, Jan 19, 2014, 08:08:42

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Gary

While it was another tough year for network security all around, 2013 was particularly hard on users of Java and Android, new research from Cisco has found.

According to the networking giant's latest Annual Security Report, Java flaws were responsible for 91 per cent of all web-based exploits in 2013. Meanwhile, fully 99 per cent of all mobile malware discovered during the year targeted Android, as did 71 per cent of all web-based attacks on mobile devices.

http://www.theregister.co.uk/2014/01/17/cisco_dont_like_malware_phishing_etc_stay_away_from_java_and_android/
Damned, if you do damned if you don't

Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#2
Quote from: Glenn on Jan 19, 2014, 08:27:58
Not surprising as Android accounts for approximately 81% of the smartphone sales. http://news.cnet.com/8301-1035_3-57612057-94/android-dominates-81-percent-of-world-smartphone-market/
Also there is a huge amount of malware written for it. There are a hell of a lot of iOS devises though and malware targeted at them is only 0.7% according to the department of Homeland security. If Network operators pushed out patches and also manufactures that would help, but handsets get abandoned fast. The Galaxy Nexus isn't getting KitKat, along with the HTC One X and X+. The HTC handsets were released in 2012 so not exactly that old.
http://www.zdnet.com/no-kitkat-for-htc-one-x-and-x-devices-to-stay-frozen-on-jelly-bean-4-2-2-7000025129/

http://www.tuaw.com/2013/08/26/u-s-government-finds-0-7-of-all-mobile-malware-affects-ios-wh/
Damned, if you do damned if you don't

Technical Ben

Quote from: Gary on Jan 19, 2014, 08:08:42
While it was another tough year for network security all around, 2013 was particularly hard on users of Java and Android, new research from Cisco has found.

According to the networking giant's latest Annual Security Report, Java flaws were responsible for 91 per cent of all web-based exploits in 2013. Meanwhile, fully 99 per cent of all mobile malware discovered during the year targeted Android, as did 71 per cent of all web-based attacks on mobile devices.

http://www.theregister.co.uk/2014/01/17/cisco_dont_like_malware_phishing_etc_stay_away_from_java_and_android/

Strange how people I know with iPads/iMacs still send me unsolicited virus spam emails. It's down to the user on phishing 99% of the time (the other 1% is human error and good copies that are undetectable).
I use to have a signature, then it all changed to chip and pin.

Gary

#4
Quote from: Technical Ben on Jan 19, 2014, 09:09:40
Strange how people I know with iPads/iMacs still send me unsolicited virus spam emails. It's down to the user on phishing 99% of the time (the other 1% is human error and good copies that are undetectable).
Its not up to iOS/OS X devices to filter out virus spam that does not effect it. Your provider and your security should do that anyway.You can download an app from Intego though that finds virus emails so you can be a good netizen and not pass it on. As for the scam type where it relies on user interaction I see plenty of that coming my way from Windows and Android too. That's down to users not being aware sadly, or having particularly bad spam filtering.  ;)
Damned, if you do damned if you don't

Technical Ben

Yeah, that was not a dig at the OS, sorry. It's at people who think they either know everything (so don't need to listen so security advice), or think that it's all the fault of the OS.

I'll agree that iOS is one of the most secure. But at the same time, it's not like Windows Mobile or Android devices get that many drive by hijackings.
I use to have a signature, then it all changed to chip and pin.

pctech

I think the reason iOS has less malware written for it is that, to Apple's credit, they do thoroughly check the code before allowing apps on the app store and don't permit sideloading as can be done with Android by disabling the signature check although I did read that this can be worked around anyway.

Have never felt the need to sideload myself and have avast AV and malwarebytes running on the phone.