Tagged: malware

12
Oct
2020

Microsoft Linux: Maybe Someday

Jack Wallen over at TechRepublic has a new though provoking article out about why Microsoft should replace it’s Windows core with Linux. Basically, the argument goes that if Microsoft is intent on making open source a priority and investing in Windows Subsystem for Linux (WSL), why not go all in and move Windows over to the Linux Kernel? After all, that would unify their cloud strategy, desktop strategy, development strategy, and server strategy around one software stack.

While I think this makes a lot of sense from a IT and infrastructure perspective, it may not be all that easy in practicality. The investment Microsoft has in the Windows Kernel, between desktop and servers, is significant and runs deep. To simply throw that investment away and move to the Linux kernel requires there to be a serious ROI to overcome the decades of sunk cost if that were to happen.

There is an issue of control and the fact that Microsoft likely finds it nice to have complete control over the operating environment. Control allows Microsoft to build complimentary software that is essentially guaranteed to work exactly they way they want it to when running on their OS. Moving to the Linux kernel along with an open source desktop environment on top of it means now Microsoft has to play in the sandbox with many others. Some changes may not be in their best interest as development on these projects continue. Since Microsoft would not have direct control of the project, it won’t be up to them whether or not changes are approved.

Lastly, I continue to take issue with this notion that Linux is somehow the magic security pill that all end-users and organizations need running on their desktops. The reality is that Linux is really no more secure than Windows and an article on Tech Radar by Darren Allan pointed out earlier in 2020. Linux is perceived to be more secure because it is still not widely used outside of IT departments, academic institutions, and software developers. Find me a significant number of people that work outside of a technical field that are running Linux on their desktop then maybe I will change my tune.

Imagine of an additional billion plus devices all started running the Linux kernel. Do you think malware and ransomware authors might take more interest in attacking the operating system? If Microsoft were to create “Microsoft Linux” this is exactly what would happen and the notion of Linux is so secure would start to fall out of favor. All it would prove is that the idea of Linux being more secure was born in a bygone era. An era before Windows had a fully developed file system permissions structure and the ability to restrict certain operations to privileged users.

So while I love the idea of Microsoft moving all of their software and servers to Linux, it just doesn’t seem likely. I think they are very happy developing and integrating the WSL into their current Windows software stack. This let’s them and their customers do whatever they would like in Linux while Microsoft retains control of the core components of the OS. Microsoft can say they love open source software and contribute to the projects they like while not ceding any control of their OS to other developers.

Maybe some day there we will complete harmony among all operating systems. So long as there is a financial incentive to maintain the separately it won’t happen. I also don’t think Microsoft is at a point where they are willing to give control of the kernel and desktop environment to anyone. At that point they might as well keep developing what they have now. Forking the projects means Microsoft will be doing just as much work to maintain the functionality as they are now.

05
May
2020

EventBot Android Malware and Why I Won’t Leave the iPhone

The Hacker News reports that there is a new Android based malware called “EventBot” that is making the rounds in rogue app stores and APK download sites that are not part of the official Google Play ecosystem. In reading The Hacker News article, this sounds pretty nasty but it begs the question, why are users of Android devices are so bent on using app stores and websites that they have no way of know are providing legitimate apps or not? It makes no sense to me.

  • Is it because they don’t know any better?
  • Is it because their phone manufacturer pushes some junk alternative app store to their customers?
  • Is it because they want to use apps they can’t in the Google Play store?
  • Is it because they want to feel rebellious?
  • Is it because they don’t want to be kept down by the “man?”

I have no idea, and I don’t know why these phone users expose themselves to these risks with such a valuable trove of information sitting on their device.

Full disclosure, I am an Apple iPhone user, and probably will be forever. It’s not because I love everything Apple and must have everything Apple. Clearly that isn’t the case given my professional background. It is a combination of economic factors, security factors, and usability factors.. I am bought into the Apple mobile device app ecosystem and it is too costly to leave.

Apple Strengths

There are some things that Apple does do better than the Android community can do, primarily because it is a closed ecosystem.

  1. They keep their users safer because bad actors have a much harder time getting truly malicious software past the app store guardians. Sure there are people that jail break their iPhones, but let’s face it, they are few and far between and most users don’t care to spend the time doing so only to void their Apple Care plan.
  2. I don’t care what kind of Snapdragon processor you have in your Android phone or many milliamp-hours your battery is rated for, they just cannot outlast and out perform an iPhone. You may be able to outperform an iPhone at certain tasks and drain your battery in an hour, or you may be able to make your battery last all day but not get any performance but you won’t be able to do both easily. I have yet to see an Android phone (you can throw any Samsung SXX model out there at this) hold up against any serious comparison to the iPhone processors and battery life combination. I attribute this to the closed Apple ecosystem as well. The software written for apple devices is always highly optimized for just that platform. There is no need to trade off compatibility for performance or battery life. Android’s open ecosystem approach just can’t do this effectively when you have hundreds or thousands of device models you have to play nicely with.
  3. The phones are reliable and they don’t crash*. I can’t count the number of times I have had Android OS phones just restart on me in the past or crash outright. Maybe it was a bad app, or maybe my specific manufacturer’s device model wasn’t tested with the app. Or maybe it was a combination of the app and some random launcher I am using on my Android phone that caused it. Needless to say, my iPhone 11 pro just doesn’t crash, at all. It reboots when I want it to or when it does an update.

*assuming you aren’t running a beta version of their iOS software or trying to us a really old device with a new iOS version. If you want to be bleeding edge or never buy new hardware, you are going to have issues on any platform.

Android Strengths

On the flip side, you can do some really cool things with Android devices that you can’t do with Apple devices.

  1. You can interact with your device at the hardware level and as long as you give an app permission to do it, they can do a whole lot. Want to record phone calls? No problem. Want to quickly and easily side load an app? No problem. Want to completely change how your phone keys work? No problem. Android is all about letting people do what they want when they want. For better or worse.
  2. You can make the phone look and feel exactly how you want. Don’t like that app launcher? Change it. Don’t like the app manager and user interface? Change it. Want the light to flash purple when you get a slack message? Go for it. Again, Android is all about the ability to make the phone do anything you want, regardless of the performance and security impacts it may have.
  3. You can find a model of phone with just the features you want at the price you want. There is no “Apple tax” when buying an Android device. Just pick the model from the thousands out there that fits your needs and budget.

What is Best For Me

The nerd in me loves these things about Android, but the practical user side of me does not. When I pick up my phone I want to know that it is going to work without any issues – every time. I don’t want to worry about a new app launcher eating up my battery and destroying the CPU usage. I don’t want to worry if that app I just downloaded has malware in it it. I don’t want to have to manage app permissions at such a granular level that I have to worry about every little thing it has access to in the OS.

At the end of the day, I just want a device that works. That means iPhone with iOS will consistently be more capable and secure for my use case. I am willing to live with the lack of customization in some respects in order to have a better overall user experience with performance and security. An experience that doesn’t require my constant attention to achieve. I have enough other things to worry about each day, my phone should not have to be one of them.

23
Mar
2020

Information Security in the Age of COVID-19

The Hacker News is running several interesting articles related to information security and COVID-19 as they relate to emerging threats. Specifically, the threats that a newly mobilized remote workforce faces when many of them have little on detecting threats outside of their normal work environment. While the article referenced specifically touts Cynet’s service offering, the guidance offered is applicable across the board.

Take for example, all of your new remote workers who are receiving all or some of their direction via personal communication channels whether they be phone, SMS, or email. How many of these staff are capable of discerning phishing messages on their personal devices? It is one thing when they have a corporate suite of products assisting them to make these judgement calls, but when they don’t have those can they still be trusted to determine who the bad actors are? In all likelihood the answer is going to be that remote workers are going to be less capable of protecting themselves without new training programs and time to become acclimated to their new reality. COVID-19, however, has made it so there is no time to do so in the face of mandates to have 100% of your workforce out of the office. Introducing new training for these workers about how to protect themselves in this chaotic time is going to be crucial not only for them but also for the well being of the organization as a whole. In addition to training, all information security teams should be looking at how to best to detect unauthorized data loss as well as unauthorized access into corporate networks. It also goes without saying that any remote access solutions should also be protected by two-factor authentication.

Be well, be safe, and secure your networks.

Jonathan Cilley

Follow me on Twitter