[GRLUG] Android scare tactics article

Dan Taylor dan.taylor at darkhaven.net
Mon Nov 28 01:29:14 EST 2011


On Mon, 2011-11-28 at 00:24 -0500, Mike Williams wrote:
> Yeah, the "request permissions on install" model is a good idea, just 
> poorly implemented.
> 
> Surprisingly, another environment with a similar problem is Windows. One 
> of the reasons Windows is so hard to secure is that so many programs 
> will not run in a non-administrator account, tempting people to run as 
> administrators. Vista tried to fix that with the first version of UAC, 
> but the prompts popped up so often people disabled it. It's not that UAC 
> was too sensitive; all the things programs were doing should have 
> required user confirmation. I think Microsoft was hoping to pressure 
> developers into better coding practices, but they relented and softened 
> UAC for Windows 7. Quite a bit of malware can now install itself without 
> triggering the "quieter" UAC settings.

How this is any different than the Linux model of allowing root
privileges to install/remove rpm/deb/whatever packages?  

Privilege escalation is nothing new, and still is possible on all
platforms to varying degrees with no user intervention whatsoever.  The
whole sandboxed approach that Android takes is somewhat better but still
isn't perfect.  Regardless of the OS, the weakest link is ultimately the
end-user clicking "authorize", clicking "OK", typing in their password
for sudo, etc. as far as applications are concerned.  

Ultimately, it all boils down to the source code availability starting
from the hardware's firmware, to the OS, its drivers, and all the way up
to the software that runs on top of it all and the ability to audit
things yourself.  Debian is currently about as close as one can get to
that from the OS on up, in my book at least.

I'm diverting off-topic here, but one major reason I ditched Ubuntu
(besides unnecessarily splitting the Linux community with the whole
Unity craze when Gnome 3 is doing a fine job) was the ubuntu-specific
apt-key net-update vulnerability
( http://seclists.org/fulldisclosure/2011/Sep/221 ) .  It's been quietly
buried and you will be hard pressed to find it discussed anywhere on the
internet, or among Ubuntu developers other than "oh, we disabled that".
How many Ubuntu systems world-wide that were potentially owned by MITM
attacks and generating fraudulent GPG key signatures on packages by
various corrupt governments/entities makes you wonder about what is
really going on.  It's trivial to get a user to authorize installation
of package updates so long as the signatures "check out" in the name of
bug fixes and security patches.

If you can't trust the people signing off on these changes, you can't
trust the distribution.  

- Dan


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list