Close X
Log In
If you are not a member,
register now
Email
Password
Forgot Your Password?
New User? Register now
to gain member-only access to all of IT World Canada's premium content & community portals.
Log in for Full Access |
Log In
|
Subscribe Now!
Follow
IT World Canada
Knowledge Centres
Community
Publications
Events
Services
Media
Communications Infrastructure
•
Carriers and Cellular
•
Networking
•
Voice, Data, and IP
Security
•
Alerts, Patches and Fixes
•
Disaster Recovery
•
Hacking and Viruses
Enterprise Business Applications
•
Business Intelligence
•
Enterprise Resource Planning
•
Open Source and Linux
Enterprise Infrastructure
•
Data Centre
•
Servers and Mainframes
•
Virtualization
Government
•
Case Studies and Best Practices
•
Collaboration
•
Policy
Leadership
•
Budgeting / IT Alignment
•
Industry News
•
Issues for CIOs
Information Architecture
•
Data Warehousing
•
Databases
•
Messaging and Collaboration
Integrating IT
•
Development Environments
•
Middleware - Utilities
•
Project Management
Green IT
•
E-Waste and Recycling
•
Green thinking
IT Workplace
•
Careers and the Job Market
•
Consulting and Contracting
•
Human Resources Issues
•
Women in IT
Departmental and End User Computing
•
Future Technology
•
Help Desk and End-User Support
•
Mobile Applications
All IT World Blogs
Featured Blogs
•
All things Android
•
Career Corner
•
Enterprise Insights
•
Security
ComputerWorld Canada Blogs
•
Shane Schick's Computerworld
•
World Wide Webb
•
Blogosphere
•
Techbuzz
CIO Canada Blogs
•
CIO Canada
•
Candid CIO
NetworkWorld Canada Blogs
•
Network World
•
Industry Watch
Guest Blogs
•
Stuff IT Managers Like
•
CDN Varbose
•
Making IT Work
Wikis
•
IT job Descriptions
•
CWC In Conversation
Groups
•
Finance
CIO Canada
ComputerWorld Canada
Network World Canada
Computer Dealer News
Direction Informatique
IT Business.ca
Click Here to Subscribe Now!
ComputerWorld Canada Events
•
Computerworld Interactive
•
Computerworld IT Leadership Awards
•
Computerworld Technology Insights
Feature Events
•
Visability - Social Media
•
Technicity
Events for Government
•
GovSym Symposium
•
Lac Carling
Computer Dealer News Events
•
CDN Channel Elite Awards
•
CDN Top 100
•
Computer Golf
Events for CIOs
•
CIO Exchange
•
CIO Frankly Speaking Breakfasts
•
CIO Frankly Speaking @ Your Desk
More Information on
IT World Canada Events
IT World Canada Curated
Job and Career Resources
•
Canadian IT Jobs
•
IT Sales Jobs
•
Salary Calculator
•
Tech Learning Space
Knowledge Services
•
CDN ProFIT - Turnkey Marketing solutions
•
Visability
•
Knowledge Store
Subscribe Now- Register
Slide Shows
Videos
White Papers
Webinars
Hot Topics:
Oracle
•
software developers
•
SAP
•
ERP
•
videoconferencing
•
hacking
•
DDOS attack
•
SAS
•
programming languages
•
layoffs
•
Search
SHARE
Home
>>
Departmental and End User Computing
Symantec compares iOS and Android security
By:
Mikael Ricknas
On:
28 Jun 2011
For:
IDG News Service (Stockholm Bureau)
Apple's iOS wins in most categories, but neither offers protection against phishing. According to Symantec, possible weaknesses in iOS include its encryption
Apple Inc.'s
iOS
and Google Inc.'s
Android
smart phone platforms are more secure than traditional desktop-based operating systems, but are still susceptible to many existing categories of attacks, according to
a 23-page report from security software vendor Symantec Corp.
The good news is that Apple and Google designed their respective operating systems with security in mind. But keeping up with a constantly changing threat landscape is difficult. In the report, "A window into mobile device security," Symantec evaluated the two operating systems for how they stood up to Web-based and network-based attacks, social engineering attacks, attacks on the integrity of the device's data, and malware.
Users of both Android and iOS smart phones and tablets regularly synchronize their devices with cloud services and with their home desktop computers. This can potentially expose sensitive enterprise data to systems outside the control of the enterprise, according to Symantec.
When it comes to protecting against traditional malware, Apple's certification of applications and developers protects users, according to Symantec. On the other hand, Google's less rigorous certification mode has arguably led to today's increasing volume of Android-specific malware, the company said. Earlier this month Google
had to remove yet more malware-infected apps offered in its Android Market.
Google's more open approach has been one of the reasons for its success, according to Ben Wood, director of research at CCS Insight. It has helped Google to quickly increase the number of available applications. So far, the offending apps haven't had a major affect on users, but user sentiment could change quickly if they are hit by more severe attacks, Wood said.
As has been pointed out by security experts in the past, Android's reliance upon the user to grant a set of permissions is a weak link. A majority of users are simply not technically equipped to make these security decisions. In contrast, Apple's iOS platform simply denies access, under all circumstances, to many of the device's more sensitive subsystems, according to Symantec. On Android, a malicious app simply requests the set of permissions it needs to operate, and in most cases, users happily grant these permissions.
On the plus side, Google does require that developers pay a fee and register with the company to be able to distribute their apps via the official Android App Marketplace, Symantec said.
Possible weaknesses in iOS include its encryption, according to Symantec. The majority of the data is encrypted in such a manner that it can be decrypted without the need for the user to input the device's master passcode. This means that an attacker with physical access to an iOS device can potentially read most of the device's data without knowing the passcode, Symantec said. In February, researchers in Germany showed
how they could do this in six minutes
on an iPhone running iOS 4.2.1, Symantec warned.
Also, attacks against specific applications like the iOS Web browser, while being self-contained and blocked from impacting other apps, can still cause significant harm to a device.
Android recently began offering built-in encryption in Android 3.0. However, earlier versions of Android, which are running on virtually all mobile phones in the field, contain no encryption capability.
So far, security researchers have uncovered about 200 different vulnerabilities in various versions of iOS. But the vast majority of these vulnerabilities have been of a lower severity. To date, all but four of the 18 vulnerabilities on Android have been patched by Google. One has been fixed in version 2.3, but it has not been fixed for prior versions of the operating system. For example, the recent Android.Rootcager, also known as Android.DroidDream, and Android.Bgserv threats both leveraged this vulnerability to obtain administrator-level control, according to Symantec.
Symantec also has a word of warning for users with jailbroken smartphones. They are an attractive target for attackers since they are every bit as vulnerable as traditional PCs, it said.
Symantec concluded that iOS offers better access control, application provenance and encryption. Google's Android offers better application isolation, and the permission-based access control category is a tie, according to Symantec. Apple also offers better protection against malware attacks, service attacks, data loss and data integrity attacks. Both offer full protection against Web attacks, and no protection technologies to address social engineering attacks such as phishing or spam.
Security on smart phones is a growing challenge that vendors need to address, according to Wood. Large-scale attacks can end up having a detrimental effect on smart phone popularity, he said.
Sign up for our
Newsletters
Tags:
security strategies
,
Symantec
Close X
Your Name:
Your E-mail:
Friend's Name:
Friend's E-mail:
Close X
|
Views:
1868 |
Rating:
(0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.
Close X
Page
1
Quick Access
Video Conferencing
Cloud Computing Resource Centre
CIO Canada's Brainstorm Centre
CIO Canada Debate
Mikael Ricknas
is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.
Related Content
5 Technology Security Myths, Busted
If you think virus writers ignore Apple Inc.'s platform or that free anti-virus programs are useless, think again. Find out about wireless device security and how safe the Firefox browser really is
The Demo: Madeover Internet and AV security
Symantec Corp. says its Norton Internet Security 2009 and Norton AntiVirus 2009 comes with 300 changes, including a new underlying architecture
Hacker attacks getting more targeted and subtle, says report
Corporate IT managers should re-double efforts to guard against targeted attacks, which will increase in scope and subtlety this year, according to security experts.
Cyber crooks getting cleverer
by joaquim p. menezes - several years ago, john roese – when he was chief technology officer of enterasys networks (he’s now cto of nortel) comme
Please enable JavaScript to view the
comments powered by Disqus.
blog comments powered by
Disqus
Related Videos
Cloud Computing: Extending the Network (3 of 3)
Cloud Computing: Extending the Network (3 of 3)
-
The end goals of private cloud computing are to; Enable efficient delivery of IT resources and services; Give the enterprise complete control over data; Enable choice in technologies and service providers
Cloud Computing: Getting to One Network (1 of 3)
Cloud Computing: Getting to One Network (1 of 3)
-
In this first video of the series, the team will take you through how to consolidate the different types of traffic onto a single, general-purpose, high-performance, highly available network that greatly simplifies the network infrastructure and redu
Cloud Computing: The Unified Compute Model (2 of 3)
Cloud Computing: The Unified Compute Model (2 of 3)
-
In this second video, the team will look at how to unite computing, networking, storage access, and virtualization into a single cohesive system. The Unified Compute model prepares you for cloud computing. This will be discussed in the next and fin
Frankly Speaking - Cloud Computing
Frankly Speaking - Cloud Computing
-
IT World Canada's John Pickett and IBM Canada's Richard McDonald discuss why organizations should care about cloud computing, what benefits it can yield and risk issues concerning security and resilience.
2008 CDN Top 100 Event Overview
2008 CDN Top 100 Event Overview
-
Every year CDBN and Partner Research Corp. rank Canada's Top 100 Solution Providers in the IT channel. Watch highlights of this years event.
more from the:
Video Library
Take Our Poll
Most Popular
Articles
Most Viewed
Most Emailed
Top Rated
Most Viewed
Most Emailed
Top Rated
Shaw wins Internet deal with city of Winnipeg
By: Howard Solomon (16 May 2012)
Shaw Communications has scored a big win in its campaign to extend its services to municipalities. The Calgary-based cableco won a bidding contest to ...
The cost of open data: A Canadian lawyer's analysis
By: Lou Milrad (14 May 2012)
We’ve started hearing a lot over the last year or so about “open data”, particularly in the municipal sector. It’s all ab ...
Rogers offers lure to M2M developers
By: Howard Solomon (11 May 2012)
Network operators are always looking for ways to expand the way organizations can use their networks beyond voice and data centre traffic. To encour ...
Canadian employee survey indicates dark view of cloud
By: Shane Schick (16 May 2012)
If Canadian enterprises are using cloud computing, their employees may be the last to know. A recent research bulletin from Toronto-based Pollara of ...
Researcher runs IP network over xylophones
By: Joab Jackson (14 May 2012)
NEW YORK -- Vint Cerf once wore a shirt that read "IP on Everything," a wry comment on the universatility of the Internet Protocol he helped invent, a ...
Cisco kills off Cius development
By: Paolo Del Nibletto (5/25/2012 11:56:00 AM)
In a surprise move, Cisco Systems Inc. has confirmed it will no longer invest in developing the Cius tablet device running Android.The Cius tablet was ...
Microsoft's new server and tool upgrades and CIOs
By: Juan Carlos Perez and Chris Kanaracus (5/25/2012 10:21:00 AM)
MIAMI -- CIOs and IT directors tracking the barrage of major upgrades for Windows and Office also need to stay tuned to the refresh cycle for Microsof ...
Microsoft clarifies tremendous Windows 8 claims
By: Gregg Keizer (5/25/2012 9:21:00 AM)
FRAMINGHAM, Mass. -- Reports earlier this week that Microsoft CEO Steve Ballmer predicted unprecedented sales of Windows 8 were wrong on multiple ...
How to make PHP apps scale
By: Andrew Oliver (5/25/2012 9:14:00 AM)
SAN FRANCISCO -- The power of PHP and an RDBMS is the ability to nail the major features of an application with cheaply paid developers in a reco ...
Funding rural broadband: Whatever it takes
By: Howard Solomon (5/25/2012 7:11:00 AM)
For rural communities looking to get ultra-fast broadband speeds increasingly seen in cities, there’s only one obstacle: Money. Getting it is ...
VIDEO: Why IT pros need 'soft skills'
By: Brian Bloom (23 May 2012)
Unemployment in the high-tech sector is low. But are IT pros getting the jobs they want? Stafflink CEO Tim Collins explains why having impressive ...
Why integrate Wi-Fi radios into small cellular cells
By: Ajay Kumar Gupta (15 May 2012)
FRAMINGHAM, Mass -- (Gupta is team lead at Wesley Clover Communications Solutions, which develops solutions from Canadian companies -- including Mitel ...
CEOs demand CIOs prepare for growth and mobility
By: Mark Chillingworth (15 May 2012)
CEOs have shifted their position and are releasing funds to CIOs that have innovations for mobile users and revenue generation ideas, finds the CIO Su ...
EMC mega-launch targets hybrid cloud, big data
By: Jeff Jedras (22 May 2012)
LAS VEGAS – With nearly 15,000 attendees making this its biggest user conference, IT infrastructure vendor EMC Corp. has made its largest ...
Why Eugene Kaspersky has big problems with big data
By: Jeff Jedras (22 May 2012)
NASSAU, BAHAMAS – The big data drumbeat is becoming deafening in the technology sector as vendors and analysts rush aboard the latest trend. But ...
Related White Papers
Selecting a Managed Security Services Provider: The 10 most important criteria to consider
-
Managed security services providers (MSSP) are an effective way for organizations to gain access to expert security skills, tools and processes without significant investment in technology and resources. “Selecting a Managed Security Services Provider: the 10 most important criteria to consider” details what businesses should look at when selecting one.
Unified Communications matters to enterprise success
-
Your mobile workforce, business processes and interactions across the wide world of social media demand a UC strategy. This isn’t a plug-and-play proposition, but rather a far-sighted enterprise vision that requires expertise that stretches wide and deep.
IBM Service Management for the Intelligent Utility Network
-
The Intelligent Utility Network is a significant initiative that will be driving utilities for the next ten years. But the roadmap does not need to be tackled all at once. The roadmap for each company will depend on your specific priorities. However, IBM’s experience suggests that the greatest initial value can be derived from implementing IBM Maximo Asset Management for meter asset management, and Tivoli Asset Management for IT and Tivoli Netcool technologies for managing advanced meters and SCADA equipment. IBM has successfully delivered IUN infrastructures around the world that provide superior reliability and end-to-end network data in near real time. We bring to the table the integration skills, leading-edge technology, and proven products to support every stage of an IUN initiative. To learn more about IBM’s service management solutions for the Intelligent Utility Network, contact your IBM representative or IBM Business Partner, or visit ibm.com/tivoli
Extending Collaboration to Mobile Employees
-
Mobility brings numerous benefits to business; however, each mobile worker must be matched with the right collaboration and unified communications tools.
WebSphere Application Accelerator for Public Networks
-
IBM and Akami have partnered to develop WebSphere Application Accelerator for Public Networks to accelerate web application delivery.
more:
White Papers
Close X