this post was submitted on 12 Jul 2023
30 points (78.8% liked)

No Stupid Questions

36163 readers
546 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS
 

Which platform would a typical IT guy be more on guard against?

While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren't hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people's personal phones?

top 31 comments
sorted by: hot top controversial new old
[–] jesterraiin 31 points 1 year ago (1 children)

It depends purely on the user, his or her knowledge, activities, choices.

[–] [email protected] 24 points 1 year ago (1 children)

That's a weird question, you are comparing a desktop OS with a phone OS (except you are talking about Windows phones, but I don't think you are?).

All it takes to kill your Windows installation is double clicking a random .exe file (and being unlucky that Windows doesn't warn you about this particular file). And nope, if it is a custom program your antivirus won't detect it either. Every time I hear of a company getting a crypto locker on their systems it was over a Windows PC (mostly by email). I haven't heard of your average company getting compromised by a phone yet (but those phones usually don't have network access to shared drives..).

Android is relatively locked down, a lot more than Windows. Even if someone sends you malware per email, there is no easy way to execute it on your phone. It's also not true that you can just install a rogue APK in two clicks, you have to do the following steps:

  1. Open the Settings app on your Android device.
  2. In the Settings menu, tap Apps.
  3. Tap Special app access (or Advanced > Special app access).
  4. Tap Install unknown apps.
  5. Select an app to use to install an APK fileβ€”your browser and file management apps are the best option here.
  6. Tap the Allow from this source slider to allow APK files to be installed via that app.

Definitely not something that happens by accident :)

Overall for your average user I'd say Android is safer.

[–] [email protected] 19 points 1 year ago

I mean, it literally takes just two taps to install a rogue apk

Unlike Windows programs that get downloaded & installed willy nilly? The Play Store is at least somewhat vetted and by default you can't install third party apps.

[–] RanchOnPancakes 18 points 1 year ago (1 children)

All software is unsafe. Leave behind software. Pure hardware is the future.

[–] [email protected] 11 points 1 year ago (1 children)

Agreed.

Sent from my Typewriter

[–] [email protected] 6 points 1 year ago

Agreed

Carved on my Tablet

[–] [email protected] 13 points 1 year ago (2 children)

Hard to tell, but I would say Windows. It’s easier to fool users to download and run arbitrary executable files like ILOVEYOU.txt.exe on a PC. On Android you need to go through many more hoops and turns to run some unverified executable.

Although Windows is pretty well guarded these days.

[–] [email protected] 4 points 1 year ago (1 children)

Windows has a bunch of warnings if you try to download a virus. It even deletes it so you can't run it. On stock android, I've experienced that it will give you red flags if you try to download any .apk. There are also downright malicious apps in the official Play Store too so downloading the recommended way isn't safe either. Can't say too much about Window's store but idk anybody who actually uses that but I bet there are a couple malicious apps in there also. However, I think Windows has more protections in place out of both of the platforms.

[–] [email protected] 7 points 1 year ago

I don’t think the average user knows how to run apk files on Android. On Windows running an exe is just like opening any other file.

Malicious apps on Play store can be removed by Google. No one uses Windows App store to download programs.

But I agree that once a user manages to run a malicious apk file they’re probably more vulnerable than the Windows user.

[–] [email protected] 3 points 1 year ago (1 children)

Although Windows is pretty well guarded these days.

Besides all the unpatched vulnerabilities and zero-day exploits, of course.

[–] slazer2au 3 points 1 year ago

And android doesn't? Have you seen any pwn20wn contests? Every vendor has bugs I would argue that due to the fractured android market they have more known problems that phone vendors aren't patching.

Ms at least has a known patch cycle of the second Tuesday of each month.

[–] [email protected] 8 points 1 year ago

Purely on equal terms, Windows is more unsafe.

[–] [email protected] 7 points 1 year ago

I think it depends on what you mean by safe. Do you mean privacy of personal data or protection against malicious software?

If you mean safe in terms of malicious software, probably Android is safer since there's more vetting with respect to software installation. On Windows the simple act of downloading and opening an exe file can install malicious software. Most Android apps are installed through the store where programs are vetted. It's possible to sideload stuff on Android (download and install an apk), but most people don't go to the trouble. It's not enabled by default and it's not a trivial process to do it.

If you're talking in terms of securing private data, I'd say Windows because there's more control over the data programs can access. Android programs have a lot of access to data on your phone by default and you have to specifically disable it. Windows programs don't have access by default and you have specifically enable it.

If you want to go full paranoid with respect to telemetry, it's much easier to do that with Windows since you have easy access to low level configuration settings through regedit, also the group policy editor. In other words you can configure a Windows machine to disallow any telemetry and MS even provides a guide for it in their online technical documents.

[–] erev 6 points 1 year ago (1 children)

I'd say Windows. Android can be more insecure but the Android ecosystem is so fragmented that it's difficult to write malware or exploits that are ubiquitous or even work outside a specific Android ecosystem.

Windows is just kinda a hot mess and has tons of legacy stuff that can be compromised. The attack surface is larger on Windows imo.

[–] [email protected] 1 points 1 year ago (1 children)

Don't all Android systems (at least on the same version) have the same APIs and file systems? Don't apps made for Android run on all Android devices running the targeted version? Why would the cosmetic layers of adware that OEMs pile on AOSP turn phones into different ecosystems that don't interoperate?

[–] itsJoelleScott 2 points 1 year ago

Well, for example, Android phones need to be rooted for full system access, for example. That's a series of hoops to jump through. Same goes for installing a malicious .apk. A windows user just needs to click through a AUC prompt and the lovely has keys to the city. That's before we touch the wonder that is admin PowerShell.

I suppose the ratio of how much knowledge the average person knows about tech to "dangerous" behavior naturally taught by the OS is higher, I suspect, on Windows.

[–] krayj 6 points 1 year ago

Mobile Device Management (MDM) tools have come a LONG way in the past decade and are now very good at thoroughly locking down both iOS and Android devices. Any enterprise wanting to ensure the absolute security of their mobile devices can do so with ease.

At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions.

This hasn't been true for about 10 years...at least not in the enterprise. Administrators can enforce the same or greater control over client mobile devices using modern Mobile Device Management tools.

How would someone handling infosec in an organization control security on people’s personal phones?

If you take infosec seriously, you aren't going to let your users have access to any corporate data or systems (and that includes email) using their personal devices. If you must, as a compromise, you'll restrict that access only to users of iOS or Samsung devices supporting Knox work profile, and then you'll enable the remote features necessary to monitor and/or wipe everything associated with the work profile in the event the device is lost/stolen or the employee leaves.

[–] [email protected] 6 points 1 year ago

You're making some incorrect assumptions about Android. You can absolutely have company-owned Android phones that are enrolled in management systems that lock things down and only allow pre-approved apps. Same as Windows.

Both platforms allow you to assume your users are stupid and force them to be safe, IF you have ownership of the device. Both are as safe or unsafe as you allow them to be.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

By far windows, windows lacks or doesn't fully utilize features like full verified boot, sandboxing which means even if a program installs itself it still has to ask for permission for mic, camera, etc. Adding on to the issues even the programs themselves can be unsafe. Running a program that uses a memory safe programming language is pretty rare and a lot of vulnerabilities come from memory allocation and buffer overflow bugs. Android attempts to mitigate these issues by sandboxing every app, all phones ship with verified boot and full disk encryption, and usually have a memory allocator of sorts. And if you run a degoogled ROM you'll mitigate the privacy issues by not having Google play services installed.

If you need some way to monitor these devices as an admin there are apps on android that allow this functionality, iOS has similar admin features.

edit: typos edit 2: added information

[–] [email protected] 2 points 1 year ago

If you are to just hand the platform over for a random person to use I feel Android is much less risky. Most people aren't going to go install random apks. Google play store is better than them going off to download random exes even with sketchy apps on there. There's less likely to go wrong on a phone OS. I've never been prompted randomly to download and install a random apk, but I do use Adblock so not sure how frequently using a browser without that on Android would lead to a random person unknowingly downloading then installing an apk after a pop up asks them to.

[–] Smallletter 2 points 1 year ago

Androids operating system is pretty locked down, users have restricted abilities to control their own system compared to windows, where most consumers are local admins who can easily run something malicious without realizing it.

[–] Izzy 1 points 1 year ago

Personally I'd say Android because that implies it is running on a phone with a GPS tracker. Even its proper operation feels unsafe to me with constantly sending location data and other data to major corporations.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (2 children)
[–] [email protected] 3 points 1 year ago

Hi there! The links in your response are not clickable for Lemmy users, here are the clickable versions: [email protected]

[–] Thekingoflorda 1 points 1 year ago

Just so you know, you don't need to tag the community and/or OP to make this reaction part of that thread.

[–] [email protected] 0 points 1 year ago

Both are horrible if you don’t have good remote management.

load more comments
view more: next β€Ί