Windows insecurity is the stuff of Android’s future

No matter how you look at this, Google’s weekend remote wipe of malicious apps from users phones is just ugly, ugly, ugly. Scores of infected apps have been identified on the Market and searchzilla isn’t saying which or if all have been marked for death, and then there’s the involvement of law enforcement.

Google Mobile Blog reports the company used the kill switch built into Android over the weekend to forcibly remove “a number” — how many is that exactly? — malware apps from user phones. The apps, which we can only assume include some or all of the 50-plus identified by researchers, have also been removed from the Android Market.

“We are remotely removing the malicious applications from affected devices,” Google wrote. “This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.”

Google says it updating Android devices to block the exploit hidden in copied legitimate programs to prevent any further compromise of user data. Further, they’ve notified law enforcement about the activities of some unknown number of these malicious apps developers.

Wrong approach, wrong result

Thereupon, Veracode CTO Chris Wysopal told Forbes that he believes Google is likely introducing signature-based scanning to the Android Market, a tool for identifying malware and making sure that similar instances of malicious code are blocked from the Market in the future, just like viruses are identified and blocked by signature-based scans on Windows PCs.

And, golly gee whiz we all know how well that’s worked on the PC!

Additionally, Google’s working on a fix that must be distributed by their partners and not pushed directly users. Again, golly gee whiz we all know how well that’s worked out for Android users in the past — there are literally millions of Android 1.6 devices that will never see another update of any kind.

Wanna avoid malware on an Android 1.6 device — yeah, you’ve got months to go on your contract — then you better buy a new phone and be ready to pay for the privilege of breaking the contract.

Pain for users, jail for perps

There is no form of crime prevention that’s foolproof and, if one existed, it would probably be morally repugnant. However, the involvement of police, prosecutors and lawyers in general signals failure as the crime has been committed and victims hurt.

Thereupon, Google’s approach to Android is just flawed. It’s open, wide open to any scumbag, or dumb kid, with a compiler and only addresses problems after they’ve been identified, after people have been hurt.

Thereupon, when you send criminals to jail at least one-in-three comes out of jail a much better criminal with better connections and not reformed in the least. Moreover, these are people with software development skills and they’re more use to us without criminal records.

I’m not saying Apple’s App Store nanny approach to iPhone security is perfect or that there aren’t any malicious apps on the store right now, but leaving users to fend for themselves until after the fact is wrong. Also, whereas it’s really easy to hate the perpetrators, pigeon holing them as evil and prone to doing evil, how can giving them a smaller opportunity to do bad be a bad thing?

That said, Andriod users, the Microsoft Windows security model is your future and the viruses, spyware, adware and general malware malaise are just a part of life. Get used to it or demand better from Google…

What’s your take?

• 

Related posts:

1. Windows Phone, and Gaddafi, will rise again!
2. iOS more secure than Android
3. About competition from the Androids
4. Adobe to give drones Androids
5. Penguin iPhone game hides nasty Trojan surprise