undefined | Better HN

0 pointsacdha2y ago0 comments

This is a pretty simple concept: the easier it is to run code on a device, the more options attackers have to trick users into installing it. Whether or not you follow the field, we have at this point 4+ decades of experience with people getting compromised because they installed something they thought was safe, and over that time we have seen attacks get more sophisticated as operating systems added safeguards. We’ve also seen the rise of entire businesses built on software which does things users wouldn’t have agreed to had they been fully informed. There’s a spectrum from classic malware to the quasi-legal stuff: spyware for governments or businesses who don’t trust their users, abusive spouses, or parents with control issues; and companies like Facebook who provide legitimate apps but also deeply detest transparency about the data they collect or how they use it. All of those represent enough money that they can provide polished apps, install instructions, customer service, etc. and many of them try to conceal their activities enough that all of the major operating systems have added limits to what applications or even administrators can access or run in the background, mandatory notifications when something sensitive like using your camera or microphone is requested, etc.

Apple’s answer to this was the App Store’s strict limits which has been effective (a lot of stalkerware has detailed instructions for sideloading in on an Android phone but either doesn’t support or has far less functionality on iOS) but that’s not the same as saying that’s the optimal balance for users. The EU is also interesting because they have strong privacy laws, so it might be the case that it’s not so bad there but would be a disaster in the U.S. without such restrictions making it riskier to hide intrusive activity. I would like to try other models but I also think that the more successful ones will look like what Apple announced where the model isn’t just “game over, buy a new phone” if someone ever makes a mistake about who they trust.

0 comments

cubefox2y ago

If it would be a disaster on iOS, it is already a disaster on Windows. It is not a disaster on Windows. Therefore it wouldn't be a disaster on iOS. (Modus tollens)

acdhaOP2y ago

Have you ever done any Windows support? I have, and there are very, very few people you can trust not to install dodgy software if they have the ability to do so. No matter what level of warning dialog you put up, there’s some guy at a call center in India making good money walking your grandfather through the process of installing their root kit so he can help them fix their online banking.

Again, I’m not saying this isn’t a trade off with real consequences but if you want to contribute to the conversation, at least acknowledge the millions of people who’ve suffered severe embarrassment, lost money or even their lives because they trusted the wrong person’s software. This is bigger than your emotional relationship with Apple.

cubefox2y ago

As far as I know those Indian call centers usually use software like AnyDesk. This is not malware. In fact, it is already available in the App Store:

https://apps.apple.com/us/app/anydesk-remote-desktop/id11761...

So I don't see how this could be a big problem.

2 more replies

lwkl2y ago

Have you forgotten all the extortion that happens because of all the encrypted files? Just because people kept opening bill.pdf.exe.

A lot of companies don‘t allow their users to download any files from cloud services an quarantine and manually review e-mails with attachments and download links. A lot of companies running Windows are also starting to use AppLocker which is a way to only allow whitelisted executables to run. So yes this is a huge problem and billions of dollars are spent on it (be it losses through attacks or money spent on countermeasures).

j / k navigate · click thread line to collapse

0 pointsacdha2y ago0 comments

0 comments

cubefox2y ago

If it would be a disaster on iOS, it is already a disaster on Windows. It is not a disaster on Windows. Therefore it wouldn't be a disaster on iOS. (Modus tollens)

acdhaOP2y ago

cubefox2y ago

As far as I know those Indian call centers usually use software like AnyDesk. This is not malware. In fact, it is already available in the App Store:

https://apps.apple.com/us/app/anydesk-remote-desktop/id11761...

So I don't see how this could be a big problem.

2 more replies

lwkl2y ago

Have you forgotten all the extortion that happens because of all the encrypted files? Just because people kept opening bill.pdf.exe.

j / k navigate · click thread line to collapse