Follow Slashdot stories on Twitter


Forgot your password?

How Apple's iOS Went From Insecure To Most Secure 312

GMGruman writes "There's no such thing as a perfectly secure operating system, but security experts agree — somewhat grudgingly in some cases — that iOS, Apple's mobile operating system, is the most secure commercial OS today, mobile or desktop. It didn't start that way of course, and Robert Lemos explains what Apple did to go from insecure to most secure."
This discussion has been archived. No new comments can be posted.

How Apple's iOS Went From Insecure To Most Secure

Comments Filter:
  • by poetmatt ( 793785 ) on Tuesday June 07, 2011 @02:27PM (#36365438) Journal

    not only that, but the comments are hilarious as are the arguments:

    * A sandbox isolates programs, and iOS's memory organization makes exploitation more difficult.
            * Applications that run on the iOS are vetted by Apple and can be removed if found to be malicious.
            * Patches can be quickly applied to the iPhone and iPad to close security holes in the operating system.
            * The software is regularly reviewed, especially its open source components.
            * The platform has the advantage of attacker psychology -- attackers still target smartphones far less than desktop systems.

    This is hilarious, considering that the sandbox is the only true thing. Patching is known to break things continually (and done to break things - hello anti-jailbreak?), apple doesn't vet third party apps - you think they vet the browsers or MS office on mac? Said things are open and known security breaches. Same argument can be made for microsoft and google's first party apps being vetted (no shit) on that, and I'm not even a microsoft fan.
    Attacker psychology? What joke of a phrase is that? That's as anecdotal as it gets.

    So in summary, the thing apple does right is put things in a sandbox. that is all. Infoworld sure does have a hardon for apple sometimes.

  • by mr_lizard13 ( 882373 ) on Tuesday June 07, 2011 @05:54PM (#36368480)
    Okay, I'll tear a hole in your comment piece by piece then.

    It updates without asking people..

    No it doesn't. You have to connect the device to your computer, launch iTunes, choose 'Download and Install' when prompted and follow the onscreen instructions.

    it disables things without asking people...

    Are you referring to the 'kill switch' built into the operating system? That's never been used. Conversely, the Android kill switch was used in March this year. To kill malware that had been downloaded from the Android marketplace.

    certain types of useful software are internally prevented from ever running on it..

    Which useful software is 'internally' prevented from ever running on it? Apps must be vetted by Apple in order to be included in the App Store, but I can't recall the last time an app was rejected for being too useful. Similarly, I can't recall the last time Apple had to throw a kill switch to kill malware downloaded from the App Store.

    it steals information about me - such as my geographical location and uploads it to a server without me asking..

    No it doesn't. The iPhone stores information about nearby WiFi access points and cellular towers. That information is stored in an on board cache. When you sync with iTunes, that information is transferred to your computer, in order that it can be synced back with other iOS devices you own. The locations of WiFi access points and cellular towers is sent to Apple, but not before it has been anonymised. Apple has no details of where you are, unless you implicitly opt in to sharing your location.

    it won't work unless it has my credit card number

    It works fine without your credit card number. I don't even own a credit card, and yet my iPhone functions perfectly. The sleep/wake button works, the volume buttons work, the SMS and Mail apps work, the Phone app works, the iPod, iTunes and App Store apps all work.

    certain types of software includes any programming language

    Really? []

    or anything which "duplicates functionality"

    Quite. Because something which duplicates functionality is extremely useful, isn't it.

    storing your geographical location without telling you.. er, you didn't know about that? at least it does google. See if you can find it.

    I can find it just fine. Now, see if you can find it. (Tip: [])

The primary function of the design engineer is to make things difficult for the fabricator and impossible for the serviceman.