this post was submitted on 29 Jan 2024
48 points (100.0% liked)

askchapo

22848 readers
274 users here now

Ask Hexbear is the place to ask and answer ~~thought-provoking~~ questions.

Rules:

  1. Posts must ask a question.

  2. If the question asked is serious, answer seriously.

  3. Questions where you want to learn more about socialism are allowed, but questions in bad faith are not.

  4. Try !feedback@hexbear.net if you're having questions about regarding moderation, site policy, the site itself, development, volunteering or the mod team.

founded 4 years ago
MODERATORS
PorkrollPosadist@hexbear.net
replaceable@hexbear.net
VILenin@hexbear.net
EmmaGoldman@hexbear.net
SexUnderSocialism@hexbear.net
ZoomeristLeninist@hexbear.net
khizuo@hexbear.net
Sulvor@hexbear.net
48
So is everyone just out here with tonnes of malware on their phone? (hexbear.net)
submitted 11 months ago by idkmybffjoeysteel@hexbear.net to c/askchapo@hexbear.net
18 comments fedilink hide all child comments
 

I know for a fact most people click every link they receive, or I wouldn't get so much mandatory security training at work, so if millions of people are just walking around after downloading random PDFs and word documents from their email onto their phone, what does this mean?

you are viewing a single comment's thread
view the rest of the comments
[–] PaX@hexbear.net 10 points 11 months ago* (last edited 11 months ago) (1 children)

Software for normals is pretty good at auto-updating these days, even against the will of the user. Plus modern exploit mitigation techniques make actually turning security bugs (which are rarer in operating systems where userspace runs on a VM, like Android) into consistently-working exploits difficult. I'm sure some people get got by e-mail-originating malware using old exploits but I'm not sure how widespread it actually is

[–] YearOfTheCommieDesktop@hexbear.net 4 points 11 months ago* (last edited 11 months ago) (1 children)

I mean sure, true enough but people do hate updating and it only takes one app or component to not auto-update against their will to leave a hole. But yeah, most nasty links these days don't actually install an exploit on your device they just phish for your actual credentials. this trend is probably also influenced by the fact that people with 4 year old phones aren't likely to be high value targets to steal from

[–] buckykat@hexbear.net 3 points 11 months ago (1 children)

I don't think I have ever updated a phone app and thought "wow this is an improvement I sure am glad I updated"

[–] YearOfTheCommieDesktop@hexbear.net 3 points 11 months ago* (last edited 11 months ago)

exactly! I'm not saying people are wrong not to update, but if given the option many won't because of mostly valid reasons like that. free/open source apps tend to be better in this regard, generally security fixes will be backported to old versions for the lifetime of the OS, rather than forcing everyone to update to the latest version to get the security fixes. More recent developments like rolling release distros and flatpak, snap, etc. are moving away from this though... (for both good and bad reasons). But at least if it's open source there will always be the option of backporting the security fix, proprietary apps don't even give you (or the community at large) the option