08-25-20 10:12 AM
65 123
tools
  1. Dunt Dunt Dunt's Avatar
    So aside from getting 'noticed' on a public wifi network how else could one potentially draw the a attention of people who would take advantage of an old unsuported os and chipset? Just trying wrap my head around how a breach could happen in a day-to-day practical aproach.

    Posted via CB10
    Depends on the vulnerabilities that your device has.... for the KEY2 that's only the last two months. You will need to look each month for the new vulnerabilities and see how they can be potentially utilized And that really isn't what I'd call a practical approach....

    But I'd suggest that you do your on research on the matter.... see what researchers and tech sites suggest.
    08-20-20 08:48 AM
  2. bh7171's Avatar
    Anti-virus is no substitute. Apart from taking up resources, it doesn't do a whole lot.

    https://www.infopackets.com/news/105...ity%20software.

    "It is our opinion that antivirus / antimalware apps would only decrease battery usage (requiring too much CPU power to operate to be effective) and should only be installed if and only if the user believes their phone may be infected."
    This is actually misleading and an opinion piece. Not "fact". The fact is that the following were noted as being effective and recommended as they did not have any false positives.

    MalwareBytes Anti-Malware, Avast Mobile Security, AVIRA Antivirus, Panda Free Antivirus and VPN, Bitdefender Mobile Security & Antivirus, Comodo Mobile Security, Samsung Device Maintenance, Dr.Web Security Space, Sophos Mobile Security, Emsisoft Mobile Security, ESET Mobile Security & Antivirus, F-Secure Internet Security & Mobile Antivirus, Symantec Norton Security, Google Play Protect, Trend Micro Mobile Security & Antivirus, Kaspersky Lab Mobile Antivirus, Webroot Mobile Security & Antivirus, and McAfee Mobile Security.

    So these that are effective can be used safely and effectively per the study they just don't recommend keeping the app on the users device except for the time to scan and potentially clean as they use resources unnecessarily.
    08-20-20 10:08 AM
  3. conite's Avatar
    This is actually misleading and an opinion piece. Not "fact". The fact is that the following were noted as being effective and recommended as they did not have any false positives.

    MalwareBytes Anti-Malware, Avast Mobile Security, AVIRA Antivirus, Panda Free Antivirus and VPN, Bitdefender Mobile Security & Antivirus, Comodo Mobile Security, Samsung Device Maintenance, Dr.Web Security Space, Sophos Mobile Security, Emsisoft Mobile Security, ESET Mobile Security & Antivirus, F-Secure Internet Security & Mobile Antivirus, Symantec Norton Security, Google Play Protect, Trend Micro Mobile Security & Antivirus, Kaspersky Lab Mobile Antivirus, Webroot Mobile Security & Antivirus, and McAfee Mobile Security.

    So these that are effective can be used safely and effectively per the study they just don't recommend keeping the app on the users device except for the time to scan and potentially clean as they use resources unnecessarily.
    But they are only useful when doing a scan. They are rather pointless as a 24/7 security guard.
    08-20-20 10:11 AM
  4. bh7171's Avatar
    But they are only useful when doing a scan. They are rather pointless as a 24/7 security guard.
    Yes- that is what I noted: "So these that are effective can be used safely and effectively per the study they just don't recommend keeping the app on the users device except for the time to scan and potentially clean as they use resources unnecessarily."

    Seems since most of these utilize "whitelisted" issues a user using a device no longer patched say once a month and then uninstalling would be safer and good practice in keep things tidy.
    08-20-20 11:48 AM
  5. conite's Avatar
    Yes- that is what I noted: "So these that are effective can be used safely and effectively per the study they just don't recommend keeping the app on the users device except for the time to scan and potentially clean as they use resources unnecessarily."

    Seems since most of these utilize "whitelisted" issues a user using a device no longer patched say once a month and then uninstalling would be safer and good practice in keep things tidy.
    They are safer than doing nothing at all, but back to my original point, it is absolutely no substitute whatsoever for up-to-date security patches. Data harvesting can happen in an instant. It won't wait around to the next time you decide to passively scan your device.
    08-20-20 11:50 AM
  6. Chuck Finley69's Avatar
    This is actually misleading and an opinion piece. Not "fact". The fact is that the following were noted as being effective and recommended as they did not have any false positives.

    MalwareBytes Anti-Malware, Avast Mobile Security, AVIRA Antivirus, Panda Free Antivirus and VPN, Bitdefender Mobile Security & Antivirus, Comodo Mobile Security, Samsung Device Maintenance, Dr.Web Security Space, Sophos Mobile Security, Emsisoft Mobile Security, ESET Mobile Security & Antivirus, F-Secure Internet Security & Mobile Antivirus, Symantec Norton Security, Google Play Protect, Trend Micro Mobile Security & Antivirus, Kaspersky Lab Mobile Antivirus, Webroot Mobile Security & Antivirus, and McAfee Mobile Security.

    So these that are effective can be used safely and effectively per the study they just don't recommend keeping the app on the users device except for the time to scan and potentially clean as they use resources unnecessarily.
    “On” as in running or as in , uninstall from device so not running in the background using resources and battery
    08-20-20 12:01 PM
  7. bh7171's Avatar
    “On” as in running or as in , uninstall from device so not running in the background using resources and battery
    If I used one (I don't) I would run it as recommended and then uninstall the app and keep it in my GPS library when and if needed. I have actually started doing this more and more with many apps I simply don't use regularly. In cleaning up my sons iPad I noticed this is a method Apple suggests using as well for apps not frequently used.
    08-20-20 12:28 PM
  8. bh7171's Avatar
    They are safer than doing nothing at all, but back to my original point, it is absolutely no substitute whatsoever for up-to-date security patches. Data harvesting can happen in an instant. It won't wait around to the next time you decide to passively scan your device.
    Well up to date security patches are actually useless to "data harvesting" if in relation to websites. A monthly patch based on prior findings could never keep up. Is it not up to individual websites to ensure these malicious bots don't extract the data to be used for other purposes. In this context the onus is on the website builders and hosting browsers is it not? Isn't Chrome, Edge, Safari, Firefox, etc already fighting this battle to ensure users are as safe as can be? (Patched or not?)

    I have noted before and asked how can Amazon have millions upon millions of tablets in users hands (using older Android OS versions) that connect and interface with peoples personal information and banking information daily on one of the largest e-commerce apps/sites in the world and remain viable to use? If things were that dire with the core OS security wise would they not simply stop allowing their applications to work on these older OS versions? Their liability exceeds almost all other use cases in these terms. Common sense password protection and 2 FA are some of the greatest tools to prevent unauthorized access to peoples data.
    08-20-20 12:44 PM
  9. conite's Avatar
    Well up to date security patches are actually useless to "data harvesting" if in relation to websites. A monthly patch based on prior findings could never keep up. Is it not up to individual websites to ensure these malicious bots don't extract the data to be used for other purposes. In this context the onus is on the website builders and hosting browsers is it not? Isn't Chrome, Edge, Safari, Firefox, etc already fighting this battle to ensure users are as safe as can be? (Patched or not?)

    I have noted before and asked how can Amazon have millions upon millions of tablets in users hands (using older Android OS versions) that connect and interface with peoples personal information and banking information daily on one of the largest e-commerce apps/sites in the world and remain viable to use? If things were that dire with the core OS security wise would they not simply stop allowing their applications to work on these older OS versions? Their liability exceeds almost all other use cases in these terms. Common sense password protection and 2 FA are some of the greatest tools to prevent unauthorized access to peoples data.
    If you're trying to argue that security patches aren't extremely important, then I don't even know where to begin.

    There are dozens of white papers on it, so I'll leave it to them.

    People don't seem to understand the concept that vulnerabilities are published one month after having had the opportunity of being patched. This means that every hacker has an available menu of exploits that they may use.

    And absolutely remote code execution can harvest information, track keystrokes, and any number of other things.

    The vast majority of the times these things occur are without any user knowledge.
    Last edited by conite; 08-20-20 at 12:57 PM.
    08-20-20 12:47 PM
  10. bh7171's Avatar
    If you're trying to argue that security patches aren't extremely important, then I don't even know where to begin.

    There are dozens of white papers on it, so I'll leave it to them.
    We all know security patches take place daily, hourly, shoot even by the minute at the app level and certainly on browsers and hosted websites us users use and utilize each and every day. No doubt security is important.

    I am asking "how can Amazon have millions upon millions of tablets/devices in users hands (using older Android OS versions) that connect and interface with peoples personal information and banking information daily on one of the largest e-commerce apps/sites in the world and remain viable to use? (Most importantly) If things were that dire with the core OS security wise would Amazon not simply stop allowing their applications to work on these older OS versions? Do you not agree their liability exceeds almost all other use cases on older devices?
    08-20-20 12:57 PM
  11. conite's Avatar
    We all know security patches take place daily, hourly, shoot even by the minute at the app level and certainly on browsers and hosted websites us users use and utilize each and every day. No doubt security is important.

    I am asking "how can Amazon have millions upon millions of tablets/devices in users hands (using older Android OS versions) that connect and interface with peoples personal information and banking information daily on one of the largest e-commerce apps/sites in the world and remain viable to use? (Most importantly) If things were that dire with the core OS security wise would Amazon not simply stop allowing their applications to work on these older OS versions? Do you not agree their liability exceeds almost all other use cases on older devices?
    Read the rest of my post that I just finished while you were responding.

    No app developer or website in the world would be held responsible for security issues arising from an outdated OS. There is not a single terms of service agreement that would include that.
    08-20-20 12:58 PM
  12. bh7171's Avatar
    Read the rest of my post that I just finished while you were responding.

    No app developer or website in the world would be held responsible for security issues arising from an outdated OS. There is not a single terms of service agreement that would include that.
    Would you not agree Amazon and their likes employ some of the most intelligent and leading minds in terms of security for their apps and products? If those teams allowed know vulnerabilities on older OS versions to proliferate on their apps and hardware would they not be risking the trust of every user (and their banking institutions) that has made them one of the largest e-commerce vendors in the world?

    How is it possible that millions of Amazon tablets on much older core OS versions ok to use today for billions of dollars of financial transactions and commerce?
    08-20-20 01:29 PM
  13. conite's Avatar
    Would you not agree Amazon and their likes employ some of the most intelligent and leading minds in terms of security for their apps and products? If those teams allowed know vulnerabilities on older OS versions to proliferate on their apps and hardware would they not be risking the trust of every user (and their banking institutions) that has made them one of the largest e-commerce vendors in the world?

    How is it possible that millions of Amazon tablets on much older core OS versions ok to use today for billions of dollars of financial transactions and commerce?
    Amazon can build a secure website, and a great app. But if you have code running on your device that has elevated privileges and is recording keystrokes, then what can they do?

    Does everyone agree that the length of patch support be increased? - absolutely. For the most part it's gone from 1, to 2, to 3, and now to 4 years with many devices. It's a huge problem.

    That's also what projects Treble and Mainline are all about too - getting critical OS upgrades out faster.
    08-20-20 01:37 PM
  14. manymachines's Avatar
    Does everyone agree that the length of patch support be increased? - absolutely. For the most part it's gone from 1, to 2, to 3, and now to 4 years with many devices. It's a huge problem.

    That's also what projects Treble and Mainline are all about too - getting critical OS upgrades out faster.
    I think 5 years from end of sale should be standard. Google only commits to 3 years from start of sale for its phones. <sigh>

    Getting stuff out faster doesn't necessarily mean longer-lived support, alas.
    08-25-20 12:39 AM
  15. howarmat's Avatar
    I think 5 years from end of sale should be standard. Google only commits to 3 years from start of sale for its phones. <sigh>

    Getting stuff out faster doesn't necessarily mean longer-lived support, alas.
    no one will do that. There is no value in that for any manufacturer
    08-25-20 10:12 AM
65 123

Similar Threads

  1. Replies: 4
    Last Post: 08-09-20, 04:25 AM
  2. How can I install WIckr APK on BB10?
    By DoorStop23 in forum BlackBerry 10 OS
    Replies: 13
    Last Post: 07-31-20, 10:10 PM
  3. Learn How to Make Money on Amazon With 40 Hours of Dropship Training
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 07-29-20, 08:12 PM
  4. How to troubleshoot mobile network connection - Blackberry KeyOne
    By Aneta Dinev in forum BlackBerry KEYone
    Replies: 2
    Last Post: 07-27-20, 10:32 PM
  5. How do I have messages in folders remain in my Hub/Inbox?
    By KitJackson67 in forum Ask a Question
    Replies: 2
    Last Post: 07-27-20, 11:43 AM
LINK TO POST COPIED TO CLIPBOARD