Originally Posted by white owl
Windows gets hacked easily because you can get any idiot to download an .exe if you promise them free music. The biggest security risk in windows is the use.
The real problem is one of education. Learning to have a minimum level of computer related understanding is the XXI century equivalent of learning to read. Excessively patronising people and not teaching them the basics will lead to the worst of both worlds, where you end up with little, walled garden choice and
malware / adware.
I posted a bunch of articles a few days ago related to that about the Windows Store, here is another one from yesterday, this time pertaining to Android:
[Ars] Google Play apps with 150 million installs contain aggressive adware
Google removes 210 apps after outside researchers report them as abusive.
The 210 apps discovered by researchers from security firm Checkpoint Software bombarded users with ads, even when an app wasn’t open, according to a blog post published by the company on Wednesday. The apps also had the ability to carry out spearphishing attacks by causing a browser to open an attacker-chosen URL and open the apps for Google Play and third-party market 9Apps with a specific keyword search or a specific application’s page. The apps reported to a command-and-control server to receive instructions on which commands to carry out.
Once installed, the apps installed code that allowed them to perform actions as soon as the device finished booting or while the user was using the device. The apps also could remove their icon from the device launcher to make it harder for users to uninstall the nuisance apps. The apps all used a software development kit called RXDrioder, which Checkpoint researchers believe concealed its abusive capabilities from app developers. The researchers dubbed the campaign SimBad, because many of the participating apps are simulator games.
“With the capabilities of showing out-of-scope ads, exposing the user to other applications, and opening a URL in a browser, SimBad acts now as an Adware, but already has the infrastructure to evolve into a much larger threat,” Checkpoint researchers wrote.
210 apps, think about that number for a moment. What did the walled garden approach get people? A false sense of security, that's what.
Edit: And then there is this news from January:
[ZDNet] This data-stealing Android malware infiltrated the Google Play Store, infecting users in 196 countries
Powerful Android malware capable of snooping on user location, communications logs, and stealing files and account credentials has been downloaded by at least 100,000 users around the world after successfully infiltrating the Google Play app store.
It's possible that the apps were initially uploaded to the store without active malicious code, only for the infrastructure for conducting attacks to be added at a later date. This could have been months later, after the apps had been downloaded by large numbers of users.
"Usually Google enforce more stringent checks for new apps, but as updates are made to the app over time and they are proven not to be malicious from the offset, the level of checking may be reduced," Bharat Mistry, principal security strategist at Trend Micro, told ZDNet.
"Once the app has gained some credibility and has a good distribution of users, the app developer will then issue an update which enables the malicious features"