A security advisor's perspective on the threat landscape
by Mirko Zorz - Editor in Chief - Tuesday, 8 April 2014.
In this interview, Sean Sullivan, the Security Advisor at F-Secure Labs, talks about threats he's seen during his career, iOS vs. Android security, security awareness and threat evolution.

You've seen a great deal of threats during your career, which ones caught your eye?

Before working for F-Secure, I did tech support. The more amusing cases tended to involve adware and spyware toolbars. In some cases, the partners of the firm where I worked would bring in their home computer. And somehow, their children often managed to get dozens of toolbars installed – to the point where the browser couldn’t even start without crashing. It was amazing to see that it could so often progress to that point.

For me, a funny situation occurred when the Blaster worm outbreak happened. I was setting up new desktops for deployment – and during the build process, the computer was being infected by Blaster – so by the time the antivirus software was installed... the computer was infected and the AV generated an alert. Needless to say – my system build productivity took a very large hit that day. My team quickly discovered other things to do.

What's your take on security awareness? Can we make the Internet more secure just by developing increasingly sophisticated security tools?

The Internet is built on trust and openness. And I think the best thing to do is to add more tools that verify trust. Trust but verify as the saying goes. There are many aspects of the Internet that can, and will, be improved upon. It just takes time – and a demand. I believe there’s now a reasonable demand. Not everybody really understands the facts revealed by the Snowden documents – but it has currently driven a debate and demand for a more trustworthy system.

Nothing can ever be 100% secure – but yes, we can make a more secure Internet by developing better security tools. The demand is currently there, and now developers need to step up with a good supply.

Where do you stand in the Android vs. iOS security debate? Which mobile OS would you recommend when it comes to security?

Android vs. iOS? I feel that depends entirely on the audience to whom I’m speaking. I use Windows Phone (I live in Finland… I support Nokia). If I had to choose another phone – I might try a Jolla. But that’s me, I use my phone for calls, SMS, and for basic calendar and e-mail access. Almost any smartphone can fulfill my needs without factoring in its supporting app ecosystem. But let’s talk tablets! I have a second generation iPod touch because I listen to lots of podcasts. Apple iTunes is simply the best at providing that functionality, in my opinion. And I have an Android based tablet for streaming video and for some educational apps. If I were to upgrade my iPod – I think I’d go with an iPad mini.

Here’s the key thing. I know what device I want for any particular use case. And I don’t mind having multiple devices. Security is an easier question to answer – if you apply the device to a particular function, it’s much, much easier to lock it down and to use it securely.

The people that I worry about are those who buy a smartphone or tablet because, why not? Those that don’t have a particular use case in mind… those folks are more at risk. Those folks are more likely to experiment with stuff and less likely to pay attention to security prompts – and in that case, I think Android fails more often than iOS. Apple attempts to maintain a premium user experience and Apple customers typically end up having a great amount of security for a premium. Android by comparison is very much a competitive wild west – and consumers can easily get hurt in the crossfire.

Bottom line: if you’re a security minded person – pick whatever device you like best and use it well. If you’re not very security focused – I’d suggest iOS or Windows Phone.

Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //