Ubuntucat

Whenever a new trojan appears for Linux, Mac OS X, or (now) Android, inevitably you get a crowd of ignorant panic-mongers up in arms saying “See? [fill in the blank] gets viruses, too! Ah ha! Better install that antivirus now.” Now, apart from the fact that so-called “antivirus” software is for all practical purposes useless (a placebo at best), viruses and trojans are conceptually very different types of malware.

And, no, this is not just a matter of some geeky semantics.

The mass hysteria out there right now about Android malware reminds me of HIV/AIDS “information” back in the early or mid 80s. People were genuinely afraid you could catch AIDS from hugging someone or drinking from the same water fountain as someone who had AIDS. There wasn’t a lot of reliable and consistent information about how people became HIV positive.

Same deal now. If you read any mainstream press coverage of Android malware, you’ll see the focus is really on quantity (Android Malware Surges Nearly Five-Fold Since July or Android sees a 472% increase in malware since July) of malware instead of actual risk of infection. In typical pop journalism fashion, a lot of “news” articles are taking the “here’s one extreme, and here’s another extreme, so you decide” approach instead of actually informing consumers of the facts of how they can protect themselves from malware.

For example, Security Experts Concerned About Google’s Attitude Toward Android Malware makes it sound as if there is Chris DiBona saying Android malware isn’t a problem and then there are the “antivirus” vendors saying it is a problem. Same deal in Android Security: Threat Level None?

All these articles leave the consumer with is a sense of confusion, and no real practical steps to protect oneself. The former, for example, says:

Most malware researchers agree that the openness of the Android platform, which allows installing non-vetted apps, and more importantly the openness of the Android market, which lacks a strict application review process, contribute to its malware problem.

The latter at least hints that users could be responsible for malware proliferation:

Now that we have a few different views on this topic, who do you think is right? Well, there’s some truth to what the security vendors are telling us. Smartphones—and apparently Android devices in particular—can be infected with malware through careless use.

Careless use. Who is doing the careless using? Phone owners. Phone users.

That is the big difference between a virus and a trojan. The trojan you have to give permission to. You have to invite the trojan in. You know the famous story about the Trojan Horse? Yeah, that attack wouldn’t have worked if Troy had said “Yeah, fancy wooden horse? We’re not letting that into our city.” Same deal with malware. If you don’t install malicious apps pretending to be legitimate, you won’t magically get infected with malware. This is true for Android, Mac OS X, and Linux. I have never heard of any malware proliferating on any of those platforms that was not a trojan.

So if you want to protect yourself, don’t install “antivirus.” Install some common sense instead. Here is a great, step-by-step guide on how to do that: How to be safe, find trusted apps, & avoid viruses – A guide for those new to Android

You’re welcome.

Nonsense. That’s to be expected.

Common sense. Surprising.

Ever since 2009, I’ve been hearing a lot in tech blog posts and the media about “Android fragmentation.” No actual Android user I know in real life has complained about it, though. I’ve also noticed that criticisms about so-called Android fragmentation tend to be quite vague.

From Android fragmentation is real:

For Joe Average, this created an ultra-confusing marketplace where operating system versions changed every few months. It also meant that compatibility issues were inevitable.

What compatibility issues? Examples?

From Ask Maggie: On waiting for a Verizon iPhone 5:

But one of the problems that Android has is that it’s very fragmented. Even at the smartphone level, different devices run different versions of the Android OS and that means that not every app runs every device.

What apps? Examples?

On my MyTouch 3G (the original), I’ve used just about every version of Android there is. 1.5, 1.6, 2.0, 2.1, 2.2. Some rooted. Some OTA from T-Mobile. I’ve experienced no problems as an end user in terms of applications having compatibility issues. Some of the more graphics-intensive apps don’t run well on my 528 MHz processor with 192 MB of RAM, but that’s regardless of what version of Android I have—my phone just isn’t that powerful, so Angry Birds will just not run well on it. That has nothing to do with “fragmentation.”

Some people who want to make a big deal about Android fragmentation will point to an interview with one of the Angry Birds makers (Peter Veterbacka) in which he says

Android is growing, but it’s also growing complexity at the same time. Device fragmentation not the issue, but rather the fragmentation of the ecosystem. So many different shops, so many different models. The carriers messing with the experience again. Open but not really open, a very Google centric ecosystem.

but they seem to ignore that when asked directly about Android fragmentation being an issue, he says

Fragmentation on the device side is not a huge problem, but Steve is absolutely right when he says that there are more challenges for developers when working with Android. But that’s fine, developers will figure out how to work any given ecosystem and as long as it doesn’t cause physical pain, it’s ok;-) Nobody else will be able to build what Apple has built, there just isn’t that kind of market power out there.

That doesn’t mean that model is superior, it’s just important to understand that Apple is Apple and Google is Google. Different. And developers need to understand that. Different business models for different ecosystems. And wouldn’t forget about Nokia and MeeGo either, new leadership always tends to shake things up and create opportunity. And HP-Palm. And RIM. And even Microsoft. It’s a fragmented world.

If you actually own and use an Android device as your primary phone, how (with specific examples) have you found so-called “fragmentation” affecting you? Which applications do not work on your version of Android that would work on another version? Why do you think people don’t make as big a deal about “Windows fragmentation” (Windows 98, 2000, XP, Vista, 7) or “Mac fragmentation” (Panther, Tiger, Leopard, Snow Leopard)? Am I crazy for thinking Android fragmentation is a non-issue?

In Google: Judge, Jury and Online Shopping Executioner, Lance Ulanoff says Google—in updating its search algorithm to no longer reward with top search results businesses who have lots of negative user experiences—is potentially dooming other legitimate businesses:

Borker was very upfront is[sic] his dastardly business strategy and has only his self to blame for the world’s largest online search corporation summarily dismissing him for them web. But who are these other companies? How did Google come up with this list of companies with bad user experiences? How will these companies know if they’ve been “Borkered”?

Uh, read Google’s official announcement about the change. They didn’t come up with a list of companies. They updated their search algorithm. I’m sure they probably did some investigating to find a handful of Borker-similar businesses so they could test their algorithm, but they don’t have a static or periodically updated blacklist of “bad” businesses. They have a search algorithm. The algorithm got updated.

But what if some didn’t deserve it? What’s their recourse and where does Judge Google stop?

A computerized search algorithm will never perfectly return the absolute best results as determined by Lance Ulanoff. It’s an algorithm. Google’s been tweaking its algorithm for over ten years now, and it’s never been perfect, but it’s been good enough that people still use it more than any other search engine. Hey, I think my wife’s graphic design firm is the best, but if you search for graphic design firms on Google, she doesn’t appear anywhere on the first page. This is an outrage! What recourse does she have? Where does Judge Google stop? How could Google have condemned my wife’s business to a lower ranking than some worse design firm? See where this is going? You aren’t entitled to be at the top because you think you’re the best or that you’re just supposed to be there. As Ulanoff admits, even PCMag itself isn’t into such a supposed meritocracy:

PCMag.com doesn’t sell anything to consumers (aside from our Utilities Downloads), but we certainly work hard to be a part of the first page of any Google search relating to products and technology. Our methods are based on good search engine optimization (SEO) training—and mostly focus on topic relevance.

If you’re search engine optimizing instead of just being the highest quality content you can, aren’t you anointing yourself your own judge over what should be at the top instead of just letting the natural results rise to the top?

Here’s the most ridiculous example:

I have seen big companies struggle to shake off the burden of previous missteps. Perception is not only reality, it can be awfully persistent. Look at Symantec and its product Norton Internet Security. For years, it was a dog of a product that, while properly protecting your PC, turned it into a sluggish mess. A few years ago, Symantec completely rebuilt the security suite. It’s now among the fastest, lightest and most effective security suites on the market. Yet, when I speak to people, they still think it’s a dog and refuse to even try it. It’s like they have their own brain-matter-based search engine that’s stuck on all the bad info fed into it years ago. New, positive information can’t seem to rise up above the vast amount of negative sentiment they initially received about the product.

In Google’s new world, bad actors are always bad actors. They could be banished based on bad reviews, even if the company is busy cleaning up its act.

First of all, bad actors are not always bad actors. Somehow Ulanoff missed that Google updated its search algorithm. It’s not a static blacklist of businesses that are bad.

More importantly, if you do a Google search for antivirus, Symantec shows up in the first ten results. The idea that customers who have a bad experience with a product will not return to the product despite its later improvements has absolutely nothing to do with Google search results. That’s just life. That happened before Google. That happened before the internet. That’s a branding and marketing issue. That isn’t search result ranking.

If Symantec wants to fix its problem, it need a proper marketing campaign. And if Google wants to fix its problem, it needs to update its search algorithm, which it actually has done.

The irony is that Ulanoff’s “article” has risen to the top of Google News right now over other more sanely written articles on the same topic. Maybe Google’s next algorithm update project should be on punishing attention-grabbing headlines for poorly written articles.

Rory Cellan-Jones recently spent 24 hours with Ubuntu:

I installed a few applications – including Skype, and a social networking application called Gwibber.

But when I tried to install a free open-source audio editing program, Audacity, it appeared more complex to get hold of an Ubuntu version than the one I’ve used on a Mac.

So it was simpler than this on Mac?

What was tripping you up? Not knowing a sound recording and editing program would be in the Sound & Video category? Or not realizing how silly it is to have to open a web browser to install a program? Do you find the iTunes App Store difficult to use? Because that’s pretty much the same thing, isn’t it?

I very much look forward to reading your next article, “24 hours learning to ride a bicycle.” The wheels must just not be worth the effort.

Further Reading
Know why software installation is difficult on Linux? It’s a secret. I can’t tell you.