Google’s open source geezer gets shirty about security

Google’s Open Source Programs Manager, Chris DiBona, stormed the IT headlines this week when he stuck his paddle into the computer security world and stirred.

In a blog posting which was at least as far above the line in gung-hovity as it was below the line in orthography, DiBona openly referred to vendors of Android anti-virus software as “charlatans and scammers.”

(To be rectangularly precise, DiBona said that such vendors were “likely as not to be scammers and charlatans”, and he appears to have meant viruses in the strictest sense of the word – malware which can spread by itself.)

And he didn’t just point a finger at the companies which sell mobile anti-virus software. Just by taking employment at such a company, you’ll send DiBona’s personal VU meter into the red:

"IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself [sic]."


That's no more helpful to anyone who cares about security and privacy than suggesting that you should be ashamed of working for a company which takes commercial photos of your house without asking (and, with the inevitability of Murphy's Law, just when you haven't mown the front garden after three weeks of lawn-nourishingly rainy weather), stitches them together into a photomontage of your entire suburb, and publishes the results for the world to search and see.

At least DiBona recognises that security isn't something which can be inexorably baked into computing devices – or, at least, into the sort of computing device which is timely, general-purpose, flexible, extensible and fun:

All the major vendors have app markets, and all the major vendors have apps that do bad things, are discovered, and are dropped from the markets.

In short, bad things can and have happened on mobile devices, though the probability of you being affected is currently small, and your time exposed to danger might be short.

And those bad things can happen despite the sandboxing and security designed into the operating system on those devices. (Try Googling for “root android” or “jailbreak ios”, each of which produces over 30 million hits. The fact that performing either operation has ever been possible denotes a chink in the armour of the as-delivered system.)

C’mon, Google! It’s great that you give your staff the flexibility to have their own opinions in public – it’s one of the things I like about Sophos, by the way: the company doesn’t pretend to own the thoughts of the individuals of whom it consists.

But perhaps you might persuade Mr DiBona to back off a little on security vendors?

And, if it’s not too cheeky at the end of an article like this, why not take a look at some of the tips and tools available from Sophos to help you secure your smartphones and tablets? (No. There’s no anti-virus in there ๐Ÿ™‚