Tablets forum

General discussion

Security on tablets, should we be concerned?

by Lee Koo (ADMIN) CNET staff/forum admin / May 3, 2013 8:58 AM PDT
Security on tablets, should we be concerned?

On my Windows PC I have firewall, anti-spam, anti-key logger, and antivirus to prevent breaches of security. On my iPad there is apparently there is no need for any of these, at least to my knowledge. I can use my bank's app for secure transactions as well as other secure transactions. Why is there such a huge difference in approach to these devices, and is the iPad safe out of the box? What about other tablets running Android or Windows tablets, are they safe also? Since there are so many tablets out in the market these days, should tablets users be concerned with security? Thanks for any insights and advice that you may have.

--Submitted by Mike S
Post a reply
Discussion is locked
You are posting a reply to: Security on tablets, should we be concerned?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Security on tablets, should we be concerned?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Difference is capabilities
by SeanBlader / May 3, 2013 10:50 AM PDT

You can't do as much with a tablet, like break it.

Realistically you can avoid the use of all that junk on a desktop class machine too by just not doing stupid stuff with it. I haven't run anti-virus on my home machines for years, but I don't download random stuff from the web, I stick with known publishers, and I use a better browser than most people. Save your processor time, ditch the antivirus entirely.

Collapse -
You are lucky, and woefully misinformed
by cosmic52 / May 10, 2013 12:11 PM PDT

You think you have to actually download something to get a malware? Try doing a search for "malware nyt.com ad" and see what you come up with. This happened in September 2009 and I would have been among them if I didn't have my browser loaded up with extras like Ad Block Plus and Flash Block.

A couple of thousand people lost their operating systems that day, and not even by clicking on an ad but just by clicking on a link to an article from the New York Times home page. NYT.com has changed its policy about advertising but this was one of those "we will make you suffer through this ad for 30 second before you take you to the article you want to read" ads. There are a lot of news sites that still do this, including nyt.com. The only thing that's changed is that nyt.com no longer accepts third-party ads via brokers.

I tried to read an article that day and immediately recognized what was going on when I couldn't X out the pop-up or get rid of it via task manager. A hard shutdown was the only thing that worked, but I believe it was Ad Block Plus that saved me because many other people did this and still got infected. Kaspersky did not catch this, but that's not my point. It is that you can get "drive-by" malware by going to extremely reputable sites.

Collapse -
It depends...
by JCitizen / May 11, 2013 6:37 AM PDT

You should never assume you are not compromised in the 1st place. He said he downloaded an app from the bank for his Mac - if that "app" was Rapport, then he already has the best protection against these threats(providing he has set it up to protect that URL):

1. Screen capture
2. Video capture and RDP
3. Man in the middle MTM attack
4. Keyboard capture
5. Session riding

No other utility I've tested with AKLT has passed all tests with flying colors like Trusteer's Rapport. You do have to watch and be sure you are, in fact, in an SSL session though. Rapport only works in SSL, and can help protect sites that may not have server side support - so it is the best thing I've tested that can work in an infected environment. You must be sure you have a supported browser too - on Windows that would be any of the big three, like IE, FF, and Chrome.

Since most Apple users seem clueless about security anti-malware utilities, it is wise the bank provides this for their customers. Bear in mind I'm not saying any security mitigation is perfect - but anything is better than nothing, that is for sure!

Collapse -
I meant to say Apple...
by JCitizen / May 11, 2013 6:41 AM PDT
In reply to: It depends...

not Mac; I was referring to the iPad in the original post.

Collapse -
Links do trigger downloads
by pduran2 / May 12, 2013 11:21 PM PDT

You think clicking on a link isn't actually downloading something?

Collapse -
Apple's iPad (iOS) has an issue. What's on that file system?
by R. Proffitt Forum moderator / May 3, 2013 11:20 AM PDT

In short, you can't see what's in the file system underneath. Here's the short version of the issue.

Since Apple does not expose all the files in the system, this means we can't check to see what is being stored on the iPad device.

This and this alone is why I would not allow an i-device to hold sensitive information. The file system is not open to inspection so what is in that iPad?
Bob

Collapse -
(NT) what you need just is Jb
by iPursue / May 3, 2013 6:40 PM PDT
Collapse -
I hear you.
by R. Proffitt Forum moderator / May 4, 2013 1:46 AM PDT

Can you imagine telling your mega-corp first world problem ridden IT department that we need to JB them all?
!!
Bob

Collapse -
Security on tablet devices
by netbob57 / May 3, 2013 11:21 AM PDT

My two cents:
If you are at your local Starbucks, I would definitely make sure I am utilizing a VPN especially for bank transactions. There are several good iPad VPN apps in addition to apples baked in VPN solution. The usual precautions such as making sure you are utilizing ssl on websites (https) is a great idea as well. My last point is a puzzling one for me, I recently tried out a Nokia Lumia 929 (loved it) and the first thing that is NOT in the Windows Phone 8 OS (nor in apps,) is no VPN. Period. Ssl is not enough if you are truly security conscious.

Collapse -
All Systems are Vulnerable
by High Desert Charlie / May 3, 2013 11:39 AM PDT

Hi Mike,

You're going to hear a lot of claims and assertions in this thread about how one system is more secure than another system. We have a vast array of devices out there including Computers, Laptops, Tablets, Chromebooks, Kindles, Smartphones, Printers, TVs, Xbox, PS3, and the list goes on and on. There is one thing that all of these devices have in common that goes back to the very origin of the modern computer age. All of these devices use Input - Processing - and Output. In order for these activities to take place, information has to be passed from one location to another. Either within the machine itself, or across thousands and thousands of miles to a distant server passing along the information. At any point along that journey the data is VULNERABLE.

It doesn't matter if you're using a Mac, a PC, and Android device (built on Linux), or a walkie-talkie. If someone works hard enough, and long enough, eventually your security can be breached. If you're using your Tablet to do your banking, you are VULNERABLE. If you use your computer or smartphone, you are still vulnerable. So the question you really have to ask yourself is, "Am I doing all I need to do to protect myself?"

Don't get me wrong here. Obviously, multiple companies have gone to great lengths to develop applications that protect us for the most part from outside intruders. But that doesn't mean the threat doesn't exist. If you put a Tiger in a cage, many thousands of people can pass by and observe the Tiger with a reasonable degree of safety. But that doesn't mean that the Tiger isn't dangerous anymore. One mistake, one unlocked gate, or one click of the mouse can change your status from completely protected to extremely vulnerable.

This link takes you to a very good article about security and mobile devices using data from Symantic to point out some of the vulnerabilities that are out there.

http://www.veracode.com/blog/2013/04/if-ios-is-less-secure-why-does-android-get-attacked/

It's just my opinion, but I'm not convinced that all of the new Apps coming out these days are as completely secure as they lead on to be.


So there's my two cents worth. Hope you enjoy your Tablet.

Collapse -
Thank you
by libertyunderlaw / May 11, 2013 7:34 AM PDT

Thank you for being such a level headed, objective perspective. Thank you for avoiding attacking any one side/perspetctive and excessively praising the other.

Collapse -
Of course you should be concerned...
by Wolfie2k5 / May 3, 2013 1:04 PM PDT

At the moment, the way iOS devices (iPhones and iPads) work, you're relatively safe. The reason is the way software is distributed to these devices. You can't simply insert any old disk from anywhere and install a piece of software. You need to use the App Store to get new software. As such, apps need to be vetted - thoroughly tested by Apple - before they wind up on the virtual shelf. Apple tends to be very strict as to what they allow in their store.

That said, it's a bit more difficult to infect an iOS device than a PC where you can insert any old disk from anywhere or download who knows what and install the software on it - for better or worse.

With Android devices, it's not quite so cut and dry. Google Play (the Google store) is a bit looser in the way they deal with apps. So there's a chance that there may be an app that's got something nasty. There have been a few reports in the recent past where such things have happened.

That said, there may yet be vectors that haven't been found - YET that can be exploited on iOS. So should you be worried? Probably not, but keep in mind there is no such thing as perfect. Anything computer related can be exploited if someone throws enough time and resources at it.

Collapse -
Check with your bank and weigh your opportunity costs
by capoderra / May 3, 2013 1:16 PM PDT

One thing you can do is look up articles about secure computer habits. As someone already mentioned, it makes a difference whether you use SSL or browser extensions. The other thing is the kernel. Windows uses a less secure kernel than Apple or Linux. Most people who use Linux don't use antivirus. Some only use a firewall if they are running a server. You have decide how sensitive your data is and if you're wiling to deal with the repercussions if your data ever gets compromised. What will your bank do for you? The risk is always there, but most of us go out driving on a Saturday night even though the statistics tell us you're more likely to come across a drunk driver.

Collapse -
Remember the pads run APPS.
by pj-mckay / May 3, 2013 6:14 PM PDT

Just remember the pads run apps and there's far less chance of them passing info to each other, or the operating system. It's what limits what you can do with the devices compared to PCs but they do what most folk need most of the time. Most folk have fairly simple PC needs in terms of browsing and storing photos, music etc, in my experience. Microsoft RT tablet runs apps whereas the Surface is effectively a hybrid PC; One that should do pretty well everything in the next iteration but will still need your current protection. That said one small device instead of a myriad of devices has to be good for most folk.

And one day I expect we'll see ALL software ring-fenced on PCs (like tablet apps) to stop the ever increasing security risks we face nowadays.

Collapse -
Concerned? You're foolish if you're not concerned.
by wdbintx / May 3, 2013 6:26 PM PDT

I'm certainly not a security expert. But I do have an observation that seems at least related to this question. For about 15 years, security "issues" were mostly tied to Windows PCs. Many take this as an indication that the Windows OS is more vulnerable to attack than other operating systems. While this premise may be correct (or not), it probably has very little to do with why most attacks were on Windows computers. Whatever the method of the "hack", the intent of the vast majority of hackers is to cause the most damage to and/or steal the most information from the most systems possible. Until a very few years ago, about 95% of the world's connected devices were running a Windows OS. Therefore 95% of the opportunity was with Windows devices, which most likely led to 99.95% of the total hours invested by would-be hackers directed toward Windows devices.

My own experience suggests that security efforts at all levels across the internet have improved the situation vastly. If you use up to date security measures (those built into current operating systems plus additional security software appropriate to your needs) and reasonable common sense in how and where you connect, what sites you visit and what you open or download to your device, you are likely to have few problems.

With the large increase in Apple ecosystem devices connecting to the web over the past 5 years, it now appears that either the Apple operating systems are more vulnerable than current Windows based devices or hackers have now determined that the Apple ecosystem is the more fertile ground and are focusing their efforts there. For example, in the past 3 years at least 90% of the "fake" emails (emails listed as from a known sender and with what seems to be a legitimate subject line) I get "appear" to be from friends or relatives that have become Apple product devotees. Fortunately, my junk mail filter sends these to my junk file, and the email address behind the known name shown as sender is not the contact's actual email address. These freinds are using a combination of iMacs, Mac portables, iPhones & iPads, so I don't know which of these show the vulnerability.

Recent rapid growth in Android phones & tablets would suggest that within the next year or two, a third of all connected devices will be using the Android OS. My family has been using Android devices for 2.5 years, and so far I've seen no indication of problems. But as the size of the base of Android devices grows, it seems inevitable that hackers will turn their attention there as well.

Collapse -
Thank you
by libertyunderlaw / May 11, 2013 7:40 AM PDT

Thank you for putting this in perspective of the numbers game. There was a time when people accused Bill Gates and Co. of not caring about security. In reality, Microsoft owned the corner of the market. That hold has slipped a lot. As a consequence, we are seeing more fresh ideas. However, the underdogs have now become the big dogs. As a result, they are bigger targets. As a result, those that did not really have to think much about security now find themselves under heavy attack. So, a lot of it is almost pure numbers.

Collapse -
Anti - Virus
by fred777. / May 3, 2013 10:11 PM PDT

Dear Mike, I am in UK and have a nexus 7 and I have AVG Free on it - it actually scans each and every app before loading it on to tablet, been using it for 6 months now and no problems - hope this helps,
Regards,
Fred

Collapse -
There Are Two Reasons
by Flatworm / May 3, 2013 10:12 PM PDT

There are two reasons why Macs are considered (incorrectly) to be more secure than PCs.

The foremost of these is that PCs have been far more numerous since the dawn of the age of personal computing, and their prevalence continues to grow as time passes. This makes them a far larger and more lucrative target for those who seek to profit from malware. There is less incentive to penetrate the Mac world, and because it requires different codings and methods, meaning additional work for the hacker, it is largely ignored. The criminal element will always prefer the easiest path to the richest potential reward.

Secondly, Apple has from the beginning maintained a tight, proprietary control over software development, while the PC world is far more open. This makes it more difficult for hackers to locate the vulnerabilities in the Mac O/S and software for them to exploit.

But those vulnerabilities are there nevertheless, and they have on occasion been exploited by bad guys who see an untapped field. Indeed, because most Mac users are careless about security, presuming themselves safe, the vulnerabilities are probably greater and more numerous, but are less frequently exploited by bad guys seeking profit.

But if you think you can do online banking with any greater security on a Mac than on a PC, you are sorely mistaken. The vulnerabilities there are largely in or arise from the network or are on the bank's server, and are independent of whatever end-user device you may employ to access them. Your computer, whether a PC or a Mac or a Linux box or a smartphone or whatever, is just a dumb remote terminal and might as well be a VT100 or a Wyse 50, which themselves were COMPLETELY immune from attack, being dumb.

You can put your name, address, DOB, SSN and bank account number on a clever phishing site as easily from a Mac as from a PC.

Collapse -
Sometimes I wonder..
by JCitizen / May 11, 2013 6:52 AM PDT
In reply to: There Are Two Reasons

That even though the now PC CPU based Mac OSX was developed on the Unix 3 security standard, I wonder sometimes if that standard was badly implemented. This has nothing to do with iOS, but one can tend to make the same conclusion over there too.

Collapse -
Not as secure as you think
by aswnc / May 6, 2013 9:59 AM PDT

For the basic "virus" concern, Mac OS and iOS (iphone, ipad, etc.) are generally more secure than a Windows or Android device. Apple's products are more secure because they are less accessible, for lack of a better term. As a programmer (including a virus programmer), your programming options are more limited. That's not much of a deterrent these days, but that's one reason they've been less risky in the past (and why many people are more mislead about the current and future risks). With regards to Apple mobile devices and iOS, Apple restricts and allows only what they want through the app store. That's not to say they won't let anything risky through, but overall, it is safer than just allowing any application that is written for Windows. The Windows app store is also supposed to be secured, but really, we have no guarantee with either. Because Windows and Android both are more open, they are more susceptible to viruses. As popularity shifts, there will be more benefit for virus writers to attack the more popular devices.

The bigger concern, however, is not simply viruses. The network you're using can also be at risk. As others have stated, if you're in a public area connected to a Wi-Fi hotspot, there is risk that someone else connected there could be "watching" your traffic. You should only use websites/apps that use encryption when transmitting information - especially banking info. Usually, the apps' descriptions will mention if they use encryption. Also, if you can create a VPN, that could help though you may not have that option most of the time.

To answer your question generally, you should always be concerned with security. Tablets are really no different than PC's regarding the possibility of risk. That being said, an iPad out of the box is relatively safe (for now). If you do use banking apps, be sure to check your transactions often and check with your bank regarding liability in the event of a hack.

Collapse -
Not at all
by SeanBlader / May 10, 2013 10:32 AM PDT

You should not be concerned about anyone but YOU doing stupid stuff to you computers. There's really only 1 risk factor involved with computers/tablets/phones, and that's the console. If someone has direct access to the hardware, then they can turn it off and restart into the BIOS doing whatever they want. At that point you have given away any semblance of security.

As far as you doing stupid stuff, don't do it and you don't need any additional security features than are offered by your operating systems vendor. That means using unsecured browsers, opening unknown emails, visiting risky sites, or running unfiltered software. Don't do any of that and you don't need to financially support the computer security complex at all.

Basically don't do anything on a computer you wouldn't do with your own body and you'll be fine. You wouldn't put some random pill in your body that some stranger gave you, right? Then don't do the same to your computer, and you won't have to go pay the doctor to fix either.

Collapse -
Sean, right on!
by blaineclrk / May 10, 2013 3:49 PM PDT
In reply to: Not at all

I use Linux. Linux powers the largest percentage of the world's web servers and major databases which makes it more of a target than some individual's computer. Linux is more secure than any other OS - when it is set up and operated by someone who doesn't willy-nilly download 'stuff' and they don't make adjustments to their system they don't understand 100%. When even Linux is handled in an irresponsible way, there will be repercussions. A thoughtful and skilled Microsoft 95 user can be much safer than some click-happy noob using my favorite Linux OS (Mint 13 Mate BTW), even though 95 is discontinued and no longer supported and it could be a bear, if not impossible to install good anti-virus on an old OS.

A server administrator who leaves just one small opening that a hacker can find or has a software package that has a vulnerability has just as much trouble if his system is Linux or Microsoft. I do have to say that Microsoft's default file permissions make for more holes to patch, but even they are patchable.

Point is, no OS is safer than the user.

If you want to make safer cars, replace all seatbelts and airbags with razor-sharp sabers!

Collapse -
Secure or not secure
by pauly1651 / May 10, 2013 12:22 PM PDT

Being secure has almost nothing to do with having the latest and greatest anti virus anti malware anti spam anti spyware software on your PC tablet smartphone TV etc etc etc.
The most secure devices are owned by smart people.

Collapse -
if you use internet why take the risk ?
by sue294 / May 10, 2013 9:10 PM PDT

I thought about this when I bought my first smartphone . I realised that I rarely turned on my (protected ) laptop anymore as I was using the phone for banking , emails, and internet surfing . So I downloaded AVG free from Google Play , and when I bought my Galaxy Tab2 I did the same - hackers are getting so clever these days , I figured why take the risk when there was no need to ?

Collapse -
Lookout
by me1303 / May 10, 2013 9:30 PM PDT

Lookout is free and works on Android or IOS. It scans new apps, provides protection and back ups. It can even be used to track your phone if it comes up missing.

Collapse -
Intego and Webroot
by lennylampert / May 11, 2013 2:44 PM PDT
Intego's VirusBarrier iOS allows iPhone, iPad and iPod Touch users to manually scan their devices and detect and eradicate all known malware affecting Windows or Mac OS X: http://www.intego.com/mac-virus-barrier-ios

<span id="INSERTION_MARKER"><i>

Webroot SecureWeb</i> app for iPad and iPhone offers a secure web browser for iPad and iPhone: http://www.webroot.com/En_US/consumer-products-mobile-security-secureweb.html

I am not affiliated with these companies, nor have I tried either product, so I can speak to their effectiveness. Since I am aware of these products, however, I just thought I'd let you know that they are available.
Collapse -
No you shouldn't be
by pduran2 / May 12, 2013 11:26 PM PDT

Having an iPad is by default showing you have a concern for security and you you should worry little if you own one.

Having an Android shows you have no concern for security.

It IS that simple.

Collapse -
so wrong
by champ00533 / May 14, 2013 12:10 AM PDT
In reply to: No you shouldn't be

android is based off Linux and same with ios so how are they more secure?? ipad is an overpriced android. I agree with above it's the user gets the viruses, I know anytime I received a virus was I downloaded something to try and it had a virus in it.. but since everyone was concerned about viruses they have in fact gone down since vista came out because everyone was concerned of security Microsoft beefed up security, and no windows essentials is one of the best antivirus programs out there and is free.. Windows is the mainstream operating system of course it's been targeted, if Linux was the mainstream it would be the opposite, they have worked on security measures on Linux while Microsoft has suffered. Also didn't Microsoft start out as unix aswell???
I think adware/spyware and browser take overs are more of a threat then viruses. Another thing with pc more people upgrade and fiddle around with there pc's more than mac or Linux systems am I right so more things can happen with the operating system. Also what systems do gamers game on for computers is a Microsoft PC. Ok now for the topic yes we should be concerned of security that is why these security programs have come out so whatever we are installing on our devices are safe... but I have notice a lot of the free apps have ads and they can take over your device with advertisements and slow it down.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.