Trend Micro attacks Open Source

Insecurity expert Steve Chang, who is the chairman of Trend Micro, has just declared himself the sworn enemy of the Open Sauce movement by saying that Android is less secure than the iPhone because it is Open Sauce.

Chang claims that because Android was open sauce a hacker could understand the underlying architecture and source code and work out new ways to do it over.

Steve Chang said that you had to give credit to Apple, because they are very careful about it. It’s impossible for certain types of viruses to operate on the iPhone.

Of course the comments will be greeted by a “what the fsk” from almost everyone in the industry. Apple’s iPhone security is faith based and the shiny gear is the first to get knocked over during Black Hat competitions. If a security error is spotted it takes time for Apple to admit it, let alone fix it. Open Sauce problems are usually fixed quickly.

Open Saucers can claim, with some validity, that security problems in Android can be swiftly spotted and fixed because people know the system very well.

In short does Chang know what he is talking about? He appears to be mostly talking about the application vetting process. Anyone can write code for Android, but getting code approved by Jobs’ Mob requires the developer to juggle flaming swords over a pit of hungry crocodiles while smeared with bacon grease. Obviously with central controls like that it is possible to weed out a few rogue applications that spread malware.

But that is not actually what Chang said. He actually blamed the Open Sauce process for making Android less secure. Which it doesn’t. He added that Apple has a sandbox concept that isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners. However that does not make it more or less secure, it just means that you have to use a different attack vector.

Chang said he’s betting Android users will start to buy more security software for mobile devices. This is fair enough, however how much security software is there for the iPhone? For years Apple hardware has based its security on faith alone and depends on hackers not bothering to attack the minority OS. How is it that Trend Micro can believe that Apple is safer and, more to the point, why would you trust a security company that spouts such rubbish?

Chang’s comments might have something to do with the fact that this week Trend Micro released Mobile Security for Android, software that users can install on a mobile phone to block viruses, malicious programs and unwanted calls. So if Android users feel secure they will not buy Chang’s app.

But you have to wonder if Apple’s security so wonderful, why Trend has been running its Mobile Security App for the iPhone for a while now?

Chang admitted to Business Week  that Apple’s iOS wasn’t fully immune to security threats and may be hit with so-called social-engineering attacks, which tricks users into authorising the download or installation of malicious software. But not viruses? So what does Trend’s AV software for the Apple do?

Given this weird message, it is not surprising that Trend Micro’s 2010 revenue is expected to have dropped 1.3 percent and its net income is forecast to be 22 percent lower.