From NZLUG at etelligence.info Fri Aug 2 13:38:44 2024 From: NZLUG at etelligence.info (DL Neil) Date: Fri, 2 Aug 2024 15:38:44 +1200 Subject: [Flounder] Smart-phone security Message-ID: What level of security does a smart-phone possess that my computer does not? Responding to my protest that Internet Banking (using PC) could not carry-out functions that are available on 'the app' (using smart-phone), a teller at my bank (kindly) informed me that it was because a greater-level of security was possible using the latter. True or False? What security facilities are available on a smart-phone that cannot be reproduced on a (Linux?Windows?Mac) PC? -- Regards =dn From blakjak at blakjak.net Fri Aug 2 14:31:55 2024 From: blakjak at blakjak.net (Mark Foster) Date: Fri, 02 Aug 2024 16:31:55 +1200 Subject: [Flounder] Smart-phone security In-Reply-To: References: Message-ID: <73330383a8b67724b12934e22d2f2f0d@blakjak.net> On 2024-08-02 15:38, DL Neil via Flounder wrote: > What level of security does a smart-phone possess that my computer does > not? > > Responding to my protest that Internet Banking (using PC) could not > carry-out functions that are available on 'the app' (using > smart-phone), a teller at my bank (kindly) informed me that it was > because a greater-level of security was possible using the latter. > > True or False? > What security facilities are available on a smart-phone that cannot be > reproduced on a (Linux?Windows?Mac) PC? If I had to guess, a locked app ecosystem, vs a device that can literally do anything. The flexibility of a PC is probably its vulnerability when compared with the app ecosystem that can leverage device level controls... I've noticed a tendency to favour app-first approach, I think vendors often assume that everyone (or perhaps just everyone they're targeting in their user base) is able to use the app, so that's where they start. I imagine a much smaller percentage of their user-base _also_ use a PC (and even fewer would use a PC and then _never_ use an app on a smart-device). Mark. From russell at coker.com.au Fri Aug 2 14:34:42 2024 From: russell at coker.com.au (Russell Coker) Date: Fri, 02 Aug 2024 14:34:42 +1000 Subject: [Flounder] Smart-phone security In-Reply-To: References: Message-ID: <6071328.lOV4Wx5bFT@cupcakke> On Friday, 2 August 2024 13:38:44 AEST DL Neil via Flounder wrote: > What level of security does a smart-phone possess that my computer does not? > > Responding to my protest that Internet Banking (using PC) could not > carry-out functions that are available on 'the app' (using smart-phone), > a teller at my bank (kindly) informed me that it was because a > greater-level of security was possible using the latter. > > True or False? > What security facilities are available on a smart-phone that cannot be > reproduced on a (Linux?Windows?Mac) PC? TPM based security is a new thing on PCs and on PCs that support it they usually don't do anything serious with it. Also having a PC locked down to SHIM (for Linux distributions) and the Windows boot loader doesn't compare to a phone locked down to a particular vendor's Android OS. PCs are designed and expected to be used for any software without restrictions. On phones all software is expected to be locked down and unable to change other software, read data from other software, etc. Web banking involves using your web browser which can be any browser with the ability of the user or any app to change it's configuration or change to a different browser. The upside for PCs is that PC OS support continues for many years while phones go out of support in as little as 2 years and are often run for many years without security updates. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/