KRACK: Should Android take the lead on Windows?

0
145

KRACK: Should Android take the lead on Windows?

Google will release a security patch for Android clogging KRACK fault . Nevertheless, this one will be available almost a month after the patch deployed by Microsoft on Windows. An example to follow?


Microsoft pulls out the first

The KRACK fault is embarrassing for two reasons. The first is that it tackles WPA2, which is considered to be the safest. Suffice to say that it is the Wi-Fi as a whole, which is compromised. The second is that it reveals a certain hierarchy in the correction of this fault, presented this week, but known since last July.

Microsoft has already clogged it in its update for Windows 10, 8.1 and 7 distributed on October 10, Apple has a fix on the ranks, but it will only be integrated with the next minor updates of macOS, iOS, watchOS and tvOS, all still in beta with no firm release date. And Google, the most widely used mobile operating system publisher in the world? On the 6th of November. A security patch will be distributed on 6 November. Finally on devices managed directly by Google at least. For others, this will depend on the seriousness of the manufacturers. Some like HMD / Nokia are more reactive than others, sometimes even faster than Google!

Nokia is part of the good students for the deployment of Android security updates.

From the Windows XP fiasco to the Tuesday Patch

First Microsoft of the class, this could be a troll, when we know the history of the firm of Redmond in the attack of malwares of all kinds, but it is true. Microsoft was confronted with Windows vulnerability in the most violent way, when it was almost enough to connect its PC to the Internet to catch a virus, and learned the lessons by putting up a few months after the release of Windows XP, a security process that can only be seen to be effective today, at least for machines that remain up to date, the use of old versions of Windows and unpatched third-party software remains heel of Achilles.

Windows XP and its verdant hills where the Trojan horses ran …

Without going into details of the initiatives put in place at the time, it is a whole development cycle that has been developed, to integrate security at every step of creating a new version of Windows , accompanied by a post-exit follow-up process. The most emblematic measure of this strategy is the creation of “patch tuesday” these monthly security updates made on the second Tuesday of each month. And it is precisely via a patch tuesday that Windows 10, 8.1 and 7 have already benefited from a patch against the KRACK fault.

Project Treble: a hope for Android

Of course, Google also has a program of regular security updates. The problem is that it is only effective if the players play the game. And it can not be said to be completely the case. It’s obviously simpler for Microsoft to control the whole chain. That said, it is also the case of Apple, yet no update has been finalized yet, because their process is visibly slower.

The Huawei Mate 10 Pro will benefit from Project Treble

The Huawei Mate 10 Pro will benefit from Project Treble [

So there is only hope that the situation, on the Android side, can accelerate. This is part of the many benefits of the Project Treble which separates Android into two partitions, one for Google and one for builders and operators, which should ultimately facilitate the deployment of these patches. The terminals marketed directly under Android Oreo integrate it, and they start arriving with the Pixel 2 and Pixel 2 XL the Sony Xperia XZ1 and XZ1 Compact , and the Huawei Mate 10 and Mate 10 Pro newly announced.

The good news is that Treble will also be able to deal with smartphones already commercialized: it was learned yesterday that the Android update Oreo / EMUI 8.0 destined for Huawei Mate 9, scheduled for December, would make the latter compatible Treble. Even more than the faster adoption of the latest features of Android, this would be the most radical progress brought by this evolution.

LEAVE A REPLY

Please enter your comment!
Please enter your name here