KRACK: Should Android take the lead on Windows?
Google will release a security patch for Android clogging KRACK fault . Nevertheless, this one will be available almost a month after the patch deployed by Microsoft on Windows. An example to follow?
Microsoft pulls out the first
The KRACK fault is embarrassing for two reasons. The first is that it tackles WPA2, which is considered to be the safest. Suffice to say that it is the Wi-Fi as a whole, which is compromised. The second is that it reveals a certain hierarchy in the correction of this fault, presented this week, but known since last July.
Microsoft has already clogged it in its update for Windows 10, 8.1 and 7 distributed on October 10, Apple has a fix on the ranks, but it will only be integrated with the next minor updates of macOS, iOS, watchOS and tvOS, all still in beta with no firm release date. And Google, the most widely used mobile operating system publisher in the world? On the 6th of November. A security patch will be distributed on 6 November. Finally on devices managed directly by Google at least. For others, this will depend on the seriousness of the manufacturers. Some like HMD / Nokia are more reactive than others, sometimes even faster than Google!
From the Windows XP fiasco to the Tuesday Patch
First Microsoft of the class, this could be a troll, when we know the history of the firm of Redmond in the attack of malwares of all kinds, but it is true. Microsoft was confronted with Windows vulnerability in the most violent way, when it was almost enough to connect its PC to the Internet to catch a virus, and learned the lessons by putting up a few months after the release of Windows XP, a security process that can only be seen to be effective today, at least for machines that remain up to date, the use of old versions of Windows and unpatched third-party software remains heel of Achilles.
Without going into details of the initiatives put in place at the time, it is a whole development cycle that has been developed, to integrate security at every step of creating a new version of Windows , accompanied by a post-exit follow-up process. The most emblematic measure of this strategy is the creation of “patch tuesday” these monthly security updates made on the second Tuesday of each month. And it is precisely via a patch tuesday that Windows 10, 8.1 and 7 have already benefited from a patch against the KRACK fault.
Project Treble: a hope for Android
Of course, Google also has a program of regular security updates. The problem is that it is only effective if the players play the game. And it can not be said to be completely the case. It’s obviously simpler for Microsoft to control the whole chain. That said, it is also the case of Apple, yet no update has been finalized yet, because their process is visibly slower.
The Huawei Mate 10 Pro will benefit from Project Treble