Which is more secure?

Which computer is more secure? "Mac!" says the dedicated Macintosh user. Or is it computers with the new Windows OS? Or are they both equally likely to have security problems?

There is a lot of debate in the security industry regarding which platform is more secure.

Many people assume that the Mac is so secure - perhaps because they have heard of people that have experienced security failures under Windows. Others say that the the Mac is just as insecure as Windows, if not more so.

The LanceJ Security Test

I propose the following simple test that can be used to measure which platform is more secure from the vantage point of the public.
  1. Buy a quantity of new, stock Windows 7 and Macintosh computers from a retailer. For example, buy 5 new Mac Minis and 5 new Windows 7 HP desktops from BestBuy.
  2. Distribute each of the sealed, boxed computers to a regular, randomly selected family. Give each of those families identical, stock internet access via, say, Comcast. Tell the families to set up the computers and use them in their homes.
  3. Collect the computers after a set amount of time - perhaps 6 months.
  4. Count the number of machines that have been compromised.
The platform with the fewer detected compromises was generally less likely to be a security problem to its user during the course of the study.


Clearly such a study wouldn't measure all aspects of security. For example:
  1. It doesn't count compromises that are not or cannot be detected.
  2. It doesn't count potential OS vulnerabilities, phishing attack vulnerabilities, etc.
  3. It doesn't measure security compromises of the future.
Perhaps a security researcher could devise a way to accurately count these other data.

Other Approaches

Another simple approach to measuring "platform security" could be pursued by the general purpose "computer repair shop". As new customers come in, measure the number of computers requiring repair due to security failures. However, it seems that a research project based on "repair shop" data would be complicated. Should the age of the computers be considered? And how does one consider the flawed machines with non-security related failures?

Next Steps?

I'd be surprise if there haven't been security researchers that have performed this exact kind of test. After all, researchers spend the bulk of their time doing research and publishing. If you are pursuing such a research study, or if know of a recent study that performed a similar test, please post a link in the comments section.


Voice w/ Tethering Plans: AT&T: $100/mo. Verizon: $85/mo?

I commute via rail, and so I've always been interested in adding tethering to my cell phone plan. I figure it'd be a good way to spend my commute other than, um, reading literature.

And now that the iPhone has tethering capabilities, I figured its my perfect opportunity to get more by spending more. Sadly, AT&T hasn't announced its tethering plan yet, but I decided I can infer some information from their existing plans.

I did some research today on AT&T's website, looking into the tethering options for devices they sell now, such as the BlackBerry. I "made" a 450 minute voice plan and added tethering... and the total monthly fee came to $99.99 per month. Certainly more than the $69.99 plan, but clearly tethering will use lots more bandwidth. I also noted that AT&T has a 5 GB cap on their tethering plan.

As a cost comparison, I went to Verizon's online store. They didn't have a tethering option readily visible, so I just made a $450 smartphone plan, and it came to $69.98 per month. Then, I located the Broadband Connect page ... and it suggested that adding tethering to the $69.99 smartphone plan would cost an additional $15.00 per month.

So, if all my math is correct, it seems like for a 450 minute smartphone plan with 5 GB of tethering, the score is: Verizon: $85/mo. AT&T: $100/mo.

One reason why I've liked AT&T is that I knew they were a better deal for the money. Hopefully they'll address this major pricing discrepancy with their competitors. Otherwise, for $15 per month, I may as well go back to Verizon and use my jailbroken iPhone as a client ;-)


Upgrading from the iPhone 3G to the new iPhone 3GS

I have been very interested in the new iPhone 3GS, and so I decided to take a look to see if it'd be possible to upgrade. I made a few phone calls and did some research.

I learned that AT&T will allow me to upgrade to the iPhone 3GS without special charges after 1 year and 8 months under contract... so, happily I don't have to wait the full 2 years to get my hands on the new iPhone. But since I somewhat recently bought my iPhone, I still have to wait another year before I can upgrade.

However, since I can't wait, I can upgrade to the new iPhone 3GS for a fee - they'll let me upgrade to the new phone if I pay a $200 premium. That means that I'd pay $399 for a phone that usually goes for $199. The $200 "surcharge" is a number that's comparable to the "contract early termination" fee.

I bought my 16 GB iPhone 3G for $299. If I sell it now, I'll have a newer battery and a newer warranty. I feel those improvements are worth $50 to me. And therefore, I feel that IF I can sell my used iPhone for $350, it'd be an easy decision.


The Next Great Thing: iPhone, Google, and VoIP

This spring Google is transitioning its telecom service "Grand Central" to "Google Voice", a service that promises to tie together telephone, voicemail, email, video, and chat into a single service. It promises to be like Skype, GMail, Video Mail and traditional telecom all rolled into one.

It just also happens that Apple is working on iPhone OS v3.0. iPhone 3.0 offers a lot of new internals to the iPhone, but with no single "huge, new" feature. Rumor also has it that Apple is planning for the next generation of iPhones and perhaps new iPods.

So I'm going to go out on a limb and speculate that these events are coupled. The seamless convergence of a modern, comprehensive telecom service coupled with an internationally available handset will be a killer app. And AT&T will be on board, as this will sell tons of service.

Imagine the features:
  • One device for all communications.
  • A single mailbox.
  • Voicemail is just another type of mail.
  • Videomail is just another type of mail.
  • SMS is just another type of mail.
  • Labeling rules, as seen on Gmail, organizes your mail, can trigger alerts, etc.
  • VoIP is on-par with traditional telecom voice services, with one difference: incredibly low price per call and no need for a traditional telephone number.
  • Location-awareness mail
  • Voice-to-text and text-to-voice services for all mail, as already seen in several Google services.
I don't see all these features coupled together in the iPhone 3.0 Beta. But I do see all the infrastructure to pull this off: Google Voice, iPhone 3.0 APIs, plus some new Apple, AT&T, or Google-provided apps are enough to get the job done. iPhone 3.1 will seal the deal.

So there you have it - convergence of telecom on a grand scale, and dragging the big telecom providers into the 21st century by level-setting voice with video and internet services.


Average iPhone user accesses web 40x more than BlackBerry

I have heard that users of the iPhone aren't as happy with their battery life when compared with BlackBerry owner experiences. Since both devices use the same battery technology, it seems that either the devices have substantially different power efficiency numbers, or that iPhone owners make more use of their device.

So I've looked at some commonly available statistics to see if I can determine if people use the iPhone more than the BlackBerry. The results are astounding.

NetApps has recently published their "Mobile Web Browser" statistics, and it looks like the iPhone accounts for roughly 64% of all mobile web sessions (April 2009). In contrast, the BlackBerry accounts for 3.1% of mobile web sessions.

So we know out of the gate the people use their iPhones more than BlackBerry users. But this simple statistic doesn't show everything: According to ChangeWave Research's December 2008 market share numbers, the iPhone acounts for 23% of the smartphone marketplace, while the BlackBerry accounts for 41%. That means there are about 1.7 BlackBerrys in use for each iPhone in use.

So people use their iPhones much more than the NetApps statistics suggest!

Chugging through these two sets of numbers, it seems like the typical iPhone user accesses the web through their primary browser roughly 40 times more than the typical BlackBerry user. If a BlackBerry user accesses the web from their device for 5 minutes a week, the typical iPhone user accesses it for 200 minutes.

So when reading statistics that compare battery life between the BlackBerry and the iPhone from the user's perspective, remember: iPhone owners access the web 40 times more frequently than BlackBerry users. And accessing the web drives the screen, the CPU, and the radio circuitry more heavily than a simple voice call.

And I haven't even started to estimate how many optional "app store" applications are used on the iPhone versus the BlackBerry.

Oh, and for my iPhone's battery life? With 3G, Wifi, and Bluetooth all "on", I get about 5 ½ hours of activity. And I can charge it full, from empty, in under 90 minutes. That's better than any other cell phone I've ever owned.


Cable Box Electricity Consumption and Cost

Today I got around to measuring the electricity consumption of the cable TV box that is in my home - a Comcast Motorola DCT-3412. It's an HDTV Cable TV box with DVR.

Is this "powered off" cable box costing American taxpayers hundreds of millions?

I measured the box's consumption by plugging it into my awesome Kill -A-Watt power meter and measuring the wattage.

Surprisingly, I found that my cable box consumes just about as much power when "off" than when "on"!

Here's what I measured with my Kill-O-Watt meter:
  • "Power Off": 30 watts
  • Watching TV: 31 watts
  • Recording TV: 31 watts
  • Playing back a recorded program: 31 watts
Why provide a power button when it makes so little difference in power consumption? Who knows!

Electricity Cost

So I did some math to figure out how much 30 watts of consistent power use costs, using recent prices for electricity around here:

(17¢ per kwh x 30 watts x 8760 hours per year ) / 1000 = $44.67 per year

Amazing - think about it - according to my analysis, perhaps 5 million people pay $44 per year for the electricity for a cable TV box that's mostly powered off! That's approaching a quarter of a BILLION dollars in electricity every year, thrown away!

This isn't "green" - it's "stupid".

EasyN WiFi Camera Firmware Upgrade

I wanted to upgrade the firmware of my EasyN WiFi camera.  I just like to keep my firmware up to date.  I am sure it is a security sieve no...