I know I have beat this horse before, but it amazes me how such a simple concept can be ignored. Recently the Stagefright vulnerability in Android OS version 2.2 and above was announced. Google has promised a speedy fix to this issue, but it may not be as simple as they say. Because there are so many vendors and manufacturers – each with their own versions, restrictions, and customizations to the Android OS – a simple patch may not be able to work on many systems. With 950 million devices affected, how many will not be able to be fixed?
“But because many users are not running the latest version of Android — in many cases because they simply cannot, thanks to restrictions in place by handset makers — the vulnerability is said to affect an estimated 95 percent of Android device owners. That would mean some 950 million Android handsets could be affected by the exploit.”
http://appleinsider.com/articles/15/07/28/stagefright-vulnerability-compromises-android-phones-with-1-text-message-may-affect-950m-devices
In contrast, Apple reports that 85 percent of its users are running iOS 8 or later, 13 percent are still on iOS 7, and only 2 percent are on earlier versions.
I’m not going to debate the merits of Apple versus Android here. But with a limited set of versions in use, patches, security updates, and fixes are much easier and faster to release.
The same is true in your own environments. Imagine running several different operating systems, with multiple applications, on disparate hardware platforms. Now you have to know (and be proficient with) several operating systems, applications, and hardware platforms, and you need to keep monitoring and management in mind as well.
I get it, and I have done it… Installing some lightweight OS and tweaking it until it performs great and is relatively secure sounds good, but multiply that process by hundreds or thousands of systems and the “fire and forget” method of a standardized environment starts to look pretty good. Less potential for bad press, anyway.
http://www.pcworld.com/article/2953484/android/google-pledges-a-speedy-stagefright-security-fix-for-nexus-devices.html
