Threat Intelligence With Two Most Used Operating Systems
With 4.312 billion users in the world, comprising 55.6% of the global population, the Internet has become an everyday center hub for almost all human events and actions. Be it for entertainment, information, remote computing, communication and many aspects of 21st century lifestyle. Across the board the most common operating systems with consumer devices in general are Android (36.5%) and Windows (35.99%) according to Statcounter, Feb 2019 stats. That means one thing, 72.49% of all consumer Internet-facing computing device that are accessing the Internet regularly are malware prone platforms.
We all know that Windows (and its MS-DOS predecessor) is a favorite malware target since the early 80s, while Android has become a malware magnet since its growth trajectory overtook iOS devices. This is where the responsibility of both Microsoft and Google are tested, given that both OS has become more “service oriented” than a typical OS like desktop Linux. Threat Intelligence enters the scene, as both companies try to continue to evaluate their operating systems to face the growing threat of cybersecurity attacks, abuse and being targets of malware authors.
Both operating system entered similar phases of their respective development of leaving security to the 3rd parties, the very mature yet very cunning antimalware vendors. In the early years of both operating systems, both Microsoft and Google were not very interested with threat intelligence research to secure their operating systems beyond their normal development cycle.
This of course have changed, given that Windows comes with its own built-in antimalware by default named Defender, maintained by Microsoft itself through Windows Automatic Updates. Same approach was taken by Google, as they bundled Google Play Protect as part of the Google Play Store package. It connects to Google’s cloud platform, hence updates are in real-time.
Microsoft and Google are doing this in order for their users (and their respective organizations/firms they work for) not to perform the expensive Threat Intelligence process to secure the devices for themselves. Proactive approach to security is much stronger if done by the developers that have control of the code comprising the operating system and all system functionalities for the devices involved. In this equation, only the developers of Microsoft and Google, plus some volunteer developers for Android (since Android is opensource) can take a look at the source code and patch the vulnerabilities present.
The two companies are also mandated by law when it comes to keeping the data the users entrusted in their devices, be it a desktop computer, laptop or a smartphone to be secure and private. This is especially true with the European Union, with their GDPR in full swing since May 25, 2018. Keeping both Windows and Android secure is not an option for these two OS vendors, but a legislated obligation. This is why both offer bounty programs, as there is no other force on the planet that has enough man-hours to spare with bug hunting other than the volunteer bug hunters themselves. Google Bug Hunter program and Microsoft Bug Bounty program are both paying successful ethical hackers handsome amounts of money in order to identify security and privacy vulnerabilities. Feel free to join if you are qualified.