Security Firms Bicker Over Mobile Viruses 90
Fijer Nrosikjen writes to mention a ZDNet article about a claim by CA that F-Secure is just spreading FUD over mobile virus code, in order to promote its product. From the article: "CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added. It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors. "
Um... (Score:3, Interesting)
Most people don't need AV software, and even when they use it, most people are still not secure because of HOW they use their computers. So this is really a case of pot calling the kettle black.
Tom
Re:Plenty of economic reasons (Score:1, Interesting)
you can dial any number you like, transmit files etc
just because people use it for harmless things doesnt mean you cannot cause harm
What is bluebugging?
Bluebugging allows skilled individuals to access the mobile phone commands using Bluetooth wireless technology without notifying or alerting the phone's user. This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. As with all the attacks, without specialized equipment, the hacker must be within a 10 meter range of the phone. This is a separate vulnerability from bluesnarfing and does not affect all of the same phones as bluesnarfing.
http://www.bluetooth.com/Bluetooth/Learn/Security
see the videos on f-secures site on what happens when you get jacked badly (commwarrior)
but hey they are the FUD runners so of course the video is doctored right ?
Re:Apparently (Score:3, Interesting)
That's interesting, a mobile phone virus that talks to you through the phone handset.
"Please upload me. Pleeeeeease."
Or perhaps they just wait until you are talking to your mom, and insert helpful phrases into the gaps in the conversation. The virus could say stuff like, "I'm gay." or "I'm straight." or "I'm pregnant." or "I want to suck on you nipples now please." or "I've got the semtex." (that would be helpful to the FBI, not you or your mom). Or it could just make random grunting noises. Mind you, half the people I talk to on the phone could already have this hypothetical virus. "Uh, uh. *grunt* Me. Trin'. To. Fink." Anyway, you get the idea.
I mean, who wouldn't want to code a virus like that?
Imagine two viruses talking to each other down the phone. Some sort of singularity would appear in the phone network.
Hope that helps - monk.e.boy
The pot doesn't even know what a kettle is! (Score:4, Interesting)
While writing an article comparing small\medium business spyware solutions I installed a trial of eTrust Pest Patrol Corporate. Their crappy demo detected spyware (that none of the 4 other products detected, suspiciously) but informed me that only the pay version would remove it. I uninstalled the product but the eTrust right-click dialogs remained in Explorer. I called their tech support and they said they don't support product demos. I eventually found the registry key pertaining to the Explorer extension, emailed the info to them, and chewed them out.
I suspect CA is in the business of FUD, including spreading FUD about its competitors. Then again, nearly the whole antivirus industry is that way. Free clients [avast.com] ftw!!
If anyone cares, I blogged [blogspot.com] about the history of Norton\Symantec and how they've made a successful business with their increasingly inferior products.
I guess... (Score:1, Interesting)
Re:The pot doesn't even know what a kettle is! (Score:4, Interesting)
They listed one of my applications (Sam Spade [samspade.org] - an elderly windows whois / traceroute client, basically) as a security risk. I started to get phone calls about it from users (I have quite a lot of users, so a few of them were bound to be running pestpatrol).
I called the company responsible for pestpatrol several times, and they told me many things that turned out not to be true ("It's not listed", "We can certainly remove it", "Traceroute is a major security risk for enterprise customers.", "We have removed it", "Oh, when we said we'd removed it we meant, uh....", "We'll remove it within six weeks...").
The sheer level of corporate and technical incompetence involved was staggering (and I've dealt with some spectacularly incompetent companies). The idea that anyone would rely on them for anything security related is scary. (To be fair, I believe that I dealt with them early on in their buyout process, so it's conceivable that they've picked up some basic business practices from their new owner since then, but it's not something I'd bet the security of my network on).