Security Firms Bicker Over Mobile Viruses 90
Fijer Nrosikjen writes to mention a ZDNet article about a claim by CA that F-Secure is just spreading FUD over mobile virus code, in order to promote its product. From the article: "CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added. It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors. "
Re:NAME ONE! That wasn't it! (Score:2, Informative)
Re:Plenty of economic reasons (Score:1)
What you described, while in theory a profitable form of malware attack is not bluejacking
See www.bluejackq.com for more on bluejacking.
Re:Plenty of economic reasons (Score:1, Interesting)
you can dial any number you like, transmit files etc
just because people use it for harmless things doesnt mean you cannot cause harm
What is bluebugging?
Bluebugging allows skilled individuals to access the mobile phone commands using Bluetooth wireless technology without notifying or alerting the phone's user. This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop o
Re:Plenty of economic reasons (Score:1)
Re:Plenty of economic reasons (Score:2)
Re:Plenty of economic reasons (Score:1)
Re:Plenty of economic reasons (Score:1)
We all know who writes viruses ( http://en.wikipedia.org/wiki/Plural_of_virus [wikipedia.org] ) its the anti-virus software companies ... JOKE!!!!
No, we really know it's the hackers .... JOKE!!!!
And as to mobile phone anti-virus software companies spreading INFO, commonly known as FUD, more commonly known as BULLSHIT ..... JOKE!!!! .... oh no, that one isn't a joke.
monk.e.boy
Apparently (Score:3, Insightful)
Re:Apparently (Score:3, Interesting)
That's interesting, a mobile phone virus that talks to you through the phone handset.
"Please upload me. Pleeeeeease."
Or perhaps they just wait until you are talking to your mom, and insert helpful phrases into the gaps in the conversation. The virus could say stuff like, "I'm gay." or "I'm straight." or "I'm pregnant." or "I want to suck on you nipples now please." or "I've got the semtex." (that would be helpful to the FBI, not you or your mom). Or it could just make random grunting noises. Mind you, hal
Re:Apparently (Score:1)
ZDNet US link (Score:3, Informative)
Um... (Score:3, Interesting)
Most people don't need AV software, and even when they use it, most people are still not secure because of HOW they use their computers. So this is really a case of pot calling the kettle black.
Tom
Re:Um... (Score:4, Insightful)
WTF? Most nerds may not need AV software on their PCs. Most other people do. They do not know how to recognize and avoid malware, manually remove it and repair damage done by it, or follow good practice to avoid it in the first place. If you're arguing that they should learn, that's pie in the sky. Believe me, they need AV software.
Re:Um... (Score:2)
The AV provides little "real" protection since
a) Most people fail to update it [my parents NEVER update the damn thing, whenever I visit I do it myself]
b) Uninstall it once the trial period expires
c) Will run just about anything they can get their hands on [whether on purpose or by exploit].
I can write a dozen programs that will kill the average windows box and not be detected by AV. AV is a good line of defen
Re:Um... (Score:2)
AV software also only updates when the license is valid [clamav is nice and all but a bit old]. Most free editions usually end up going commercial [anti-vir anyone?].
Point is, running AV is required but not sufficient to maintain a secure computing environment.
tom
Re:Um... (Score:1)
Duh.. that's what Tx said in the first place: Believe me, they need AV software. It is "required."
In your reply to that post, you argued that AntiVirus software is "like saying you need a solid metal door on your mudhut to protect from intruders", and that it "provides little real protection."
That's wrong. We all agreed that AntiVirus software helps. You, with your "mudhut" analogy, made it sound useless. It's not
Re:Um... (Score:2)
AV companies should promote the education of their users as a "added value bonus gourmet quality home style" benefit to the users.
Tom
Re:Um... (Score:2)
So what you're saying is that when you said "Most people don't need AV software", you actually meant "Most people do need AV software".
My parents AV auto-updates without their intervention (and why on earth didn't you configure your parents AV software to auto-update, WTF were you thinking?), and thanks to their belief that I want a running commentary on their computing activities, I know that it has succesfully protected them from nu
Re:Um... (Score:2)
No amount of AV software will save your "lets run all random binaries we can find" parents. thinking that AV alone will make your environment safe is harmful.
Tom
Re:Um... (Score:2)
Re:Um... (Score:2)
Tom
Re:Um... (Score:2)
Installing Windows Live OneCare and Windows Defender (Which OneCare asked if I wanted to download) catches them. Auto updates are enforced, and it even does a nice regular backup for you.
You may want to consider getting people who need their PC's to 'just work' to buy a subscription to OneCare, since I've found it's worth the effort when it maintains updates, firewall and antivirus and also does housekeeping such as defrag, temp files cleanup etc.
Re:Um... (Score:2)
Ooh, free poker game, ooh free screen saver, oooh free animation, ooh....
The problem isn't so much the technology [though there are many ways to improve it] but the lack of training. People just don't know what the hell they're doing with computers.
Give them a friggin C64 and be done with...
Tom
HEY! (Score:1)
(Ok, just kidding. I haven't used my C128D in decades - I think it may have grown legs and wandered off in boredom.)
Re:Um... (Score:1)
Re:Um... (Score:3, Informative)
So yeah, you don't really need AV. Yeah.
Also, since when do people have to manually update their antivirus? There's this thing called auto-update. If you're talking about re-subscribing then that's different. Sure, most people don't
Re:Um... (Score:3, Insightful)
Windows? (Score:2)
When Windows Mobile 5 came out or had just done so, F-Secure had a product ready, and you could argue that the statements that F-Secure made at the time saying that you could benefit from their software were inaccurate, given than there was virtually no malware for the OS at the time. When I looked at it (a few months ago) there was allegedly a fair bit of malware for Symbian, and I'm guessing that F-Secure got to pr
Thank god (Score:4, Informative)
Most mobiles run J2ME, and you can't do anything interesting in J2ME. You can't even get the whole screen on some mobiles, let alone use directory services. And because J2ME allows the phone creators to load on different modules to there phones (JSR-182, etc), you don't even know if you will be able to do something when you get to a phone. You would have to be very clever indeed!
Re:Thank god (Score:2)
Given the profusion of virii and trojans and the insidiousness of some of their mechanisms, are you implying that virus writer
Re:Thank god (Score:1, Insightful)
Re:Thank god (Score:2)
Re:Thank god (Score:2)
The worst you could do in a sandbox is exploit a bug in it. With J2ME, the differences in phone models and VM implementations mean that even if you found such a bug, it would be most likely be limited to such a small number of phone models that your virus would never get very far.
Ahh, the advantages of a hetrogeneous environment...
Remember the days of Floppys and BBS'? (Score:1)
"Geeze, I wonder if this new version of McAfee works with my Nokia?"
Re:Remember the days of Floppys and BBS'? (Score:1)
Really? (Score:3, Funny)
Re:Really? (Score:1)
Re:Really? (Score:2, Insightful)
So... (Score:3, Informative)
Is CA that ignorant? (Score:4, Insightful)
If anything, F-Secure is sounding a warning. Mobile viruses may not be the primary attack vector now, but with smart devices ever increasing (and a propensity of some executives to store everything on them, including passwords), it makes sense to stir up a little fear in the hope of preventing future harm.
Fear is not bad if it is founded in reality. I've seen enough reality to know that this fear is warranted.
Re:Is CA that ignorant? (Score:4, Insightful)
The question is when will consumers figure out the scam. Why is it that no antivirus product I've tried for Windows has a small footprint and detects reasonably well. The closest I've seen is clam antivirus for windows and that can't remove anything. Remember when antivirus vendors pushed the new version because it was faster and sometimes smaller? What happened to that. I actually don't run with antivirus on anymore. A monthly scan is enough. I patch windows religiously and only do special scans when I download from untrustworthy sources. There is a small risk one of them will spread a virus but its unlikely.
Home users shouldn't fear this at all yet. Businesses should consider telling their users to watch what they install on their phones.
Re:Is CA that ignorant? (Score:2)
Were I intent on getting into an enterprise's information systems today, I would be targeting attacks specifically at systems people will assume are "safer".
The days of brute force attacks against the front gate are dwindling. Unless the frontal assault is a distraction for the orcs in the tun
Re:Is CA that ignorant? (Score:3, Insightful)
And let's not forget that as people demand there mobile phones to be more things and be able to interface with other computers, the possibility of using a person's mobile phone as a backdoor through se
Re:Is CA that ignorant? (Score:2)
Of course, on the converse, I would also like to have a pill (or hammer) to use when they are using baseless fears as an excuse to inhibit technological progress (e.g. the "all wireless is evil" approach).
Re:Is CA that ignorant? (Score:1)
Re:Is CA that ignorant? (Score:2)
Point well made.
Nothing new in Finland (Score:2)
Re:Nothing new in Finland (Score:1, Offtopic)
anti-virus vendor trust (Score:2)
Trust. Right. Gotcha. I think I saw some of that laying around here the other day. Oh, wait, that wasnt you. Oh, you meant vendors, not consumers. Now I get it, it's a money thing.
Let me give you a hand with that:
Get your useless crap over here! Step up and win useless crap!
(sorry, I can't remember exactly how it goes, I will demote my geek ranking)
Right, because CA has long been our trusted source (Score:1, Flamebait)
...for late breaking virus information. These clowns just replicate everything Symantec, F-Secure, McAfee, and others do anyway. ZERO innovation, ZERO leadership, ZERO initiative. Screw you, CA.
What about bluetooth? (Score:2)
Re:What about bluetooth? (Score:2)
Even my POS motorola only announces itself on my explicit command to do so, and then only for 30 seconds or so.
The pot doesn't even know what a kettle is! (Score:4, Interesting)
While writing an article comparing small\medium business spyware solutions I installed a trial of eTrust Pest Patrol Corporate. Their crappy demo detected spyware (that none of the 4 other products detected, suspiciously) but informed me that only the pay version would remove it. I uninstalled the product but the eTrust right-click dialogs remained in Explorer. I called their tech support and they said they don't support product demos. I eventually found the registry key pertaining to the Explorer extension, emailed the info to them, and chewed them out.
I suspect CA is in the business of FUD, including spreading FUD about its competitors. Then again, nearly the whole antivirus industry is that way. Free clients [avast.com] ftw!!
If anyone cares, I blogged [blogspot.com] about the history of Norton\Symantec and how they've made a successful business with their increasingly inferior products.
Re:The pot doesn't even know what a kettle is! (Score:4, Interesting)
They listed one of my applications (Sam Spade [samspade.org] - an elderly windows whois / traceroute client, basically) as a security risk. I started to get phone calls about it from users (I have quite a lot of users, so a few of them were bound to be running pestpatrol).
I called the company responsible for pestpatrol several times, and they told me many things that turned out not to be true ("It's not listed", "We can certainly remove it", "Traceroute is a major security risk for enterprise customers.", "We have removed it", "Oh, when we said we'd removed it we meant, uh....", "We'll remove it within six weeks...").
The sheer level of corporate and technical incompetence involved was staggering (and I've dealt with some spectacularly incompetent companies). The idea that anyone would rely on them for anything security related is scary. (To be fair, I believe that I dealt with them early on in their buyout process, so it's conceivable that they've picked up some basic business practices from their new owner since then, but it's not something I'd bet the security of my network on).
I had a phone virus. (Score:5, Informative)
Trouble was, it hammered the battery with its constant bluetooth searching that it would only last a few hours before dying. Plus the constant "bluetooth busy" symbol on the phone was a dead giveaway.
Funilly enough, it was F-Secure that I used to get rid of it.
Re:I had a phone virus. (Score:2)
So a close friend of mine had a Nokia 6600 and she told me "Something is wrong. I think Celly is sick."
I took a look at "Celly", my name for her cellphone. You see, in the Philippines the girls just love their cellphones, and if you want to be around a Filipina, you quickly get used to the fact that her cellphone is a
Requires User Interaction (Score:2)
FUD is the mantra of Anti-Virus Companies (Score:2)
No. Sorry, but no. (Score:2)
A security product can help there. It is, to a degree, pleading guilty of being too stupid to keep your system secure (or using a
CA should know. (Score:3, Insightful)
Re:CA should know. (Score:2)
User interaction == and your point is? (Score:4, Insightful)
A virus could require you to bleed onto the keyboard by stabbing yourself in the hand. If it promised nude pics and said it was from someone you know, there are enough people out there that will run it to give me a headache.
why I use open source (Score:4, Insightful)
It's been said that people use OSS because it's free, more secure, performs better, architected better
However I think I like OSS most because there's no marketing department intruding into my life and in many cases lying to me.
Let's all raise our glasses to this wonderful phenomenon.
I guess... (Score:1, Interesting)
Prime FUD, anyone? (Score:2)
Do cell viruses exist? Yes. At least they did, as far as I know there used to be a few repackaged installers for Symbian based cells that got tainted. That was, though, something you could easily handle with a PC based scanner. Since those tainted kits were invariably available from shady sites or P2P, but none from legit download-to-cell sites, you could very easily squish that bugger when it had to pass through your PC.
Afaik, Symbian closed that hole
No financial incentive for viruses? (Score:3, Informative)
Re:No financial incentive for viruses? (Score:2)
That is not to say that folks might not be over-hyping the risks, but the start of this discussion was definitely UNDER-hyping the risks.
Sir Edmund Hillary Quote: (Score:4, Informative)
Hillary: "Because it's there"
Same story, different environment.
Here's an idea... (Score:2)
Nevermind, I forgot, cell companies NEED that kind of OS because everyone and their mom has to have a camera/minicamcorder/flashlight/mp3 player in their damned phone now. Hey, there's a thought - The more the
Re:FUD? (Score:2)
> Stop using acronyms in story summaries. Not everyone knows what FUD is.
FUD! Get him!
Windows Mobile 5.0 Application Security (Score:2)
Say What? (Score:2)
What trust?
LOL! (Score:1)
Same thing with the phone.