Author |
Message |
Buellinachinashop
| Posted on Wednesday, March 12, 2008 - 11:39 pm: |
|
I run a new phone that runs mobile windows. has anybody had problems with virus' and if so, is there anti-virus software for these new fangled phones? |
Igneroid
| Posted on Thursday, March 13, 2008 - 02:38 am: |
|
Put a hanky over it. You should be fine. |
Badlionsfan
| Posted on Thursday, March 13, 2008 - 04:57 am: |
|
i had a samsung blackjack that had windows mobile for around a year. no virus issues. |
Haven564
| Posted on Thursday, March 13, 2008 - 07:15 am: |
|
The only way to get a "virus", at least in the PC world, is to actually download a file that has a virus with it, an e-mail attachment for example. I would not stress about it, at present, for mobile applications. |
Mikej
| Posted on Thursday, March 13, 2008 - 09:56 am: |
|
Text messages and image files and animation files will be a problem. I don't really do texting with my non-Windows phone, but I have been getting random penny-stock-spam at 3am every week or three. As soon as the less than ethical types start to heavily target cell phones then there will be issues. Just hope your cell provider is up to snuff to filter and quarantine stuff for you before it hits your phone. I'm no expert, I know nothing, I wasn't here. |
Buellinachinashop
| Posted on Thursday, March 13, 2008 - 11:12 am: |
|
The problem is, I get my work email and view the web with it. The phone I have is a Palm Treo with Windows Mobile 6. I got a bad feeling. I'll contact ATT and ask them. |
Froggy
| Posted on Thursday, March 13, 2008 - 11:39 am: |
|
Symantac makes Noton Antivirus for phones, but I don't think its needed. |
Reepicheep
| Posted on Thursday, March 13, 2008 - 12:28 pm: |
|
Not a lot of tangible threats for handhelds right now. The danger is real, but for whatever reasons its not getting attacked yet. Probably because it would be so much work to target such a small group of users, and when the payout would be so low... why bother when the hunting is so much better elsewhere. Somebody finding it or stealing it and getting anything you have on it is a bigger threat. Don't know if you can lock it down and encrypt it. |
Cereal
| Posted on Thursday, March 13, 2008 - 02:03 pm: |
|
+1 Reepicheep. They are not getting attacked yet because the cost/reward isn't high enough for the hackers. Same reason Macs aren't targeting. The more common they become, the higher the threat is. I expect to see more AV for mobile phones in the near future. And btw, you don't have to download something (in the traditional sense) to get a virus. Just landing on the wrong web site can get you through a variety of ways. |
Haven564
| Posted on Thursday, March 13, 2008 - 02:15 pm: |
|
I don't want to play word games but yes you must either download a malicious file and open it or run an .exe file. You can have a virus sitting on your PC, but it will not infect it unless you run or open that file. A virus requires human action. You may be confused with a trojan that masquerades itself as something else, like a screen saver. But again, it's a matter of words. |
Buellinachinashop
| Posted on Thursday, March 13, 2008 - 02:20 pm: |
|
So the biggens background I downloaded off of Hooterriffic.com may be infected? What a sad day this is that a man can't download boobs without the threat of a virus. |
Reepicheep
| Posted on Thursday, March 13, 2008 - 03:27 pm: |
|
Most of the really good threats are blended these days. Things like jpeg pictures or MP3 files are not executable. They do however get "interpreted" by an executable program on your local system. So if there is a significant bug in that executable, it could be possible to feed data to it (in the JPEG or MP3) that will cause it to do whatever the attacker wants. Like infect all the other jpegs or mp3's on your system, which you then share with other systems. We dodged a bullet a few years back when there was a PNG bug that could have allowed this. PNG is like GIF, an image format, and is supported by most sites, browsers, and systems. Did you wonder why badweb stopped accepting them for a while about 2 years ago? Your browser hits a web page and automatically loads any images as instructed. One of those images is an infected PNG file that infects all your other PNG files (right after it loads a keyboard logger to steal your passwords). You post one of those PNG files to some *other* site, and bammo, everyone who visits it is infected. Another good reason to never surf on a machine that hosts web content. Let your servers be servers, not workstations. I stopped trying to distinguish between worms, virus's, and trojans a long time ago. The definitions of each are as arbitrary as they are useless. |
Cereal
| Posted on Thursday, March 13, 2008 - 07:58 pm: |
|
Thanks for backing me up, Reep. I study this stuff all day. It's part of my job. |
Haven564
| Posted on Thursday, March 13, 2008 - 09:24 pm: |
|
Reep, please provide the name of this virus you describe. |
Scottykrein
| Posted on Thursday, March 13, 2008 - 09:59 pm: |
|
http://www.cnn.com/2008/TECH/ptech/03/13/factory.i nstalled.virus.ap/index.html?iref=mpstoryview |
Reepicheep
| Posted on Friday, March 14, 2008 - 08:11 am: |
|
The worm / virus / whatever you want to call it never really hit... which really surprised me. I don't doubt the "serious" boys were all over it though, so organized crime and intelligence agencies had probably been riding that horse for a long time and were sorry to see the door get closed. That could have been "the big one". The vulnerability was real though: http://www.microsoft.com/technet/security/Bulletin /MS05-009.mspx http://support.microsoft.com/kb/890261 And just in case us Linux or Mac guys get overly smug... http://www.kb.cert.org/vuls/id/388984 It could have been a *really* bad one. I work in web application security, but have close ties to the people that have to support corporate network users. We scrambled to get that one patched ASAP. But because I am on the customer facing web application security side, it could truly have been a nightmare for me. A worm gets wide spread, root kits go everywhere, and many customers get infected with keyboard loggers. I can't force a patch out to my customers like I could to employees. Those loggers get ID's and Passwords that belong to customers, but give customers access to your systems. The attackers get them, and start to misuse them. You have to try and distinguish between them as a user that are working on a business trip, and them as a user that got their system infected and an attacker has now compromised the account. An easy task 80% of the time, a hard task 10% of the time, flat out impossible 10% of the time. Can you afford to *$&& off 10% of your customers today? Even if it is to protect them? Welcome to my daily struggle. The biggest obstacles to securing users are neither technical nor implementation cost... it is the level of security the general consumer will tolerate. All this is of course my personal opinion, and has no relevance to my employer, my experience with my employers or any other entities, corporate, living or dead, the phase of the moon, or what I might have had for dinner last night. ;) (Message edited by reepicheep on March 14, 2008) |
Haven564
| Posted on Friday, March 14, 2008 - 10:59 am: |
|
The biggest obstacles to securing users are neither technical nor implementation cost... it is the level of security the general consumer will tolerate. Could not agree more |
Mikej
| Posted on Friday, March 14, 2008 - 11:13 am: |
|
I know people who don't lock their house or car doors because it is too much hassle to mess with their keys. |
Haven564
| Posted on Friday, March 14, 2008 - 11:26 am: |
|
Kinda of like the employees who post-it note their password to their monitors or under their keyboards. |
Buellinachinashop
| Posted on Friday, March 14, 2008 - 11:31 am: |
|
"I know people who don't lock their house or car doors because it is too much hassle to mess with their keys." I'd rather have somebody open my truck door and find nothing worth value than break out a window to find the same thing. I leave my truck doors wide open. |
Cereal
| Posted on Friday, March 14, 2008 - 01:04 pm: |
|
Then you obviously don't live in a city with homeless people. |
Reepicheep
| Posted on Friday, March 14, 2008 - 01:13 pm: |
|
(this is a total thread hijack, but I think the original question has been answered, so we should be able to recycle it, right? ) I just bought a well used Saab, and it had the same security implementation delimma that web security architects face every day. The way they implemented it, if you loose all the keys, you basically throw away about $700 worth of computer parts. Each key has to be registered to the car computer, which can only be done by a person with the right ($6000) Saab diagnostic computer. But you also have to have one key, then you bring in the new key, and they can be registered. So having one previously registered key establishes a chain of custody. Come to the car with the right key cut, but the wrong RFID serial number, or if you just hotwire the thing, and the car will lock down and go nowhere. Unless the thief brings a truck :/ Oh, and the new key (with cut and electronic head) is $250 from Saab, plus another $45-$90 reprogram. Good in theory, but in practice, I expect consumers have paid out *far* more money due to undesired consequences (legitimate owner loosing their last key or trying to get a new key) then would have been lost if the cars were easier to steal. I'd be happy to be wrong, but I bet a softer "chain of custody" would have been almost as effective, and far cheaper. How many thieves are going to physically break into the car, build a key blank that they somehow know what it should be, hook up the $6000 Saab factory computer, reprogram the car to accept the new head, then drive off in? Seems like they raised the bar, but it ended up a bit higher then necessary, and probably ultimately costs consumers more then it saves them. For that matter, the electronic interlock itself may be overkill. The car has a reasonably well made and *really* freaking loud car alarm. Perhaps that is enough to sufficiently dissuade thieves, and the $250 that people have been shelling out for what could be a $5 key isn't worth the money saved. |
Davegess
| Posted on Friday, March 14, 2008 - 01:24 pm: |
|
Many new electronic devices are coming from China and other locations with virus (what is the plural for that virii?) preloaded at teh factory. By mistake? On purpose? This has happened to Ipods and recently to picture frames Best buy sold. Nothing is safe. Bill I have good security story. I friend's brother was a Colonel in computer security at SAC. Part of his job was password compliance and the Pentagon has pretty serious requirements involving numbers, letters, special characters, dates, words etc. and he would occasionally get called into a Generals office because the General could not get the password they wanted to be accepted by the system. The General would give him grief, he would salute smartly and explain politely and firmly that if the General had any issues with the password policy he would need to talk to the Pentagon as he, the lowly Colonel was only following his orders from someone far higher up the food chain the complaining General. Since he had 100% backup from DC he said it was quite entertaining to watch them moan and groan about it, they were not used to have Colonels tell the "No Sir, I can't do that Sir!" To bad you can't do that to customers. |
Dynasport
| Posted on Friday, March 14, 2008 - 01:24 pm: |
|
I believe Ducatis have a similar system with their keys. But I have heard there are key cloning devices that can replicate the codes needed anyway. Just a more sophisticated thief and a lot of hassle if you lose your key. |
Reepicheep
| Posted on Friday, March 14, 2008 - 04:43 pm: |
|
Oh, I can do it to customers! once! ;) |
|