Slashdot Mirror
Cell Phone Virus Threat Overblown
An anonymous reader writes "Symantec has come under fire for claiming that 73 percent of smart phone users are aware of viruses and attacks aimed at their handsets. Wireless company WDSGlobal described this as a scaremongering tactic, with its spokesman saying: 'If you look at the viruses out there, currently there are about 14 core viruses, the majority of which are fairly benign. They are mostly developed as "proof of concept" to warn manufacturers of handsets and operating systems or the antivirus industry about potential vulnerabilities.' But Bruce Schneier, chief technology officer at Counterpane Internet Security, believes mobile viruses and attacks shouldn't be discounted altogether, though he believes they aren't currently registering on any significant scale."
What I have gotten regularly though is spam text messages. On a HTML enabled phone (Treo), the messages are sophisticated enough so that you can click through on a URL to bring up your tiny browser.
Newsfollow.com
So many different phones. It's too hard to write anything that will run on them all. Even with write once run everywhere technology ;)
http://www.madecollective.com/
I'm sure there are people already working out how to get these programmable phones to call those phone numbers in certain countries that charge you an outrageous amount per minute. The wireless companies need to take this seriously.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
you know, the plural of virus is NOT virii, it's viruses.
Should we or shouldn't we be afraid of cellphone viruses? This is about the most confusing slashdot story I have seen in the last two hours...
Bruce Schneier, chief technology officer at Counterpane Internet Security, believes mobile viruses and attacks shouldn't be discounted altogether
WTF? Mobile viruses shouldn't be discounted? What make's mobile viruses any less potent than "real viruses"?
Viruses are viruses, regardless of the platform.
There's a large virus risk! Especially when you've got anti-virus software to sell.....
-thewldisntenuff
My MythTV HowTo
This is bull. If you stoped 1,000 people on the streat and asked them if cell phone viruses exist, 998 will laugh at you, 1 will say yes, and 1 will bable off in 1337 speak. While people has been able to make cell viruses, they aren't out there yet. Atleast not to my knowlage...
~ Mooga
Unless these cell phones start getting bad virii soon, Symantec will start to lose money. Hopefully, for Symantec, those benign virii will get modified into nasy ones by skript kiddies etc, prompting sales of Symantec mobile protection products.
Engineering is the art of compromise.
73 percent of smart phone users are aware of viruses and attacks aimed at their handsets.
The real problem is that 98% of dumb phone users are totally unaware... What?
It makes sense. It's the same reason that there aren't many Linux and Mac viruses, there isn't enough people to affect. When there is one uniform OS Smartphone and the people using them aren't limited to savvy business men.
Cell phone company says: cell phone viruses aren't a biggie, don't worry!
I'm sure the spokesperson is being very honest, too...
Now how on earth did they manage to infect all phones and read the users minds to figure out that 73% of all smart phone users know about and are worried about this viri crap. Sounds like viri marketing to try and reclaim some marketshare by throwing some majick numbers out there that don't do any good but make people worry about getting viruses on thier smart phones. Smart marketing, horrible kharma.
-Debug
I bought Cellphone AND Mac Anti-virus as a special bundle pack! Well at least I didn't waste my money on the mac protection, I mean Symantec told me I needed it...and they wouldn't lie.....right?
"viruses" is the plural
virus
PROFIT is the biggest catalyst for cell virii. National Do Not Call lists have limited several marketers from spamming cells with text & calls. THere are, however, many companies who it is not beneath to promote their product (ie, the numerous enlarge your penis/free prescription drugs/etc e-mails i get) through less than leagal means.
Maybe I should break out the tin foil hat, but perhaps it is the so called virus protection industry we really should be watching out for. With the cell phone market growing by the minute, this is one of the largest untapped markets for these companies. THink of the profits and markets they would reap if a few virii started attacking phones. Just look at the response the general populace has given simple virus protection software. This could mean add on packages for your cell, subscriptions for updates, and huge contracts with wireless service providers and manufactuers.
actually, i wish i would have thought of this first....
just my 2 cents.
Shame on Symantec for wrongly frightening us. I really do not see what harm can occur through a cellphone. Just for that I will remove Symatec from my Blackberry's address list!!
On the heterosexual AIDS "epidemic."
"Oh sure, they're just dropping like flys!"
Just like the looming Mac virus epidemic. Weird how when updating antivirus definitions, I see that Symantec regularly updates their Mac antivirus definitions. From what? One wonders if Symantec lives in fear of the Windows platform being eclipsed by a Unix type (BSD, Linux) platform on the desktop.
This guy is way out there
Can I get software for my cellphone to protect me from lion attacks?
Someone set us up the bomb, so shine we are!
Get one of those cinder block cell phones from the 70s. You'll never have to worry about viruses again.
The reason why my cell phone drops calls is not because of rampant viruses created by 30-year-old script kiddies living in their parents' basement? My cell phone provider lied to me!
Symantec is already under pressure from it's stock holders to diversify itself and expand upon the security market. They've taken in anti-spam and anti-spyware companies to beef up the privacy/security buisness, but with good, free competition thier unlikely to get where they would like to be. Buisness is good now, but no doubt the company is concerned about the future, with greater awarness of security from all ends.
I wonder if Symantec's recent statements are an act of true concern, or just an attempt to bolster sales in the exploding hand-held & mobile market?
but maybe this post IS serving symantic, et. al. i mean, we're all talking about it, and this is on the front page of slashdot, for crying out loud. so someone who may not be as technologicly knowlagable as some others sees this, thinks, 'oh man, cell phone virus?!' and goes out to try to buy 'Symantic antivirus for motorola cell phone' or whatever. and they tell their friends, who tell their friends, etc.
And all of the other benign proof of concept bugs have caused no damage at all. I mean look at blaster, and slammer, and code red, and...
I want a new world. I think this one is broken.
Ok guys, we need to be consistent...
If Microsoft said that the threat of viruses against its OS was overblown, in the face of Symantec, we'd be up in arms vs MS.
Are we really supposed to be up in arms against Symantec for saying that cell phones are vulnerable?
Since when is it not a problem just because none of the viruses do anything malevolent yet? What is this, security through hoping the problem goes away?
Also, we're suppose to beleive a telecom over Symantec? I'm not saying that Symantec has nothing at stake, but sheesh, since when do we believe everything that the telecoms tell us?
My Nokia 3650 crashes every few hours anyway. Like a virus would make it any worse...
The solution to this problem is easy. Turn off your damn bluetooth. Some dumbasses (read: Paris Hilton) leave it on all the time, which means any idiot can come along and hack/infect your phone/PDA. If you just leave bluetooth off, except for when you need it, you will significantly decrease (if not illiminate alltogether) the threat, as well as increase your battery life.
To those who will no doubt argue that they need their bluetooth headset:
Headsets/handsfree is meant to be used in situations where you need your hands. (driving, working...) Generally, you don't need your hands while in public places, so when in public places make sure you have bluetooth off and don't use your headset. Since public places are where you will most likely get infected, this is the best bet of safety.
Just because it's a feature, doesn't mean you have to use it!
...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
Seems the egotistical owner of the whiteboxlinux.net and whiteboxlinux.com domains has decided to offer them on ebay as some sort of peace offering between himself and wbel.
This is really great news so lets hope someone with WBEL enthusiasm steps up to build a nice community site.
Let the bidding begin.
This is a big red warning flag if anything. Overblow it if only to vastly improve mobile device wireless security, which at the moment is somewhere between not present and just asking for it.
And luckily, my phone is too crap to be compramised, woohoo!
Luck favors the prepared, darling.
Since there are so many different proprietary phone OS's out there, (even the same phone from Samsung, one being CDMA, one being GSM, uses different hardware and different OSs), I don't think phone viruses will ever be much of a threat. Because the people carrying Symbian smartphones are still rare, and some of them only affect UIQ (p800/p9xx SE) and some of them only affect Series 60 (Nokia) phones. Also, most of them are harmless, and you can always turn Bluetooth off. But still, with there being a dozen phone manufacturers and little compatibility between phone OSs, I don't see phone viruses ever being much of a threat.
One of the ways MS "adds value" to their offerings is to add in third party stuff into their base package. They've added mail, web browsing, editors etc to their base OS offering. There is nothing stopping them adding virus scanning etc. If Symantec's stuff was delivered for free by MS, then Symantec will surely die.
Engineering is the art of compromise.
That will keep everyone happy and then Symantec can market yet another tool to protect users against the Grammar Police and Miss Grundy...
Oh well, what the hell...
"Cell Phone Virus Threat Overblown"
It's too bad this isn't fark.com so someone could have stuck an [obvious] tag in front of that headline...
This tagline is umop apisdn.
Ten years ago, viruses on PCs were uncommon. Now it's all we can do to keep a machine from being rooted in minutes. While the infrastructure of mobile companies is well NAT'd, the possibilities of people inadvertently getting snarfed is really high. There are five OS makers out there for mobiles, none of which do anything at all to warn users about possible hijacks, phishing schemes (how about emulating that Coke machine that someone wants to buy from?), viruses, and/or data theft (Hi Paris!) and other threats.
Where Symantec is invested in making us paranoid, why not act now, rather than patch phones until we're blue in the face, like we do with PCs? I really disliked Symantec's other seemingly bogus announcements about threats where they don't exist, but with mobile use approaching a billion users, it's just bound to happen and with widespread panic.
Imagine not wanting to use your mobile because you're worried about what might happen. Imagine getting popups, or very unexpected use from a hijack. Or having your authentication swiped then charged up the yang in the next few minutes. Sound like fun? It will happen. Or: just ignore it. It'll go away. Those bad people won't hurt you on your mobile.
---- Teach Peace. It's Cheaper Than War.
F-Secure tells, that you need to answer YES four time before you get infected. From F-secure's page: "So how come anybody ever gets infected by it if you have to click "Yes" so many times? Well, we've spoken to many people who've actually been infected, and they typically explain it like this: They got this weird message on the phone, requesting a "Yes" or "No" answer. So they clicked "No". But the message popped up immediatly again. And they clicked "No" - only to see the message pop up again. And since "No" didn't seem to be working, they clicked "Yes"... The message would have disappeared if they would have walked away from the area where they were (to get out of the range of the infected phone), but there's no way for an end user to know that." http://www.f-secure.fi/weblog/
The truth or interpretation..
I have trouble understanding why companies like Symantec are treated with so much authority by various media as security experts. Whether you know about computer security or not, Symantec clearly have a solid commercial interest in making people feel as paranoid as possible about using any domain in which Symantec might be able to sell them something. Simply knowing that should ring some alarm bells for any respectable journalist.
Symantec, as with several other similar companies, have latched on big time to patching over other people's shoddy security practices to the point where the entire purpose of their business is to provide temporary fixes for someone else's recurring mistakes. (Mostly Microsoft, in this case.) If Microsoft decided to make Windows more secure in certain places and thus make less mistakes, as they have been doing recently, the whole business model of security companies becomes much more flakey. It says something about the improvements that Microsoft is making when you start to see these companies branch out by announcing that other platforms (eg. Mac, cellphones, etc) might have some "shocking" security holes that (surprise surprise) could be fixed by using their products.
I think it's great that former virus scanning companies have decided to re-identify themselves as "security" companies, because it implies that they don't see their future in the potentially obsolete dead-end trade of scanning people's disks and incoming emails for viruses. It's silly, however, to take a lot of their press releases factually and seriously when they're "coincidentally" making their products appear more useful than they might actually be.
Symantec can provide all the security products that it likes, for as long as there's a demand for them. I don't doubt that its products are useful in many situations, but I'd much rather get risk assessment information from independent security experts. The laziness of many journalists would be astounding if it wasn't such a common thing -- they're just being mouthpieces for the corporations.
Anyway, it's nice to see Symantec's claims actually being disputed, although it's worth noting that the organisation disputing it clearly has its own commercial interests in reassuring people that phones are safe.
You have no idea what's going on in Africa? Dozens of millions of straight people have AIDS. It's a big deal.
Just because we don't usually have open sores here to speed transmission, we wash more often, and we use condoms to avoid babies does NOT mean you can scooff at the idea of a straight AIDS epidemic without looking like a fool.
Read http://www.vmyths.com/
The site may be shrouded in spyware ads now, but Rob the author knows his AV, and had the FBI NIPC pegged before they became known for allowing 9/11 to happen, and do little to prevent the spread of worms since its inception.
He's reported for at least 5 years on the corruption in government and the AV industry when it comes to their stance on viruses. They don't give a damn, they just want your money.
Saskboy's blog is good. 9 out of 10 dentists agree.
Symantec isnt pushing fearmongering, thats just silly. Symantec has nothing to gain from people being fearfull and buying more virus software and upgrading subscriptions.
Now the people at Norton on the otherhand...
Mike
I heart the RIAA & MPAA, im sure its mutual...
Typical cell phone will not have any anti-virus, how can we detect and erase it?
can't read, too many virii...
At a Prodigy concert, mid sized, lots of rich people having "cool phones", Istanbul. 5000 or more.
:)
:)
I had 3 Cabir requests on my Nokia 7650. Yes, I forgot the bt discoverable. Funny is, that 7650 is my brothers one and I didn't have clue they have viruses. I remember I was thinking "Why the hell you want to send a symbian application in a 10.000 watt concert?"
BTW, I wouldn't buy Symantec stuff, I would go with Frisk's F-Prot. Forget everything, its geography. If you buy anything phone related, check North Europe companies first
First let's get the terminology clear:
A virus scanner stops viruses before it infects the computer. Once your infected the virus scanner is worthless.
Worms and hijacks install themselfs, trojens are easy to make before you're detecting one there are 5 new varents.
However the anti-virus industry has come to use the word "virus" as a catch all.
Malware is the proper term.
What we've learnned from REAL viruses is that a well designed and secure operating system is reistant (but not immune) to attack.
It's harder to make a virus for Unix than it is for Windows. It CAN be done but it requires a security defect to work.
The great Internet worm infected BSD based computers. About 90% of the Internet at the time. Zap. Anything else was perfictly safe.
The lesson here?
Wait there is more.
The virus industry dose report that Windows is the target of choice becouse of the large userbase.
Ready? Yes?
Divsersity.
Look at your phone. Look at your friends phone. Now keep going. Odds are good your friends all use diffrent brands with diffrent operating systems.
Presumably those operating systems use some form of user security. Most at least run from rom or run all software in isolation of some sort.
Cell phone malware can exploite a defect in the security of one brand. Maybe an SMS exploite. Then transmit to your friends all of whom use diffrent phones than you. Dead end. Shut your phone off take it back to the store and get a replacement.
Palm Os and WinCE might have some consern as they are a bit more than cell phones and the market is still split between Palm, WinCE and Linux (with Linux having a very small peace of the pie). A virus has an almost 50-50 chance of working. Worth a shot.
But with cell phones your in a dead end and so long as there remains divsersity in the cell phone industry this will remain the case.
Also avoid Blackburry. It's a poor design.
I don't actually exist.
Maybe they meant "smart-phone users", as users of "smart phones", indicating UMTS, Bluetooth or somehow advanced mobile phones that allow some form of virus. In the same article there are other two instances of usage of the phrase "smart phone".
I agree the 74% figure is total bull though, no matter the sample.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
I notice that even Graham Cluley of Sophos is downplaying the threat(link)
The latest gadget news and reviews. www.absolutegadget.com
Just like in UEFA's case when they defend not to implement better/technical ways to help referees so people have something to talk about after the games, it looks to me that users are not all that worried about having their cell phones hacked by strangers, otherwise they would do something about it.
See for example when people in a bar star sending Bluetooth Cards to unknown present phones, just for the fun of getting involved with someone they don't know.
This doesn't mean that companies should not enforce better coding in their phones.
What it means is that by broadening the usage of such gadgetry, people tend to behave with it like they do when they choose their closes.
So if someone chooses to show some more skin on the street, it is a undeniably behaviour to attract others to them.
It's a little far fetched, but psycho-social behaviour should also be taken in account.
After all, we are just humans.
I am portuguese. If you think my written english is bad, try posting in portuguese!
After listening to Bill Gates interview to Engadget, and taking a look at today's Portuguese newspapers, this is what I found out:
- News papers repeatedly state that this virus are a threat "only for the Symbian OS";
- Bill Gates seamed very keen on the development for is new smartphone/pda OS convergence.
Maybe, just maybe, PR companies are making this all more then it should be in favour of Microsoft.
I am portuguese. If you think my written english is bad, try posting in portuguese!
that's what they said about AIDs too...
This sig has been removed pending an investigation.
Ten years ago, 1995, the transports were boot sector viruses, and occasionally executables masquerading as something else.
Today, malware comes in many forms, ranging from RPC attacks/port probes, through to the most common exploit-- email. Add on top of that, browser infections, executables loaded by duping the user (and so on). Fewer than 1 in 10 had email in 1995, and the Internet was barely alive with a pulse. Today, we have multiple transports-- and perhaps five times the users and a far higher international penetration of PCs.
The same can be said for mobiles. And now they're a group that seems to be on the list for buggering.
---- Teach Peace. It's Cheaper Than War.
Did you read the report? They weren't saying that 73% of users were exposed to attacks, but rather that 73% of users were aware they existed. The point of the report was that right now, early adopters are using these things and they are pretty savvy, but as time goes on and the tech level of the user drops, the problem will be a greater concern.