Slashdot Mirror
Anti-virus Vendors Eye Cell Phones
coastin writes "Are cell phones and handheld devices the next big market for anti-virus software vendors? While there have been more than 150 cell phone viruses discovered since 2004, compared to over 150,000 Windows PC viruses the count seems low at this time. Marketing researcher Gartner suggests a widespread attack could surface by the end of next year. With the number of cellular devices sold in 2005 far beyond that of Windows PCs and no choice of anti-virus protection for most cellular device customers, should the cell carriers listen more closely to the anti-virus vendors?"
I can now spend 30mins removing norton from my customers mobile phones aswell! yay!
Most people have no idea what they are doing, and are silently panicking on the inside.
How would an AV scanner affect my battery life? Would it constantly run residently, waiting for me to download something? If it halves my battery, no thank you.
It's like sex, except I'm having it!
what is this world coming to when we need to get antivirus for a stupid phone. I hate all the gadgets that phones have nowadays. Give me a good old regular phone, no color screen nothing fancy, just a phone that has good battery life and good service
http://www.tech4free.com/default.aspx?r
...using my cell phone, not only do I have to worry about running up a bill, but I have to worry about hearing AIDS? :P
I've personally seen just one infected S60 phone. The owner had hit 'No' a couple of times, then just "yes yes yes really yes ok ok ok yes" to get rid of the requesters.
Stupid people should not have ANY control over their hardware.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
If you're like me, and believe that at least half of the viruses out there are made by the anti-virus corporations to convince you of the need to buy their software, then this is bad news indeed!
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
Wasn't nortons on this kick a few months ago? Anyway, turn off Bluetooth when your not using it (maybe a quick enable button on the phone its self?), and don't open email on your cell phone....seems pretty stimple to me. Of course so do the policies to keep them off your PC too.
They would have to create one. Microsoft is going to eventually shut down their most lucrative market since consumers are more likely to trust Microsoft's own virus solution rather than pay a 3rd party. (I'm not saying that it is actually true that Microsoft is a better security guardian, but that's how average people are likely to react.) So the virus software vendors are about to become frantic for an alternate source of revenue.
Not that I support censorship in any way, but do not the cell companies have very tight control over their networks, and thus the data flow over them? What's to prevent them from disallowing certain data (i.e. known viruses) from flowing to their customers?
<sarcasm>I mean honestly, can't they just check the evil bit?</sarcasm>
-dave
http://millionnumbers.com/ - own the number of your dreams
Now the anti-virus companies are targeting cellphones?
Guess I should keep my cellphone inside a firewall from now on.
Let's wait for some real cell phone viruses before we all freak out.
Ant-virus? Let's hope this isn't as bad as the bird flu...
I bet there will be a widespread virus attack by the end of next year. That's when symentic will have finished writing, testing, finding a solution for it.
Maybe it's time to go back to the zack morris cell phone. SUre it's a little bigger but I want to see someone write a virus for that thing.
Evolution or ID?
People have suggested there should be a way for users to disable access from media rich content to access dialing out and resending or touching addressbook etc.
.. for maybe a small fine or lockout or something.
Not sure why the cell manufacturers dont do this.
Like a sandbox basically. And no, apps being able to ask a user "should this app run?" type questions won't suffice. Many people continue to download and install crap even after IE asks them this. Most people will say still yes without knowing or understanding the ramifications. Heck a virus can priovide complex instructions If viruses spread after a user expressly consents then they're sorta responsible
So i better go for the linux phone rather than a window pocket phone
If I was more conspiracy minded, I'd think the AV vendors have been planning this for years... :-)
This why I love the various Live-CD Linux (& BSD) distros, you know that if the worse case scenario happens and you get infected, you shut it off
(ignoring anything potentially lurking in the flashBIOS)
Karma: Excellent. 15 moderator points expire sometime.
Part of the reason I don't use anti-virus software, other than because they slow down and hamper your computer, is because they are the ONLY corporate entity that literally have it in their self-interest for a virus to show itself once in a while on your computer. I'm not saying they write the damn viruses (I'm not saying they don't either) but I do think they try to make sure something will slip by once in a while, just to keep it in the public's mind that they need this software, so that they'll keep it installed and pay for upgrades.
Of course on my linux side I have no virus problems, but it's also been ages since I've dealt with a windows virus, because I keep things updated and use better web browsers and email clients, and I also strongly suggest the same practises to people I know, people who I know will come to me for help when they get one. Viruses just aren't a problem if you use your computer intelligently and remain somewhat suspicious of odd behaviour.
All I'm saying is that it's sort of counter-productive, if you think about it, to have an entire industry who's very existance depends on malware, and who, if they are doing their jobs, would eliminate their very reason for being there in the first place. (Sure, the police are the same thing, but that is exactly why the police are a public entity, and not corporately owned.)
How can cellphones catch viruses in the first place? How defective is our software engineering that viruses can exist in the first place? How in the hell does something like a buffer overflow ends up running code?
Cell phone viruses will not be as big an issue as PC viruses. PC viruses generally target Windows, which is on 95% of PCs. Each phone virus would have to target a particular cell phone platform, thus limiting the scope of the attack.
http://www.f-secure.fi/wireless/ I'v got it on my 6630, and the main problem is that it eats quite a bit of memory when it's running.
I work at a Nokia Service Point,
we get people with infected phones every day,
some people lost a whole lot of money because of the virus,
that sends random text messages to everyone listed in the phonebook.
it's been getting worse since november 2005.
Only Nokia's have been seriously hit in the last few months it seems,
but i expect that to happen to other phones with bluetooth enabled as well.
I'm sure Verizon would be very interested in cell phone virus software if it can help them continue to prevent customers from using software other than Verizon's own software.
But I doubt that such software would be used to improve service or reliability from the customer's point of view.
It would seem to me that it makes more sense to keep the virus from getting through in the first place that waiting until it was on the phone to deal with it. Virus scanners tend to be a bit intensive and despite the relative speed gains in processing, the sheer number of things a phone's virus scanner will have to scan for may make it impractical.
GetOuttaMySpace - The Anti-Social Network
Why does my phone need to have the ability to execute malicious code in the first place? A phone does not need a web browser, chat client, and e-mail client. A phone certainly DOES NOT need any sort of scripting engine. Why did the cell phone manufactures go and add vulnerabilities into the phone in the first place?
There is no reasonable defense against an idiot with an agenda
:wq
A notable Cell Phone virus is going to have to arise before people will be bothered to install an anti-virus. If you asked most people what the thought of the possibilty of Cell Phone viruses, they'd probally look at you as if you had 3 heads. They think of their Cell Phone as they do their Toaster, or their Television, not as their Computer. It's going to be a hard sell for companies if there is no problem to solve.
Some of these antivirus companies are gonna have to buckle down and write some good viruses, or they're never going to crack the market (You know they do).
I'll be quite interested to see the prices of these antiviruses when they come out, and the cost to keep them "updated". Oh, there's a huge virus out that will wipe your blackberry, whats that? You're from New York but you're in California on business? I guess you'll just have to suffer the roaming charges. Yeah, right.
Fractured Element
If WinCE becomes dominant the way it has on the desktop, then yes, there will be viruses galore.
If Linux were to become dominant, the situation wouldn't be quite as bad (fewer viruses) but the ones that came out would hit harder since fewer phones would be protected against them. Same for Java or whatever other non-Windows thing.
If the market remains splintered in terms of OS, that would hinder viruses from spreading. Most high-profile markets tend to consolidate around one or two big players, and as cell phone technology matures that will probably happen there, too.
That's why I shudder when Cingular (?) advertises the "first Treo that runs Windows programs, just like your desktop". Give me the PalmOS model, please, so I can run apps meant for PDA screens, not a 19-inch monitor.
And if WinCE dominates, I won't have to worry about viruses on PalmOS.
sigs, as if you care.
... as long as the viruses are spamming other cell phones the cell phone companies stand to benefit (revenue-wise...assuming they charge for each message sent or received).
A phone does not need a web browser, chat client, and e-mail client.
Mine does.
Next.
That's about 150 more viruses than have been discovered for Mac OS X in the same time frame and yet they market anti-virus software for the Mac, so why not for cell phones.
Markets aren't built on reality, they are built on perception of reality; most cell phone users use Windows and are used to viruses on Windows so they will easily buy into the notion of the cell phone being just as vulnerable to viruses as their desktop computer is.
Oh no, first bird flu, now ant viruses!
So "Virus Scanners" for cell phones today will only protect against those ~150 threats that exist today. By definition, you can not protect against all future threats today (because if you could, your OS provider would have already done so).
Once threats become more widespread, the concept of a "Virus Scanner" will become more plausible.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
I know the idea of White Lists have been mentioned before, i'm wondering why nothing has been done with them? their cost benefit ratio when compared to antivirus software, and black lists seem to leave them as the better option.
So why is this not being considered, or implemented?
Kyle
( background info: white lists )
Anti-Virus Company: Oh look the market is saturated Mkting Company: There were 150 Virii found in cell phones in a 20 month period. Anti-Virus Company: Oh look exploitable virgin territory...Get the coders on it! Mkting Company: Let's start with bringing a campaign that promotes fear and distrust, spawns bored coders to try something new, then we can saturate the market with more useless information and solutions to a niche area. Yay, more of my money, my time, and my life being sucked down the tubes... I hate the crap they come up with to distract us with....
I agree with this...to a point. The problem with Cell-Phone viruses is that a 'virus coder' would have to code for multiple operating systems on a phone, symbian, blackberry, palm, windows mobile 5, etc...and I'm not sure if that would be such an easy task... What would this accomplish? Also they would most likely have to code a virus that would spread across multiple carriers, etc. What I 'do' see a rise in, is more identity theft/security issues resulting from blutooth sniffing, wifi-traffic (for wifi enabled smartphones), and just plain dumb people who get the latest Sidekick and don't bother setting up basic security.
I have participated in one of their "surveys" and received a "summary" of the results. The questions seemed loaded tending to push the answers to favor whom I suspected paid for the survey. Not suprisingly, the results confirmed my suspicion. This paper sounds like the same sky-is-falling crap that was Y2K. It would be interesting to go back and see what these "analysts" said about that.
Having my phone (a Treo, actually) destroyed would be the least of my concerns. Having my phone dial a big$ 976 number, or scam line in some strange country would be worse. Alternatively, having the virus gather numbers, email addresses, etc, and forward them to spammers or other marketers would also suck in a fairly big way.
Just another way for the Anti-viri companies to bilk money from the average non-tech-type. IMO every anti-virus company has a small team in a seculded part of the building writing the virus and releasing it into the wild . . . it's job security.
"You were expecting something witty here ?"
As long as the consumer can choose between: a) Cell phones which do not get viruses b) Cell phones which do get viruses and as long as an evil monopoly doesn't make every choose option b... God, I just hate anti-virus companies.
WTF does anyone stand to gain by compromising my cell phone? Do they want my free weekend minutes?
As if I needed another reason not to upgrade my 3 year old nokia. No camera, minimal PDA function, no link to PC or thar intarweb. It's durable, and it's a fucking phone!!! Jeez.
"With the number of cellular devices sold in 2005 far beyond that of Windows PCs and no choice of anti-virus protection for most cellular device customers, should the cell carriers listen more closely to the anti-virus vendors?" The cell phone vendors really should listen, because they are about to get extorted the same way that pc users have been for the last 15 years. It is obviously in the anti-virus industry's best interest to secretly fund the development of new viri. In order that the company may operate under the leagal osposis of offering "protection" Now what does this sound familiar to? Oh and in other news, the Sorpranos are comming back for the 6th season in a few weeks.
I just want a phone that I can use to talk. When anti-virus vendors come knocking on my door, I know that my phone is getting too complex. Putting every possible feature on my phone is not doing anything to simplify my life. It's just making technology more of a pain to deal with. What ever happened to the old days?
There aren't tons of exploits for phones. Only a few of the Smart Phones run Windows Mobile (which is arguably the only one that going to get many exploits), and even then the ability to communicate with the outside world is so limited that there aren't that many viruses.
Add to that the fact that there are multiple underlying architectures, and a company that is bound by the FCC to enforce fairly strong limitations of their commications devices, and you get a pretty tightly controlled system.
Heck, my phone won't even let me send packets with any non-approved apps.
And as for regression testing, have you even used a cell phone? These are hardware devices that were...hold on let me reiterate that HARDWARE. That means that there are tons and tons of regression tests. Because when hardware crashes, you don't often get a nice friendly "its crashed, so I need to restart." You get a horrible, nonresponsive "Its broken, and I want another one for free."
Mod me down and I will become more powerful than you can possibly imagine!
Look, unlike many (most?) here, I use Windows, I ::gasp:: even like Windows. Or at least I like it enough to deal with some of its antiquated architecture (which is why I believe that the platform has these security issues [though certainly there are other reasons as well]).
Cell phones are relatively new. Programmable cell phones are VERY new. There are no backward compatibility issues; on top of that, by their very nature these things contain somewhat sensitive data. Why aren't these things being designed to be more secure from the ground up?!
Download free e-books, lectures, and tutorials at bookgoldmine.com
If I have a cell phone that is either not internet-enabled (or that I do not use to browse the internet), and has no bluetooth, what do I need antivirus software for?
Trying to sell me antivirus software for my cell phone is like trying to sell winter coats to Ecuadorians.
Web 2.0 == Giant Blogspam Circle Jerk
please?
... so, if the cellphone virii matures to that of its PC counterparts... I might see on my bill, calls made to the target of a DoS attack?
Wasn't there a virus that was supposed to DoS the Windows Update website on some date in February? If that was done on phone... Hmm.
Creating a market for themselves. You have to ask yourself, what exactly are they doing releasing frequently updated antivirus definitions for OS X?
This guy is way out there
Disclaimer: I work for a mobile antivirus company
Viruses on mobile devices has been around for a while now - about a year I guess. The primary platform we see them on is the Symbian OS based devices, there are a few Windows SmartPhone ones as well but I don't personally deal with that so I can't comment.
There are only a couple that qualify as true 'viruses', i.e they can actually spread, and only one of those can go very far (CommWarrior - sends itself in a MMS message to your friends with a bit of text encouraging them to install it - much like many PC viruses do with email). No virus to date has got around the user having to agree to install it - but hey that doesn't stop windows viruses - you just have to have the right social engineering to convince users to do it.
So far, most of what we have seen is written by amatures/script kiddies in places like russia and south east asia. The couple of effective viruses (CommWarrior, Velasco based Cabir) were written by professionals, mostly to demonstrate what can actually be done, and then duplicated with minor changes by the script kiddies. Velasco is a prime example - a professional researcher in Brazil wrote it and released the source code, people everywhere changed a couple of strings and recompiled it - many even managed to break it in the process - that's how 'good' they are.
Do we, as an AV company, write viruses?
No - I wish we had time to do anything other than deal with the absolutly overwhelming number of crappy variants of existing viruses actually.
Are network providers doing something to help?
Some are - most have the ability or are adding the ability to scan MMS messages, scanning network traffic (such as GPRS traffic) is possible, but expensive - and pointless from the AV view because there are no network based virus attacks yet. But the most common way people infect themselves is but sending infected content to their phone from their PC - usually it's stuff from web sites claiming to be cracked mobile games etc. The network operators can do little to stop this.
Will there be a 'big event' soon?
I doubt it
Isn't this a storm in a teacup? these viruses don't actually do anything serious right?
Well, I would say having to re-format my phone and re-enter all my network settings, email settings, contacts, etc is fairly serious.
Why do Americans get screwed on mobile devices so much?
I dunno - what's with this 'pay to receive unsolicited messages and phone calls' crap? seriously? - who would sign up for that? No one else in the world does.
Even if you get a virus on your phone, there's no way the virus will auto execute on the your Symbian S60 smartphone without you knowing it unless you downloaded that cr*cked game.
Cheers!! Abdul Aziz
"Marketing researcher Gartner suggests a widespread attack could surface by the end of next year." - Slashdot "According to the authors, a fast-spreading phone virus or worm is *unlikely* to appear before the end of 2007." - Article referred.
Typing this is sure slow on this Voda703. But this browser is so bare that what are you going to exploit?
But if they have A/V for cel phones, what is next? WinPhone AutoUpdate? I can see it now, in the middle of a 911 or $6mil business call: "Your phone has been updated, the phone must be rebooted now to continue."
Personally, until mobile wireless broadband (e.g. HDSPA, EVDO, etc.) services become more pervasive and not to mention MUCH cheaper, I don't think there will be a huge problem. Viruses don't spread through the air - they would require the terminal device to be active and connected.
Assuming a piece of malware could activate the data radio at pre-determined times (e.g. late at night), it could really run up the bill for those who don't have unlimited data plans.
Another avenue of attack, which I see as most likely in the near future (especially for pocketPC users) are malicious websites. Not a whole lot of research seems to be going on in mobile vulnerability development, but when research increases, there will be a problem. Of course much of the research will probably be funded by the AV companies or their subsidiaries. I'm sure you've seen the job postings for security engineers and researchers at companies like symantec so don't deny it.
Now that mobile networks and fixed networks are converging, they really resemble fixed networks, thus controls that work on fixed networks will probably work on the mobile networks with little modification.
Firstly, terminal devices, especially J2ME capable ones have reasonable controls by way of very granular permissions that are found in any java runtime environment. I'm not however aware of how extensive the controls are at the OS level. If operators are smart, they will be rather restrictive with these permissions.
Lastly, network controls need to be in place. Perhaps this will be a good use for Unified Threat Management firewalls, which could possibly be placed at the Base Station Subsystem (BSS) level.
The next 12 months will be very interesting. I certainly don't look forward to having to install Norton AV on my Samsung i730!
Gives them an excuse to impose BREW2 or similar signing technology to keep independent applications out. Such signing methods are of no real benefit to the user, but of significant benefit to the carriers, so they have to come up with a flimsy excuse to force it on you...
We should take all their staff, and send them off in a big spaceship, to the farthest corner of the galaxy, along with other useless types like hairdressers, advertising execs, and middle-managers.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Cellphone application, with internet in general, have had a bad history with me. Other than one phone I hacked up with some 3rd-party apps, the only time I've really managed to screw up a phone software-wise was browsing (on my providers site, for phone #'s I believe). Web browsers on phones are hardly a tried-and-true technology, and the thought of adding more software, and things such as AV software frightens me. There have been a few incidents where I've strongly linked poor behavior and errors not to viruses, but the hugely resident antivirus/security programs. In particular, the security suites from companies such as McAfee and Symantec as extremely intrusive... I'd hate to have to deal with something similar on a phone.
And to take it a bit further into the area of speculation... how soon after cellphone AV programs become common can we expect to see larger cellphone virus outbreaks. This wouldn't surprise me.