Slashdot Mirror
Anti-virus Vendors Eye Cell Phones
coastin writes "Are cell phones and handheld devices the next big market for anti-virus software vendors? While there have been more than 150 cell phone viruses discovered since 2004, compared to over 150,000 Windows PC viruses the count seems low at this time. Marketing researcher Gartner suggests a widespread attack could surface by the end of next year. With the number of cellular devices sold in 2005 far beyond that of Windows PCs and no choice of anti-virus protection for most cellular device customers, should the cell carriers listen more closely to the anti-virus vendors?"
I can now spend 30mins removing norton from my customers mobile phones aswell! yay!
Most people have no idea what they are doing, and are silently panicking on the inside.
How would an AV scanner affect my battery life? Would it constantly run residently, waiting for me to download something? If it halves my battery, no thank you.
It's like sex, except I'm having it!
...using my cell phone, not only do I have to worry about running up a bill, but I have to worry about hearing AIDS? :P
I've personally seen just one infected S60 phone. The owner had hit 'No' a couple of times, then just "yes yes yes really yes ok ok ok yes" to get rid of the requesters.
Stupid people should not have ANY control over their hardware.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
If you're like me, and believe that at least half of the viruses out there are made by the anti-virus corporations to convince you of the need to buy their software, then this is bad news indeed!
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
Wasn't nortons on this kick a few months ago? Anyway, turn off Bluetooth when your not using it (maybe a quick enable button on the phone its self?), and don't open email on your cell phone....seems pretty stimple to me. Of course so do the policies to keep them off your PC too.
They would have to create one. Microsoft is going to eventually shut down their most lucrative market since consumers are more likely to trust Microsoft's own virus solution rather than pay a 3rd party. (I'm not saying that it is actually true that Microsoft is a better security guardian, but that's how average people are likely to react.) So the virus software vendors are about to become frantic for an alternate source of revenue.
Not that I support censorship in any way, but do not the cell companies have very tight control over their networks, and thus the data flow over them? What's to prevent them from disallowing certain data (i.e. known viruses) from flowing to their customers?
<sarcasm>I mean honestly, can't they just check the evil bit?</sarcasm>
-dave
http://millionnumbers.com/ - own the number of your dreams
Let's wait for some real cell phone viruses before we all freak out.
Ant-virus? Let's hope this isn't as bad as the bird flu...
I bet there will be a widespread virus attack by the end of next year. That's when symentic will have finished writing, testing, finding a solution for it.
Maybe it's time to go back to the zack morris cell phone. SUre it's a little bigger but I want to see someone write a virus for that thing.
Evolution or ID?
So i better go for the linux phone rather than a window pocket phone
If I was more conspiracy minded, I'd think the AV vendors have been planning this for years... :-)
This why I love the various Live-CD Linux (& BSD) distros, you know that if the worse case scenario happens and you get infected, you shut it off
(ignoring anything potentially lurking in the flashBIOS)
Karma: Excellent. 15 moderator points expire sometime.
Part of the reason I don't use anti-virus software, other than because they slow down and hamper your computer, is because they are the ONLY corporate entity that literally have it in their self-interest for a virus to show itself once in a while on your computer. I'm not saying they write the damn viruses (I'm not saying they don't either) but I do think they try to make sure something will slip by once in a while, just to keep it in the public's mind that they need this software, so that they'll keep it installed and pay for upgrades.
Of course on my linux side I have no virus problems, but it's also been ages since I've dealt with a windows virus, because I keep things updated and use better web browsers and email clients, and I also strongly suggest the same practises to people I know, people who I know will come to me for help when they get one. Viruses just aren't a problem if you use your computer intelligently and remain somewhat suspicious of odd behaviour.
All I'm saying is that it's sort of counter-productive, if you think about it, to have an entire industry who's very existance depends on malware, and who, if they are doing their jobs, would eliminate their very reason for being there in the first place. (Sure, the police are the same thing, but that is exactly why the police are a public entity, and not corporately owned.)
totally - and imagine your phone going down in an emergency. Regardless of all the crap running in the background (32-bit os, blah blah), they should still make them so it can always make regular calls, no matter what happens.
"You know you don't act like a scientist, you're more like a game show host." Dana Barret
I agree. That's like buying a TV with a built in DVD player, VHS, Stereo receiver, gaming platform, and computer all in one package. One part of it breaks and you're out all those devices or paying an insane repair bill and probably going to lose data anyway.
I'm all for nifty gadgets, but I see way to many damaged/broken cell-phones to imagine why someone would spend upwards of $500 for a phone.
The really sad part, though, is that the developers can't even secure something as simple as a damn phone.
I'd also second all the other posts up noting the problems AV software causes with so many systems - and the inhereit threat of AV companies simply developing for a platform seems to mysteriously bring forth viruses. I don't think AV companies make the viruses, personally. But they provide a platform where virus authors gain recognition of sorts, an inspiration if you will.
Personally, I'll stick to my very basic phone - which when destroyed or damaged is no biggie as I'll spend a whopping $50 replacing it and lose no data at all.
I'm sure Verizon would be very interested in cell phone virus software if it can help them continue to prevent customers from using software other than Verizon's own software.
But I doubt that such software would be used to improve service or reliability from the customer's point of view.
It would seem to me that it makes more sense to keep the virus from getting through in the first place that waiting until it was on the phone to deal with it. Virus scanners tend to be a bit intensive and despite the relative speed gains in processing, the sheer number of things a phone's virus scanner will have to scan for may make it impractical.
GetOuttaMySpace - The Anti-Social Network
Why does my phone need to have the ability to execute malicious code in the first place? A phone does not need a web browser, chat client, and e-mail client. A phone certainly DOES NOT need any sort of scripting engine. Why did the cell phone manufactures go and add vulnerabilities into the phone in the first place?
There is no reasonable defense against an idiot with an agenda
:wq
A notable Cell Phone virus is going to have to arise before people will be bothered to install an anti-virus. If you asked most people what the thought of the possibilty of Cell Phone viruses, they'd probally look at you as if you had 3 heads. They think of their Cell Phone as they do their Toaster, or their Television, not as their Computer. It's going to be a hard sell for companies if there is no problem to solve.
Some of these antivirus companies are gonna have to buckle down and write some good viruses, or they're never going to crack the market (You know they do).
I'll be quite interested to see the prices of these antiviruses when they come out, and the cost to keep them "updated". Oh, there's a huge virus out that will wipe your blackberry, whats that? You're from New York but you're in California on business? I guess you'll just have to suffer the roaming charges. Yeah, right.
Fractured Element
I won't pretend to know anything about Cell Phone security or architecture, but it would seem to me that with the recent influx of so-called "Smart Phones" that run J2ME Apps and support web browsers are inherently less secure than your standard cell phone. A cunning programmer could easily exploit holes in your phone's browser to run a J2ME app that completely and utterly destroys your phone.
Now, that's purely speculation, but that's one possible way I could see your phone getting infected.
-WeAz
If WinCE becomes dominant the way it has on the desktop, then yes, there will be viruses galore.
If Linux were to become dominant, the situation wouldn't be quite as bad (fewer viruses) but the ones that came out would hit harder since fewer phones would be protected against them. Same for Java or whatever other non-Windows thing.
If the market remains splintered in terms of OS, that would hinder viruses from spreading. Most high-profile markets tend to consolidate around one or two big players, and as cell phone technology matures that will probably happen there, too.
That's why I shudder when Cingular (?) advertises the "first Treo that runs Windows programs, just like your desktop". Give me the PalmOS model, please, so I can run apps meant for PDA screens, not a 19-inch monitor.
And if WinCE dominates, I won't have to worry about viruses on PalmOS.
sigs, as if you care.
... as long as the viruses are spamming other cell phones the cell phone companies stand to benefit (revenue-wise...assuming they charge for each message sent or received).
A phone does not need a web browser, chat client, and e-mail client.
Mine does.
Next.
Bad analogy. Your home media centre doesn't need to be portable. Convergence works for portable items, as you get more functionality per ounce. You might carry a phone, a pda, and a mp3 player. I don't.
The really sad part, though, is that the developers can't even secure something as simple as a damn phone.
I'd take this discussion with a pinch of salt. There are several companies selling anti-virus solutions for the Pocket PC platform which I use. Small problem...there aren't any viruses except for one "proof of concept" which is basically a program that copies itself. Wow. I'd love to see what their virus signatures are looking for.
Just because people are selling software, it doesn't mean it's required. Winfixer anyone?
That's about 150 more viruses than have been discovered for Mac OS X in the same time frame and yet they market anti-virus software for the Mac, so why not for cell phones.
Markets aren't built on reality, they are built on perception of reality; most cell phone users use Windows and are used to viruses on Windows so they will easily buy into the notion of the cell phone being just as vulnerable to viruses as their desktop computer is.
Oh no, first bird flu, now ant viruses!
So "Virus Scanners" for cell phones today will only protect against those ~150 threats that exist today. By definition, you can not protect against all future threats today (because if you could, your OS provider would have already done so).
Once threats become more widespread, the concept of a "Virus Scanner" will become more plausible.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
I know the idea of White Lists have been mentioned before, i'm wondering why nothing has been done with them? their cost benefit ratio when compared to antivirus software, and black lists seem to leave them as the better option.
So why is this not being considered, or implemented?
Kyle
( background info: white lists )
Actually Symantec for Symbian Series 60 has a firewall too.
Anti-Virus Company: Oh look the market is saturated Mkting Company: There were 150 Virii found in cell phones in a 20 month period. Anti-Virus Company: Oh look exploitable virgin territory...Get the coders on it! Mkting Company: Let's start with bringing a campaign that promotes fear and distrust, spawns bored coders to try something new, then we can saturate the market with more useless information and solutions to a niche area. Yay, more of my money, my time, and my life being sucked down the tubes... I hate the crap they come up with to distract us with....
I have participated in one of their "surveys" and received a "summary" of the results. The questions seemed loaded tending to push the answers to favor whom I suspected paid for the survey. Not suprisingly, the results confirmed my suspicion. This paper sounds like the same sky-is-falling crap that was Y2K. It would be interesting to go back and see what these "analysts" said about that.
Having my phone (a Treo, actually) destroyed would be the least of my concerns. Having my phone dial a big$ 976 number, or scam line in some strange country would be worse. Alternatively, having the virus gather numbers, email addresses, etc, and forward them to spammers or other marketers would also suck in a fairly big way.
Every Series 60 virus scanner I've tried (including F-Prot) has prevented every audio player I've tried (including Oggplay) from playing any audio file on every Series 60 phone I've used when resident/real-time scanning is enabled. I think that's a bigger problem.
Just another way for the Anti-viri companies to bilk money from the average non-tech-type. IMO every anti-virus company has a small team in a seculded part of the building writing the virus and releasing it into the wild . . . it's job security.
"You were expecting something witty here ?"
As long as the consumer can choose between: a) Cell phones which do not get viruses b) Cell phones which do get viruses and as long as an evil monopoly doesn't make every choose option b... God, I just hate anti-virus companies.
WTF does anyone stand to gain by compromising my cell phone? Do they want my free weekend minutes?
As if I needed another reason not to upgrade my 3 year old nokia. No camera, minimal PDA function, no link to PC or thar intarweb. It's durable, and it's a fucking phone!!! Jeez.
Spyware/virus infection is the cost of stupidity.
Then, we get paid to remove it.
Remember that.
Anyway, J2ME apps can usually only touch the keypad (and not the End button), the screen, the backlight, the speakers, the vibe alert, and the network connection. Some phones allow access to the camera and the GPS chip. No access to the address book, no access to the phone part of the phone.
"With the number of cellular devices sold in 2005 far beyond that of Windows PCs and no choice of anti-virus protection for most cellular device customers, should the cell carriers listen more closely to the anti-virus vendors?" The cell phone vendors really should listen, because they are about to get extorted the same way that pc users have been for the last 15 years. It is obviously in the anti-virus industry's best interest to secretly fund the development of new viri. In order that the company may operate under the leagal osposis of offering "protection" Now what does this sound familiar to? Oh and in other news, the Sorpranos are comming back for the 6th season in a few weeks.
J2ME is actually very well sandboxed away from the rest of the phone.
You can always terminate a J2ME app easily (push the red button), it can't stay resident, it has no access to any personal info (except for any data in the J2ME app's own database), it can't access the web without user intervention (the phone fires an alert asking for permission if an unknown app wants online - I've even seen it when I updated an app on my old phone), and accessing the GPS chip or the camera is yet another "must have permission" function, and doesn't work on all phones that have those features.
There aren't tons of exploits for phones. Only a few of the Smart Phones run Windows Mobile (which is arguably the only one that going to get many exploits), and even then the ability to communicate with the outside world is so limited that there aren't that many viruses.
Add to that the fact that there are multiple underlying architectures, and a company that is bound by the FCC to enforce fairly strong limitations of their commications devices, and you get a pretty tightly controlled system.
Heck, my phone won't even let me send packets with any non-approved apps.
And as for regression testing, have you even used a cell phone? These are hardware devices that were...hold on let me reiterate that HARDWARE. That means that there are tons and tons of regression tests. Because when hardware crashes, you don't often get a nice friendly "its crashed, so I need to restart." You get a horrible, nonresponsive "Its broken, and I want another one for free."
Mod me down and I will become more powerful than you can possibly imagine!
Look, unlike many (most?) here, I use Windows, I ::gasp:: even like Windows. Or at least I like it enough to deal with some of its antiquated architecture (which is why I believe that the platform has these security issues [though certainly there are other reasons as well]).
Cell phones are relatively new. Programmable cell phones are VERY new. There are no backward compatibility issues; on top of that, by their very nature these things contain somewhat sensitive data. Why aren't these things being designed to be more secure from the ground up?!
Download free e-books, lectures, and tutorials at bookgoldmine.com
If I have a cell phone that is either not internet-enabled (or that I do not use to browse the internet), and has no bluetooth, what do I need antivirus software for?
Trying to sell me antivirus software for my cell phone is like trying to sell winter coats to Ecuadorians.
Web 2.0 == Giant Blogspam Circle Jerk
please?
Creating a market for themselves. You have to ask yourself, what exactly are they doing releasing frequently updated antivirus definitions for OS X?
This guy is way out there
Even if you get a virus on your phone, there's no way the virus will auto execute on the your Symbian S60 smartphone without you knowing it unless you downloaded that cr*cked game.
Cheers!! Abdul Aziz
"Marketing researcher Gartner suggests a widespread attack could surface by the end of next year." - Slashdot "According to the authors, a fast-spreading phone virus or worm is *unlikely* to appear before the end of 2007." - Article referred.
Typing this is sure slow on this Voda703. But this browser is so bare that what are you going to exploit?
But if they have A/V for cel phones, what is next? WinPhone AutoUpdate? I can see it now, in the middle of a 911 or $6mil business call: "Your phone has been updated, the phone must be rebooted now to continue."
Personally, until mobile wireless broadband (e.g. HDSPA, EVDO, etc.) services become more pervasive and not to mention MUCH cheaper, I don't think there will be a huge problem. Viruses don't spread through the air - they would require the terminal device to be active and connected.
Assuming a piece of malware could activate the data radio at pre-determined times (e.g. late at night), it could really run up the bill for those who don't have unlimited data plans.
Another avenue of attack, which I see as most likely in the near future (especially for pocketPC users) are malicious websites. Not a whole lot of research seems to be going on in mobile vulnerability development, but when research increases, there will be a problem. Of course much of the research will probably be funded by the AV companies or their subsidiaries. I'm sure you've seen the job postings for security engineers and researchers at companies like symantec so don't deny it.
Now that mobile networks and fixed networks are converging, they really resemble fixed networks, thus controls that work on fixed networks will probably work on the mobile networks with little modification.
Firstly, terminal devices, especially J2ME capable ones have reasonable controls by way of very granular permissions that are found in any java runtime environment. I'm not however aware of how extensive the controls are at the OS level. If operators are smart, they will be rather restrictive with these permissions.
Lastly, network controls need to be in place. Perhaps this will be a good use for Unified Threat Management firewalls, which could possibly be placed at the Base Station Subsystem (BSS) level.
The next 12 months will be very interesting. I certainly don't look forward to having to install Norton AV on my Samsung i730!
Gives them an excuse to impose BREW2 or similar signing technology to keep independent applications out. Such signing methods are of no real benefit to the user, but of significant benefit to the carriers, so they have to come up with a flimsy excuse to force it on you...
But my phone doesn't have a red button. It's a Sony Ericsson K700i, and I have had occasions where a J2ME app hangs, and the only way to kill it was to shutdown the phone.
There is no sig.
Your phone doesn't have a dedicated button to hang up on a call (not uncommon on phones like Nokia's B&W bargain basement models), yet it's got J2ME support?
Wow.
OK, let me mention another advantage of J2ME. J2ME apps can't auto execute. Viruses tend to work better when they can.
We should take all their staff, and send them off in a big spaceship, to the farthest corner of the galaxy, along with other useless types like hairdressers, advertising execs, and middle-managers.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Cellphone application, with internet in general, have had a bad history with me. Other than one phone I hacked up with some 3rd-party apps, the only time I've really managed to screw up a phone software-wise was browsing (on my providers site, for phone #'s I believe). Web browsers on phones are hardly a tried-and-true technology, and the thought of adding more software, and things such as AV software frightens me. There have been a few incidents where I've strongly linked poor behavior and errors not to viruses, but the hugely resident antivirus/security programs. In particular, the security suites from companies such as McAfee and Symantec as extremely intrusive... I'd hate to have to deal with something similar on a phone.
And to take it a bit further into the area of speculation... how soon after cellphone AV programs become common can we expect to see larger cellphone virus outbreaks. This wouldn't surprise me.