Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firms Bicker Over Mobile Viruses

Posted by ryuzaki0 on from the angry-hens dept.

Fijer Nrosikjen writes to mention a ZDNet article about a claim by CA that F-Secure is just spreading FUD over mobile virus code, in order to promote its product. From the article: "CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added. It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors. "

11 of 90 comments (clear)

  1. Apparently by PunkOfLinux · · Score: 2, Insightful

    These people have never heard of viruses that can look like something else, seem useful, et cetera. And it's not that hard to make a virus that says "You're a windows mobile device, i'll download THAT code"

    --
    Show this to your friends and family that don't know what a real hacker is
  2. Is CA that ignorant? by HikingStick · · Score: 3, Insightful
    CA said criminals do not have an economic incentive to develop malicious code and...
    I spend a good number of my waking hours working with tech auditors who look at financial institutions and big firms. Saying that there is no economic incentive to develop malicious code (even if only limiting the argument to mobile devices) is absurd. Script kiddies will still wreak periodic havoc, but fear the coder who can't make ends meet (especially in the former soviet block) and sells out to organized crime interests.

    If anything, F-Secure is sounding a warning. Mobile viruses may not be the primary attack vector now, but with smart devices ever increasing (and a propensity of some executives to store everything on them, including passwords), it makes sense to stir up a little fear in the hope of preventing future harm.

    Fear is not bad if it is founded in reality. I've seen enough reality to know that this fear is warranted.
    --
    I use irony whenever I can, but my shirts are still wrinkled...
    1. Re:Is CA that ignorant? by laffer1 · · Score: 3, Insightful

      Both are ignorant. Any type of device could have a virus written for it. Even CA implies that. Its a warning that nothing is safe, but I don't think its time to buy software for viruses yet. Its like buying antivirus for a mac or linux desktop. There isn't anything in the wild that is going to hurt you right now. Sure there's a few token viruses but if you are patched they can't hurt you. Someday mac os and linux will be hit as bad as Windows. Why? Users are stupid. It only takes one click to get you in trouble. Most malware is concealed in something useful now.

      The question is when will consumers figure out the scam. Why is it that no antivirus product I've tried for Windows has a small footprint and detects reasonably well. The closest I've seen is clam antivirus for windows and that can't remove anything. Remember when antivirus vendors pushed the new version because it was faster and sometimes smaller? What happened to that. I actually don't run with antivirus on anymore. A monthly scan is enough. I patch windows religiously and only do special scans when I download from untrustworthy sources. There is a small risk one of them will spread a virus but its unlikely.

      Home users shouldn't fear this at all yet. Businesses should consider telling their users to watch what they install on their phones.

      --
      MidnightBSD: The BSD for Everyone
    2. Re:Is CA that ignorant? by Billosaur · · Score: 2, Insightful
      If anything, F-Secure is sounding a warning. Mobile viruses may not be the primary attack vector now, but with smart devices ever increasing (and a propensity of some executives to store everything on them, including passwords), it makes sense to stir up a little fear in the hope of preventing future harm.

      And let's not forget that as people demand there mobile phones to be more things and be able to interface with other computers, the possibility of using a person's mobile phone as a backdoor through security into a system rises. Comapnies are having a hard enough time defending against USB drives that may be seeded with virii; IT security's workload will double if they also have to start taking into account mobile phones that can connect to networks via Bluetooth so people can access work email, voice messages, etc.

      People may want to call this FUD, but paranoia is the order fo the day when it comes to network security.

      --
      GetOuttaMySpace - The Anti-Social Network
  3. Re:Um... by Tx · · Score: 3, Insightful

    Most people don't need AV software

    WTF? Most nerds may not need AV software on their PCs. Most other people do. They do not know how to recognize and avoid malware, manually remove it and repair damage done by it, or follow good practice to avoid it in the first place. If you're arguing that they should learn, that's pie in the sky. Believe me, they need AV software.

    --
    Oh no... it's the future.
  4. Re:Really? by Anonymous Coward · · Score: 2, Insightful

    Don't confuse "economic gain" with "monetary gain". The two are often mistakenly used interchangeably. See this discussion for more information, but the basic assumption is that the perceived utility, or gain (which does not have to be monetary - it could be something as simple as public recognition, personal satisfaction, etc outweighs the cost - again, cost is not necessarily monetary, but could include effort required to write something, or learn the right language, whatever. Finally, there is utility cost involved too: what is the next best thing the person could have been doing instead of writing the code. If the other option was, say, sitting at a bar with friends, the loss of that utility is factored into the discussion about whether writing the mobile virus (or whatever) makes sense from an economics standpoint.

    You probably already knew this and were just making a joke, but I see this "economic gain is equivalent to monetary gain" so many times that I finally got motivated enough to write this response...

  5. Re:Um... by lgw · · Score: 2, Insightful

    For the average user it sure seems easier to pay the AV guys than to pay the reinstall guys - cheaper too.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  6. Re:Thank god by Anonymous Coward · · Score: 1, Insightful

    Think you're smart, eh? The plural of Virus is NOT Virii. Dumb-ass.

  7. CA should know. by GomezAdams · · Score: 2, Insightful

    If anyone knows about criminal activities for fun and profit it'd have to be CA.

    --
    Too lazy to create a sig...
  8. User interaction == and your point is? by lonesome+phreak · · Score: 3, Insightful

    "user interaction is required for any viruses to spread" So? We recently had a virus at my work (a large fortune 500 company) that required you to open up a zip file, put in a supplied 6-digit password from the email into the application the zipfile opened, and run the executible application. We still had people do this, because they thought it was "secret pictures" or something from their co-workers.

    A virus could require you to bleed onto the keyboard by stabbing yourself in the hand. If it promised nude pics and said it was from someone you know, there are enough people out there that will run it to give me a headache.

    --
    Maybe we DID take the blue pill. You wouldn't remember anyway.
  9. why I use open source by psbrogna · · Score: 3, Insightful
    After listening to the fud exchange between these two parties I just realized the major reason I use OSS.


    It's been said that people use OSS because it's free, more secure, performs better, architected better ... all things I do take into consideration.


    However I think I like OSS most because there's no marketing department intruding into my life and in many cases lying to me.


    Let's all raise our glasses to this wonderful phenomenon.