Security Firms Bicker Over Mobile Viruses

Fijer Nrosikjen writes to mention a ZDNet article about a claim by CA that F-Secure is just spreading FUD over mobile virus code, in order to promote its product. From the article: "CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added. It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors. "

Re:Apparently

[kjorn]

That's interesting, a mobile phone virus that talks to you through the phone handset.

"Please upload me. Pleeeeeease."

Or perhaps they just wait until you are talking to your mom, and insert helpful phrases into the gaps in the conversation. The virus could say stuff like, "I'm gay." or "I'm straight." or "I'm pregnant." or "I want to suck on you nipples now please." or "I've got the semtex." (that would be helpful to the FBI, not you or your mom). Or it could just make random grunting noises. Mind you, half the people I talk to on the phone could already have this hypothetical virus. "Uh, uh. *grunt* Me. Trin'. To. Fink." Anyway, you get the idea.

I mean, who wouldn't want to code a virus like that?

Imagine two viruses talking to each other down the phone. Some sort of singularity would appear in the phone network.

Hope that helps - monk.e.boy

The pot doesn't even know what a kettle is!

[spyrochaete]

For what it's worth, I have ZERO faith in CA. My one brush with their products has tarnished my opinion of them forever. I think they're completely inept.

While writing an article comparing small\medium business spyware solutions I installed a trial of eTrust Pest Patrol Corporate. Their crappy demo detected spyware (that none of the 4 other products detected, suspiciously) but informed me that only the pay version would remove it. I uninstalled the product but the eTrust right-click dialogs remained in Explorer. I called their tech support and they said they don't support product demos. I eventually found the registry key pertaining to the Explorer extension, emailed the info to them, and chewed them out.

I suspect CA is in the business of FUD, including spreading FUD about its competitors. Then again, nearly the whole antivirus industry is that way. Free clients ftw!!

If anyone cares, I blogged about the history of Norton\Symantec and how they've made a successful business with their increasingly inferior products.

Re:The pot doesn't even know what a kettle is!

[SSpade]

Pestpatrol. A word synonymous with incompetence in my mind.

They listed one of my applications (Sam Spade - an elderly windows whois / traceroute client, basically) as a security risk. I started to get phone calls about it from users (I have quite a lot of users, so a few of them were bound to be running pestpatrol).

I called the company responsible for pestpatrol several times, and they told me many things that turned out not to be true ("It's not listed", "We can certainly remove it", "Traceroute is a major security risk for enterprise customers.", "We have removed it", "Oh, when we said we'd removed it we meant, uh....", "We'll remove it within six weeks...").

The sheer level of corporate and technical incompetence involved was staggering (and I've dealt with some spectacularly incompetent companies). The idea that anyone would rely on them for anything security related is scary. (To be fair, I believe that I dealt with them early on in their buyout process, so it's conceivable that they've picked up some basic business practices from their new owner since then, but it's not something I'd bet the security of my network on).