Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firms Bicker Over Mobile Viruses

Posted by ryuzaki0 on from the angry-hens dept.

Fijer Nrosikjen writes to mention a ZDNet article about a claim by CA that F-Secure is just spreading FUD over mobile virus code, in order to promote its product. From the article: "CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added. It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors. "

13 of 90 comments (clear)

  1. ZDNet US link by Anonymous Coward · · Score: 3, Informative

    Quicker than ZDNet Asia: http://news.zdnet.com/2100-1009_22-6097733.html/

  2. Thank god by mgblst · · Score: 3, Informative

    ... that microsoft doesn't make OS for mobile phones (or at least not all of them).

    Most mobiles run J2ME, and you can't do anything interesting in J2ME. You can't even get the whole screen on some mobiles, let alone use directory services. And because J2ME allows the phone creators to load on different modules to there phones (JSR-182, etc), you don't even know if you will be able to do something when you get to a phone. You would have to be very clever indeed!

  3. Really? by Nos. · · Score: 3, Funny

    So I guess the only reason anyone ever wrote a virus was for monetary gain. Gee, I wonder how the first virus writers got paid before we got to the age of spyware and such.

  4. Is CA that ignorant? by HikingStick · · Score: 3, Insightful
    CA said criminals do not have an economic incentive to develop malicious code and...
    I spend a good number of my waking hours working with tech auditors who look at financial institutions and big firms. Saying that there is no economic incentive to develop malicious code (even if only limiting the argument to mobile devices) is absurd. Script kiddies will still wreak periodic havoc, but fear the coder who can't make ends meet (especially in the former soviet block) and sells out to organized crime interests.

    If anything, F-Secure is sounding a warning. Mobile viruses may not be the primary attack vector now, but with smart devices ever increasing (and a propensity of some executives to store everything on them, including passwords), it makes sense to stir up a little fear in the hope of preventing future harm.

    Fear is not bad if it is founded in reality. I've seen enough reality to know that this fear is warranted.
    --
    I use irony whenever I can, but my shirts are still wrinkled...
    1. Re:Is CA that ignorant? by laffer1 · · Score: 3, Insightful

      Both are ignorant. Any type of device could have a virus written for it. Even CA implies that. Its a warning that nothing is safe, but I don't think its time to buy software for viruses yet. Its like buying antivirus for a mac or linux desktop. There isn't anything in the wild that is going to hurt you right now. Sure there's a few token viruses but if you are patched they can't hurt you. Someday mac os and linux will be hit as bad as Windows. Why? Users are stupid. It only takes one click to get you in trouble. Most malware is concealed in something useful now.

      The question is when will consumers figure out the scam. Why is it that no antivirus product I've tried for Windows has a small footprint and detects reasonably well. The closest I've seen is clam antivirus for windows and that can't remove anything. Remember when antivirus vendors pushed the new version because it was faster and sometimes smaller? What happened to that. I actually don't run with antivirus on anymore. A monthly scan is enough. I patch windows religiously and only do special scans when I download from untrustworthy sources. There is a small risk one of them will spread a virus but its unlikely.

      Home users shouldn't fear this at all yet. Businesses should consider telling their users to watch what they install on their phones.

      --
      MidnightBSD: The BSD for Everyone
  5. Re:Um... by Tx · · Score: 3, Insightful

    Most people don't need AV software

    WTF? Most nerds may not need AV software on their PCs. Most other people do. They do not know how to recognize and avoid malware, manually remove it and repair damage done by it, or follow good practice to avoid it in the first place. If you're arguing that they should learn, that's pie in the sky. Believe me, they need AV software.

    --
    Oh no... it's the future.
  6. Re:Apparently by kjorn · · Score: 3, Interesting

    That's interesting, a mobile phone virus that talks to you through the phone handset.

    "Please upload me. Pleeeeeease."

    Or perhaps they just wait until you are talking to your mom, and insert helpful phrases into the gaps in the conversation. The virus could say stuff like, "I'm gay." or "I'm straight." or "I'm pregnant." or "I want to suck on you nipples now please." or "I've got the semtex." (that would be helpful to the FBI, not you or your mom). Or it could just make random grunting noises. Mind you, half the people I talk to on the phone could already have this hypothetical virus. "Uh, uh. *grunt* Me. Trin'. To. Fink." Anyway, you get the idea.

    I mean, who wouldn't want to code a virus like that?

    Imagine two viruses talking to each other down the phone. Some sort of singularity would appear in the phone network.

    Hope that helps - monk.e.boy

  7. The pot doesn't even know what a kettle is! by spyrochaete · · Score: 3, Interesting

    For what it's worth, I have ZERO faith in CA. My one brush with their products has tarnished my opinion of them forever. I think they're completely inept.

    While writing an article comparing small\medium business spyware solutions I installed a trial of eTrust Pest Patrol Corporate. Their crappy demo detected spyware (that none of the 4 other products detected, suspiciously) but informed me that only the pay version would remove it. I uninstalled the product but the eTrust right-click dialogs remained in Explorer. I called their tech support and they said they don't support product demos. I eventually found the registry key pertaining to the Explorer extension, emailed the info to them, and chewed them out.

    I suspect CA is in the business of FUD, including spreading FUD about its competitors. Then again, nearly the whole antivirus industry is that way. Free clients ftw!!

    If anyone cares, I blogged about the history of Norton\Symantec and how they've made a successful business with their increasingly inferior products.

    1. Re:The pot doesn't even know what a kettle is! by SSpade · · Score: 3, Interesting

      Pestpatrol. A word synonymous with incompetence in my mind.

      They listed one of my applications (Sam Spade - an elderly windows whois / traceroute client, basically) as a security risk. I started to get phone calls about it from users (I have quite a lot of users, so a few of them were bound to be running pestpatrol).

      I called the company responsible for pestpatrol several times, and they told me many things that turned out not to be true ("It's not listed", "We can certainly remove it", "Traceroute is a major security risk for enterprise customers.", "We have removed it", "Oh, when we said we'd removed it we meant, uh....", "We'll remove it within six weeks...").

      The sheer level of corporate and technical incompetence involved was staggering (and I've dealt with some spectacularly incompetent companies). The idea that anyone would rely on them for anything security related is scary. (To be fair, I believe that I dealt with them early on in their buyout process, so it's conceivable that they've picked up some basic business practices from their new owner since then, but it's not something I'd bet the security of my network on).

  8. I had a phone virus. by celardore · · Score: 4, Informative

    I looked it up on the net, and out what it was. Can't remember off the top of my head though. It's purpose was to spread itself to other Nokia bluetooth enabled devices, and apparently in the early hours of the morning it would call premium rate numbers.

    Trouble was, it hammered the battery with its constant bluetooth searching that it would only last a few hours before dying. Plus the constant "bluetooth busy" symbol on the phone was a dead giveaway.

    Funilly enough, it was F-Secure that I used to get rid of it.

  9. User interaction == and your point is? by lonesome+phreak · · Score: 3, Insightful

    "user interaction is required for any viruses to spread" So? We recently had a virus at my work (a large fortune 500 company) that required you to open up a zip file, put in a supplied 6-digit password from the email into the application the zipfile opened, and run the executible application. We still had people do this, because they thought it was "secret pictures" or something from their co-workers.

    A virus could require you to bleed onto the keyboard by stabbing yourself in the hand. If it promised nude pics and said it was from someone you know, there are enough people out there that will run it to give me a headache.

    --
    Maybe we DID take the blue pill. You wouldn't remember anyway.
  10. why I use open source by psbrogna · · Score: 3, Insightful
    After listening to the fud exchange between these two parties I just realized the major reason I use OSS.


    It's been said that people use OSS because it's free, more secure, performs better, architected better ... all things I do take into consideration.


    However I think I like OSS most because there's no marketing department intruding into my life and in many cases lying to me.


    Let's all raise our glasses to this wonderful phenomenon.

  11. Sir Edmund Hillary Quote: by mpapet · · Score: 3, Informative

    Reporter asks Hillary: "Why did you climb Everest?"

    Hillary: "Because it's there"

    Same story, different environment.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html