Slashdot Mirror
Security Firms Can't Protect iPhone From Threats
nk497 writes "F-Secure researchers are calling attention to the fact that it's impossible to run third-party anti-virus on iPhones, because the SDK doesn't allow for it. It's a problem, as they claim malware will start to target the phone. 'None of the existing anti-virus vendors can make one, without help from Apple,' chief research officer Mikko Hypponen said. 'Apple hasn't been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn't exactly true.' At the moment, the only worms faced by the iPhone have targeted unlocked, jailbroken devices — so Apple's not too bothered protecting users of such phones." While Apple claims that the iPhone's closed nature offers protection to its users, and security vendors maneuver for a piece of a market now closed to them, clearly both sides are pushing their own self-interest.
From the summary, F-Secure: "'Apple hasn't been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn't exactly true.' .
No, indeed, only jailbroken phones were infected. Thus the obvious solution for F-Secure would be to bring out an app in Cydia or other app stores for jailbroken devices.
Of course, rather than do something, their execs prefer to spend their time whining.
8 of 13 people found this answer helpful. Did you?
Mac OS X has security problems because it allows running executables and non-signed programs too. iPhone on the other hand doesn't, so trojans and such wont work. The only possible way is to exploit a vulnerability, but that doesn't happen every day and should be pretty quickly patched by Apple (doesn't the phone network push updates automatically?). And if there's a new exploit, antivirus software are just as bad in protecting against it.
Anti-virus/anti-malware always seems to be a shitty bandaid to a badly designed system. Even running Windows 7, with UAC on, non-administrative account 99.999% time, always a non-IE browser, and very strict on what I run as .exe and where I download them, ad-aware just found some wind32 trojan.
Also, people forget this is supposed to be a portable device, even a phone sometimes. Remember what most A/V does to your desktop? I don't run A/V on my notebook, and I actually do want a decent battery life on my phone, as hard as that is to believe.
However, I know there will be problems with the iPhone. I do wish its safari had the option of "noscript" and stronger adblock plus than its own system among other things. And that when you do use it for the first time, it would have a video on safe usage. You can't upgrade or improve the user, the weakest link, but at least you can try to lead that horse to water that is education.
...and here it is:
Some fella develops and distributes some serious virus that "shuts down" a big number of iPhones...
This generates [bad] publicity for the device...
The media pick the story up...(in the meantime, it's "damage control" for Apple)...
Android is touted as the best alternative...
Motorola and Co. jump on the bandwagon...
What next? profits, numbers and market share for the Droid.
Question is: Am I wrong?
I tend to be wary when using my crystal ball, but this time I want to make a prediction: This is an intended development, and we'll see more of it in the future. Jailed devices that are deemed intrinsically secure. People who dare to unlock their device not only open themselves up for infections, they also can't get any help to make their devices secure again because everyone who could or would offer them this help is locked out.
Now add laws that started to creep into our legislative where you're legally responsible for it if your device is insecure and doing something illegal.
In the long run, you will only be secure and not responsible for anything your device does if you don't mind not owning it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Apple isn't too concerned because all Apps run in a sandbox. There would have to be a very glaring hole in iPhoneOS would an attacker be able to take over an iPhone in this way. I remember a vulnerability that allowed exploitation through doctored SMS packets somehow, but I'm not sure how serious it was. At any rate, that's fixed now as far as I remember. Really, this is just about anti-virus companies trying to instill fear in the hearts of ignorant users. iPhone users that have jailbroken their iPhone have made it their own responsibility to look after security and I don't believe for a second that F-Secure is targeting *them* (SDK limitations wouldn't be a roadblock in that case). I see very little opportunity for a hacker to invade an iPhone, and thus it's not a huge priority to install any security software on the iPhone.
This is even more stupid than their attempt to sell antivirus for Palm OS.
There is no mechanism for transmission between one iPhone and another UNLESS the iPhone is jailbroken.
So Symantec only needs to write antivirus for jailbroken iPhones. And Apple would have no way to prevent them. So what's their problem?
RTFA.
If you don't void the user agreement by jailbreaking your iPhone, you don't have this problem. Apple set up the environment. As it's designed, users are protected. If you choose to negate that design, you may have problems.
Where is Apple's liability if you don't use it as designed (or as dictated in the UA)?
iLocalis is a clone of "Find My iPhone", a feature of the 3.x firmware.
Winterboard is customizable but it is also slow and unstable.
OpenSSH Server has no business on a phone. There are several SSH clients in the app store for connecting to other machines for administrative purposes. If you feel the need to have a phone that requires administration, I would suggest looking at a windows mobile phone. I hear that they have all sorts of interesting crashes and race conditions.
If you want Intelliscreen, it sounds like you would be happier with a windows phone but there are obviously trade offs like no integration with a jukebox and no app store.
MyProfiles, is a solution looking for a problem. It is such a small niche that it is not worth Apple to invest time in providing such a feature.
If you want to hack phones, I'd suggest getting another type of phone. The iPhone is designed to be an appliance for busy people to use and have it "just work".
Jesus was a compassionate social conservative who called individuals to sin no more.
Actually, someone already had a fully flagged AV solution for jailbroken iPhones ...
http://www.appleiphoneschool.com/2008/05/05/ivirusscan-10b02/