Slashdot Mirror
Security Firms Can't Protect iPhone From Threats
nk497 writes "F-Secure researchers are calling attention to the fact that it's impossible to run third-party anti-virus on iPhones, because the SDK doesn't allow for it. It's a problem, as they claim malware will start to target the phone. 'None of the existing anti-virus vendors can make one, without help from Apple,' chief research officer Mikko Hypponen said. 'Apple hasn't been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn't exactly true.' At the moment, the only worms faced by the iPhone have targeted unlocked, jailbroken devices — so Apple's not too bothered protecting users of such phones." While Apple claims that the iPhone's closed nature offers protection to its users, and security vendors maneuver for a piece of a market now closed to them, clearly both sides are pushing their own self-interest.
From the summary, F-Secure: "'Apple hasn't been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn't exactly true.' .
No, indeed, only jailbroken phones were infected. Thus the obvious solution for F-Secure would be to bring out an app in Cydia or other app stores for jailbroken devices.
Of course, rather than do something, their execs prefer to spend their time whining.
8 of 13 people found this answer helpful. Did you?
Anti-virus/anti-malware always seems to be a shitty bandaid to a badly designed system. Even running Windows 7, with UAC on, non-administrative account 99.999% time, always a non-IE browser, and very strict on what I run as .exe and where I download them, ad-aware just found some wind32 trojan.
Also, people forget this is supposed to be a portable device, even a phone sometimes. Remember what most A/V does to your desktop? I don't run A/V on my notebook, and I actually do want a decent battery life on my phone, as hard as that is to believe.
However, I know there will be problems with the iPhone. I do wish its safari had the option of "noscript" and stronger adblock plus than its own system among other things. And that when you do use it for the first time, it would have a video on safe usage. You can't upgrade or improve the user, the weakest link, but at least you can try to lead that horse to water that is education.
I tend to be wary when using my crystal ball, but this time I want to make a prediction: This is an intended development, and we'll see more of it in the future. Jailed devices that are deemed intrinsically secure. People who dare to unlock their device not only open themselves up for infections, they also can't get any help to make their devices secure again because everyone who could or would offer them this help is locked out.
Now add laws that started to creep into our legislative where you're legally responsible for it if your device is insecure and doing something illegal.
In the long run, you will only be secure and not responsible for anything your device does if you don't mind not owning it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is even more stupid than their attempt to sell antivirus for Palm OS.
There is no mechanism for transmission between one iPhone and another UNLESS the iPhone is jailbroken.
So Symantec only needs to write antivirus for jailbroken iPhones. And Apple would have no way to prevent them. So what's their problem?
Except that this scenario is next-to-impossible on stock iPhones, because of the aforementioned code-signing restrictions, sandboxed applications and other mechanisms which prevent this from being a general problem.
Jailbreaking your phone makes all these safety nets go away: the kernel is patched so that it will run anything and applications are permitted to roam free across all of the device. At that point, you are on your own as far as security goes. If you, as a user, willfully ignore the instructions saying "Use 'passwd' to change the default password!!", then the resulting compromise of your iPhone is *entirely* your fault, and Apple doesn't even have to do "damage control". A rooted Android phone would suffer the same problems.