Darla reports on F-Secure anti-virus software being made available for S60 3rd edition, Symbian OS 9 smartphones. Hang on. Er.... but with Platform Security in OS 9, there's absolutely no way for malware to install and propagate. Which means that noone will ever be able to infect anyone else. So... what's the point in anti-virus software? Its existence was tenuous at best under Symbian OS 7 and 8. Under Symbian OS 9.... Comments welcome.
Read on in the full article.
I've asked F-Secure (and others) this exact question. There generalised answer was:
- Symbian 9 does improve things, but there's no guarantee it is 100% secure.
- The threat for mobile which are increaingly always on may not come from traditional virii. There may be spam traffic, and other such tactics.
- Mobile security suites will expand to deal with other threats such as spam, and inbound traffic attacks (i.e. Firewall needed).
- Its about prevention and peace of mind. It is not possible to say what will happen yet, so on the basis that something might happen you should buy an anti-virus product.
Its difficult not to be a bit sceptical about this. I accept in corporate environment 100% peace of mind and security means it is a good idea, but for the average user....
I'd say peace of mind is key here, and also for end-user and not just corporate environment. I don't know how F-Secure works actually, but I would imagine there are possibilities of preventing "accidental" application installation by the user (like trojans) if F-Secure notices suspicious email attachment etc.
Many PC anti-virus detect symbian malware, I think there is no threat for symbian 9 but you may share a malware .sis for previous symbian versions through bluetooth or mms (or e-mail)
[There may be spam traffic, and other such tactics.]
Eh?? What's spam traffic when it's at home?
[inbound traffic attacks (i.e. Firewall needed).]
Nope, Symbian OS is secure, I've tested and probed it. Ports are closed unless specifically opened. So no firewall needed.
[threat for symbian 9 but you may share a malware .sis for previous symbian versions]
How could you share it when the malware couldn't install or run?
Still dumbfounded that the anti-virus companies keep getting away with this sort of hype.
Steve
I was repeating what I could remember of the answer given by various anti-virus companies. I largely agree with you Steve, but I think everyone knows there is no such thing as a completely secure system. Spam traffic (sms and emails) etc. With the devices being always on and connected via WiFi in theory a firewall may be necessary (though I can't really see the need myself)...
Bear in mind Symbian Signed only guarantees identity not the application is good... there's still potential for battery draining programs (not a big deal if it can distribute itself)... there are also J2ME virii in theory too...
I think it is about peace of mind. Not everyone is tech savy.
But still you can't help go hmmm from your own perspective. As I said before for corporate I think it is different.
who can guarantee that virus aren't made by anti-virus companies? if there were no virus, they (anti-virus companies) wouldn't exist...
Just to mention the firewall thing again. When the issue of whether Symbian OS was secure was first raised a couple of years ago, I did a load of tests on Symbian OS 6 on a Nokia 9210. Testing it on various Internet port probe systems, I couldn't find a TCP/IP single port that was open when it shouldn't be. Now it's possible that Symbian may have broken something in their stack in the meantime, but I think we can trust them on this one.
Steve Litchfield
I think one thing that is being forgotten is that most of us here are used to the Symbian OS. Some of us have no need for anti-virus protection because we know how to protect our phones. But with the 3rd edition phones starting to become more appealing to even new S60 users I would have to say that extra protection is more-so for them.
As for the spam thing... we are all familiar of the CommWarrior virus that went around and I've seen many of my friends caught by it. Mainly because the message disguised itself as coming from one of their contacts. Who would suspect that?
While I personally do not show a need for AV protection, its nice to know that extra security is out there and available.
Sorry Darla, but no. You've completely missed the point 8-)
Go look up "Symbian OS 9" and "Platform Security" on Google. The whole point of PlatSec was to make malware impossible. Because malware couldn't get Symbian Signed, which means apps couldn't access any comms systems on the phone, etc.
So buying security software under Symbian OS 9 is like buying up dust masks from your local DIY centre when you already have on a thermonuclear radiation suit.
Steve Litchfield
Steve, you're being too straight-forward here. Windows has also lots of internal security systems in OS level, and still we need anti virus software. The need might not be as urgent with smartphones (especially with Symbian 9), but the need is still there. You or I won't be needing that, but we are not the average user.
I know you work for Nokia, but I just don't agree. When the whole concept of firewalls became vital, it was because Windows left half its TCP/IP ports open. ZoneAlarm and the like did the job until Windows XP's built-in firewall came along, but since then there's been no need for third party software.
Similarly with Symbian OS, except that it's had stealthy ports from day one. No need for a third party firewall.
And I STILL don't buy the 'we are not the average user' argument. PlatSec means that ALL Symbian OS 9 devices are IMMUNE from warez/malware/trojans, by definition. So however stupid the user, the worst they can do is screw up their own phone a little bit. In the worst case, should they install a trojan that's unsigned and should they ignore all the warnings, it'll simply flap about a bit on their device and then no be able to transmit itself. They can then simply follow usual 'start afresh' procedure (e.g. three finger startup) to wipe the trojan.
Come on guys, I know F-Secure has a *brilliant* marketing and PR team (and probably lots of money), but this is a case of the emperor's new clothes and I feel like the little boy at the back of the crowd shouting....
Steve Litchfield
With PlatSec the the majority of kinds of malware will be (almost?) impossible, but I still see a 'bright' future for Trojans. This is how to do it:
1) create a company and write some apps. Make yourself known in the marketplace. Or buy some existing companies. Obtain an ACS from Verisign.
2) Now, create an app that has a understandable need for examining the Agenda, contacts, whatever, on the device. You also add to this app a module that sends the user's data to some server. Ths siphoning off doesn't start to happen right away, or in large quantities. The trojan can examine the data and look for interesting stuff (like home addresses in expensive neighbourhoods, or function titles like CEO, CFO, ....).
3) give the app a good reason to regurarly connect to some server. You can for instance use a licensing model such as pay-per-use, pay-per-month, or looking for upgrades. Encrypt the data stream. You can now send off the data, and get new instructions back.
4) Get the app on as many devices as possible. This is the hard part.
5) Wait for the data to come in, and act on it in such a way that nobody expects your app for a long time.
Sander van der Wal
mBrain Software
Steve, just like Jukka pointed out, that there's a security framework in place doesn't mean that a system is immune to any threat. There's no such thing as software that's completely bug-free, and bugs mean potential security hazards. There's no such thing as a computer that's immune to security threats, not even if you switch it off (or even better, smash it up really good) and lock it up in a bank vault.
I still agree that anti-virus software for Symbian OS devices is pretty much unnecessary right now, of course. 😊
Perhaps it would be possible to determine from F-Secure eaxctly what kind of virus attacks their AV software is actually protecting against on OS9. From that a sensible decision on whether this is actually adding any value can be made.
Piece of mind can only occur if its known what protection is actually being offered compared to what is actually possible.
Its unclear why anyone belives that an AV product is in itself 100% reliable + therefore able to prevent all viral attacks. Indeed most AV companies issue updates on a very regular basis to counterattack the latest + greatest virus. Given there are (close to) 0 known viruses on OS9 at this time one assumes the current AV software cant actually offer much value at this time as it does not know how to counteract things that dont exist.
Absolutely yes, malware/trojans can be written, pass Symbian Signing etc - the PlatSec does not stop this. However if caught I suspect the Symbian community would hear of it pretty quickly + the revocation service enacted - possibly on the one app - possibly on all that companies apps. Its a pretty good way of becoming hated + going out of business....
bbj wrote:
Absolutely yes, malware/trojans can be written, pass Symbian Signing etc - the PlatSec does not stop this. However if caught I suspect the Symbian community would hear of it pretty quickly + the revocation service enacted - possibly on the one app - possibly on all that companies apps. Its a pretty good way of becoming hated + going out of business....
It is nowadays common for cybercriminals to extort websites by threatening them with DDOS attacks. I doubt such people would care much about being hated by the Symbian developer community.
Don't think of these people as misguided teenage hackers. They are criminals, and their frontend going out of business.... who cares. There are plenty of them to go around.
Sander van der Wal
mBrain Software.
Rafe wrote:Bear in mind Symbian Signed only guarantees identity not the application is good... there's still potential for battery draining programs (not a big deal if it can distribute itself)... there are also J2ME virii in theory too...
hold on Platsec only guarantees id?so really a mailware ddeveloper could get hold off a well known & highly used app "crack it" but really put malware in it then destribute it as the cracked version therefore sending out malware with an app that ahs already been symbain signed, making the whole symbian singed & platsec thing worthless
No, no, signing an app does more than check identity, it also byte signs the SIS file itself. So altering even one byte will invalidate the app.
Steve
so theres like either a file or line of code in the sis file which referes to the size of the file @ singing.
Sorry I didn't write clearly. Symbian Signed is secure in the signing process (Steve is exactly right here - any modification of a sis file will invalidate signing).
What I meant was that Symbian Signed guarantees who an application is made by. It does not necessairly indicate that it is good application (i.e. the usability may be poor). To pass Symbian Signed there are certain requirements (e.g. relating to low memory situations), but Symbian Signed does not test an application for easue of use / utility.
No, it's not like Windows keygens - if there's ANY mismatch in the file checksum, the OS (which is in ROM, remember, so can't be changed or hacked) will refuse to run it.
Steve Litchfield
yeah i know that its not exactly like the keygens just a comparison at the time that ms thought there keys would be stop piracy,like symbain belives there platsec will stop malware.
& i dont quite understand about the file checksum.the file checksum for the sis file is stored in the sis file isnt it??not in the os(there not going to have aevery sis file's checksum in built into the os)
Good question - I'm hoping someone here with inside knowledge of how Symbian Signed apps are handled under OS 9 can leap in and answer this in plain English? Anyone? What's to stop some piece of malware from spoofing the hex that the OS needs?
Steve
seams like nobody knows!!:tongue: