OK, I said I was going to shut up about over-hyped security software, and judging from comments by one security developer on-camera at the Smartphone Show, it seemed that they'd learned their lesson. But here we go again... and again.... and again....
Read on in the full article.
I think that Symantec and F-Secure and others are working hard on producing a virus/worm that will actually work on Symbian devices. Once they achieve it (in which I doubt) they can miracly appear with a cure. 😃 😃
A way round this would be for Symbian themselves to make the security of the OS far more visible, let people see just how much protection there is in their phone through a separate icon in the toolbox. If Symbian devices already have something that works like a firewall, then Symbian should call it a firewall and make a song and dance about it on their specifications.
It's difficult though because you can bet that one of Symbian's rivals (cough... Microsoft... cough) will be happy to spread stories that there are vulnerabilities in Symbian, just as they've done with Linux and Firefox and all kinds of other OSes and applications eating into MS's market share.
Rather oddly, Nokia themselves actually sell F-Secure on their Software Market apps sales site, it's their number 1 selling application despite being a complete waste of money.
krisse wrote:A way round this would be for Symbian themselves to make the security of the OS far more visible, let people see just how much protection there is in their phone through a separate icon in the toolbox. If Symbian devices already have something that works like a firewall, then Symbian should call it a firewall and make a song and dance about it on their specifications.
The thing is that there is no built-in firewall in Symbian simply because there isn't any need for one. Most people do not understand what a firewall is and just believe that it's some kind of magical piece of software that will prevent them from being "attacked" by bad guys or infected by viruses. This is this lack of knowledge and understanding that security firms exploit to sell their products.
A firewall does 2 things:
- filter incoming network connections (connections made by a bad guy on the internet to your computer)
- filter outgoing connections (connections made by a piece of software installed on your computer to another computer on the internet, e.g. a web browser).
Symbian OS does not have any server application installed by default. It therefore does not have any ports open by default. As a result, it is completely impossible for anybody to connect to a symbian phone from the internet. The phone will deny every incoming connection since it's not expecting any. This is the big difference between Symbian OS and earlier version of Windows Server OSes which shipped with loads of server applications and ports open by default. As a result, a firewall which filters incoming connections is completely useless on Sybmian OS.
Then there is the outgoing connections problem: over the recents years, more and more firewall have started to filter outgoing connections as well. The goal of this is to prevent spywares and viruses that you have installed on your computer (by for exemple opening an infected email attachement) from being able to connect to the internet without the user's knowledge. Once again, this kind of threat doesn't exist on Symbian OS.
Under Windows, any application can connect to the Internet silently, without the user having any way to see it and control it. This is why firewalls that filter outgoing connections have been introduced: they warn the user whenever an application try to connect to the Internet, hence allowing the user to decide whether to let it connect or not.
Under symbian OS, applications that are not symbian signed (spywares and virus surely won't be signed by Symbian) can not connect to the Internet without explicitely asking the user if it's OK to connect. Therefore, the system itself acts as a firewall for outgoing connections.
Conclusion: there is no firewall built-in symbian so symbian can not add a new Firewall icon in their menu but the reason for this is that there is absolutely no need for a firewall on this system (so far).
krisse wrote:
Rather oddly, Nokia themselves actually sell F-Secure on their Software Market apps sales site, it's their number 1 selling application despite being a complete waste of money.
I suppose that they're doing that in order to appear to the mass market like they are taking security seriously. Now that Nokia has decided to market their smartphones as computers and are targetting the mass market, they have to use words and concepts that the mass market understands.
95% of the people out there are Windows users. These 95% of people have been formatted over the years to think that: computer + internet = viruses and spywares => you need an antivirus or it's gonna be the end of the worls for you. Go on and try to explain to all those people that this is completely untrue if you're not using Windows and use your brain instead. I wish you good luck.
From Nokia's perspective, it's much easier to simply sell or bundle an anti-virus software with their phones. It's useless but it makes people happy and makes them feel secure.
"The thing is that there is no built-in firewall in Symbian simply because there isn't any need for one. Most people do not understand what a firewall is and just believe that it's some kind of magical piece of software that will prevent them from being "attacked" by bad guys or infected by viruses. This is this lack of knowledge and understanding that security firms exploit to sell their products."
But that's my point, if their product does the things that Firewalls are needed for on PCs, then they should say something like "Symbian comes with an integrated firewall".
You and I may notice technical distinctions in how the protection is there, but as far as the average end user is concerned they just want to know that their computer/device is protected against being broken into.
...anyway, I was attacked by a virus on a motorway through Bluetooth a couple of weeks ago...but Symantec on my N70 got it...😊
I got a virus off my friend's N70 and I was laid up in bed for a week with nausea and migrane **and F-Secure did nothing to stop it**.
It wasn't a mobile terminal virus, apparently (you can still write about it here). 😉
Go on then, lemotor, I'll bite - "attacked" is a very emotive word to use - how exactly did this mobile virus 'attack' your smartphone?
Steve
In some RARE cases you might wanna block outgoing connection(s).
Well you cant say that Symbian has a Firewall as it hasn't but perhaps they could describe it as Fireproof?
Some S60 9.1 3rd apps are calling "home", without our concent. 😉
Symbian has a copuple of servers that listen for incoming traffic. Examples are the bluetooth and the IR servers. As these servers are reasonably simple, panic when there is a buffer overflow and don't execute any fancy code, they appear not to be to not wel suited for attacks.
With Windows (and Unix) servers, things are different as these servers are more capable and have known vulnerabilities, buffer overflows being a famous example. These servers commonly watch for incoming traffic on tcp or udp ports, hence the reason you need a firewall watching these ports.
People who are going to use the Apache port to S60, will have a server that is capable of executing code and these people might want to add a firewall as an extra security measure.
And whether the bluetooth and ir server are really safe? I did some experimenting and I was able to execute code by sending a file to another device. Ok, the user had to open the file and there was a difference in the way the device handled the executable and a real file, but I doubt many users would have seen the difference. Sorry, no details on a public forum.
Sander van der Wal
www.mBrainSoftware.com
Well, in fairness, I did also state that "it still requires a compulsive link-clicking, sense-lacking dimwit to accept the connection in the first place" in order to get infected...
The usually reliable Davey Winder 😊
Ah, Hi Dave, I wondered whether you read AAS!
I still think you were far too lenient with them, it came across more as an F-Secure advert... 8-)
Steve
Advertorial certainly wasn't my intention, it has to be said.