04-02-2005, 03:00 PM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
H+BEDV Releases AntiVir Mobile
While it's probably not yet essential to have an antivirus solution for your Pocket PC, it's good knowing that the range of these types of products is slowly increasing (probably to prepare for a new wave of handheld viruses, which has been suggested, will be seen in the near future). H+BEDV are just one of many to offer such a mobile antivirus solution, as they have just released AntiVir Mobile, which is free for personal use. For non-German speaking readers, click here for a Google translation.
|
| |
|
|
|
04-02-2005, 09:15 PM
|
|
Ponderer
Join Date: Aug 2004
Posts: 70
|
|
If the platform becomes as diseased as the WinPC platform, I'll be especially disappointed in Microsoft.
Having said that, I'm disgusted with the AV vendors. There is absolutely no need for there to be an AV for PPCs. Its scaremongering and utterly unnecessary if everyone simply knew what they were doing.
Viruses/phishing/scams aren't the problem - its the ignorant who click everything without a care. They cost businesses time and money and people like me have to fix the mess caused by their ineptitude.
A basic working knowledge of how things work - what to do when a problem arises, things to avoid, etc, should be taught at school. E.g., funtime.exe = very bad, funtime.doc = suspicious. Recommendation: delete both.
Its not difficult.
|
| |
|
|
|
04-02-2005, 10:24 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 221
|
|
Now all we need are actual (real life, in the wild) Pocket PC viruses to go along with it!
Isn't this like selling tin openers before tin cans are invented?
|
| |
|
|
|
04-02-2005, 10:40 PM
|
|
Thinker
Join Date: Jul 2003
Posts: 430
|
|
Quote:
|
Originally Posted by Ward
If the platform becomes as diseased as the WinPC platform, I'll be especially disappointed in Microsoft.
Having said that, I'm disgusted with the AV vendors. There is absolutely no need for there to be an AV for PPCs. Its scaremongering and utterly unnecessary if everyone simply knew what they were doing.
|
If everyone knew what they were doing - you are right there would be no need - for now
Quote:
|
Originally Posted by Ward
A basic working knowledge of how things work - what to do when a problem arises, things to avoid, etc, should be taught at school. E.g., funtime.exe = very bad, funtime.doc = suspicious. Recommendation: delete both.
Its not difficult.
|
Not for us, but for the average joe it seems very hard. Not everyone thinks logically - which is how we think and how computers work.
Quote:
|
Originally Posted by mr_Ray
Now all we need are actual (real life, in the wild) Pocket PC viruses to go along with it!
|
If you look at the signature file for Symantec AV for Pocket PC, it has three virus signatures in it. They are out there, but they are hard to find.
I think there will be an increase in viruses, but there are some significant challenges for virus writers to overcome first.
- There is no way to auto execute files on a Pocket PC except when the application is installed.
- There is no way to copy a file to a Pocket PC remotely either
- Neither are there remote services on a Pocket PC (by default) to attack.
This means the attack surface is very small and requires the user to do something. This makes it very hard to replicate viruses.
Maybe future versions will open the attack surface a little... we will have to wait and see...
__________________
Darryl BurlingReporting from the inside :-)blog: www.burling.co.nz |
| |
|
|
|
04-02-2005, 10:49 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 221
|
|
Agreed that the PPC platform has a very small attack surface, and there's little you can do to one remotely.
Probably the first wave of real (not proof of concept ones that asks you to install themselves) malware for the PPC will not be through technical flaws but social engineering such as has become popular on PCs lately. It's got to be almost certain that the first will be one of:
1) An attached .EXE in an email, along the lines of iloveyou, anna kournikova, etc.
2) *If* PIE becomes powerful and open enough possible malware attacks, browser hijacking as we see on the desktop.
There's probably enough dumb people to make (1) a possibility in the next couple of years. Hopefully MS will be fully up to speed on their security drive by then, though.
Either way, I still consider myself more likely to have the Space Station drop on my head than get a virus on my Loox this year. (Looks up to check)...
|
| |
|
|
|
04-02-2005, 10:53 PM
|
|
Thinker
Join Date: Jul 2003
Posts: 430
|
|
Quote:
|
Originally Posted by mr_Ray
Agreed that the PPC platform has a very small attack surface, and there's little you can do to one remotely.
Probably the first wave of real (not proof of concept ones that asks you to install themselves) malware for the PPC will not be through technical flaws but social engineering such as has become popular on PCs lately. It's got to be almost certain that the first will be one of:
1) An attached .EXE in an email, along the lines of iloveyou, anna kournikova, etc.
2) *If* PIE becomes powerful and open enough possible malware attacks, browser hijacking as we see on the desktop.
There's probably enough dumb people to make (1) a possibility in the next couple of years. Hopefully MS will be fully up to speed on their security drive by then, though.
Either way, I still consider myself more likely to have the Space Station drop on my head than get a virus on my Loox this year. (Looks up to check)...
|
I agree with you on the social engineering bit, but the problem for proliferating viruses this way is that as soon as people know that program x is a virus, the distribution sites will pull it and it will become obscure from the general PPC public quickly, preventing it from spreading.
Also - it cant replicate further easily (it cant even send email without interacting with the user), so the chances are that it will stop short at the initial infection.
__________________
Darryl BurlingReporting from the inside :-)blog: www.burling.co.nz |
| |
|
|
|
04-02-2005, 11:09 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 221
|
|
Quote:
|
Originally Posted by darrylb
I agree with you on the social engineering bit, but the problem for proliferating viruses this way is that as soon as people know that program x is a virus, the distribution sites will pull it and it will become obscure from the general PPC public quickly, preventing it from spreading.
Also - it cant replicate further easily (it cant even send email without interacting with the user), so the chances are that it will stop short at the initial infection.
|
Actually it can - as long as the user has an active network connection, which isn't entirely unlikely since they're reading email.
Step 1:
Grab any mail addresses for your contacts using the POOM.
Step 2:
Using your own SMTP engine, mail out copies.
Obviously there are a few hitches along the way such as detending their SMTP server settings (or they could use a designated open one but that limits it even more), but it's entirely possible. Were I so inclined myself I could probably knock up something workable in a few days. With no real security on the PPC for running code (no limited user account), any EXE you can get running on there can essentially do anything the user can. Inbox, etc not being VBA hosts like Outlook etc. just means that you have to do things the hard way, not that they can't be done at all.
There's little doubt that the only reason we're not seeing social engineering-based attacks right now is twofold:
1) PPC is a minority platform in the computing world.
2) Online PPCs are a minority in the PPC world.
So it's a miniroty group among a minoriry group - little chance of anyone being interested, and even if they are few enough PPCs come in contact to spread anything.
|
| |
|
|
|
04-02-2005, 11:35 PM
|
|
Thinker
Join Date: Jul 2003
Posts: 430
|
|
True. You are right - and again, the open smtp server could be a good way to do it.
Another thing - mail wont allow you to execute cab files or exe's directly which is another hurdle to overcome... The user has to save the file and then execute it.
|
| |
|
|
|
04-03-2005, 07:34 AM
|
|
Philosopher
Join Date: Nov 2002
Posts: 544
|
|
Quote:
|
Originally Posted by Ward
Viruses/phishing/scams aren't the problem - its the ignorant who click everything without a care. They cost businesses time and money and people like me have to fix the mess caused by their ineptitude.
|
It's interesting that you blame the 100's of millions of computer users who will eventually encounter a virus but you let the virus writes (who in my opinion are the scum of the earth) completely off the hook.
Next I expect to hear that terrorists are just trying to make a point by blowing up trains and buildings filled with innocent people.
I am normally a pretty civil person but me thinks we need to loop a noose over the nearest tree limb the next time one of these virus proliferators are caught. They ARE the problem.
|
| |
|
|
|
04-03-2005, 10:04 AM
|
|
Intellectual
Join Date: Jul 2003
Posts: 221
|
|
Quote:
|
Originally Posted by darrylb
True. You are right - and again, the open smtp server could be a good way to do it.
Another thing - mail wont allow you to execute cab files or exe's directly which is another hurdle to overcome... The user has to save the file and then execute it.
|
Yeah, that's another factor to bear in mind. I actually didn't know that since I've never really used the built in mail much. Then again you should never underestimate the danger of clueless users.
Remember the worm that spread by email, in a password-protected ZIP file where the password was sent in a different email with instructions for the user to follow to open the ZIP with the password and run the EXE inside? Dumb users are ready to go to extreme lengths to infect themselves. 
|
| |
|
|
|
|
|
Linear Mode
