<div class='os_post_top_link'><a href='http://www.antivir.de/en/products/antivir_mobile/index.html' target='_blank'>http://www.antivir.de/en/products/a...bile/index.html</a><br /><br /></div><img src="http://www.pocketpcthoughts.com/images/web/2003/wey-20050402-AntiVir.gif" /><br /><br />While it's probably not yet essential to have an antivirus solution for your Pocket PC, it's good knowing that the range of these types of products is slowly increasing (probably to prepare for a new wave of handheld viruses, which has been suggested, will be seen in the near future). H+BEDV are just one of many to offer such a mobile antivirus solution, as they have just released AntiVir Mobile, which is free for personal use. For non-German speaking readers, click <a href="http://translate.google.com/translate?u=http%3A%2F%2Fwww.antivir.de%2Fen%2Fproducts%2Fantivir_mobile%2Findex.html&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools">here</a> for a Google translation.

If the platform becomes as diseased as the WinPC platform, I'll be especially disappointed in Microsoft.

Having said that, I'm disgusted with the AV vendors. There is absolutely no need for there to be an AV for PPCs. Its scaremongering and utterly unnecessary if everyone simply knew what they were doing.

Viruses/phishing/scams aren't the problem - its the ignorant who click everything without a care. They cost businesses time and money and people like me have to fix the mess caused by their ineptitude.

A basic working knowledge of how things work - what to do when a problem arises, things to avoid, etc, should be taught at school. E.g., funtime.exe = very bad, funtime.doc = suspicious. Recommendation: delete both.

Its not difficult.

Now all we need are actual (real life, in the wild) Pocket PC viruses to go along with it!

Isn't this like selling tin openers before tin cans are invented?

If the platform becomes as diseased as the WinPC platform, I'll be especially disappointed in Microsoft.

Having said that, I'm disgusted with the AV vendors. There is absolutely no need for there to be an AV for PPCs. Its scaremongering and utterly unnecessary if everyone simply knew what they were doing.

If everyone knew what they were doing - you are right there would be no need - for now

A basic working knowledge of how things work - what to do when a problem arises, things to avoid, etc, should be taught at school. E.g., funtime.exe = very bad, funtime.doc = suspicious. Recommendation: delete both.

Its not difficult.

Not for us, but for the average joe it seems very hard. Not everyone thinks logically - which is how we think and how computers work.

Now all we need are actual (real life, in the wild) Pocket PC viruses to go along with it!

If you look at the signature file for Symantec AV for Pocket PC, it has three virus signatures in it. They are out there, but they are hard to find.

I think there will be an increase in viruses, but there are some significant challenges for virus writers to overcome first.

- There is no way to auto execute files on a Pocket PC except when the application is installed.
- There is no way to copy a file to a Pocket PC remotely either
- Neither are there remote services on a Pocket PC (by default) to attack.

This means the attack surface is very small and requires the user to do something. This makes it very hard to replicate viruses.

Maybe future versions will open the attack surface a little... we will have to wait and see...

Agreed that the PPC platform has a very small attack surface, and there's little you can do to one remotely.

Probably the first wave of real (not proof of concept ones that asks you to install themselves) malware for the PPC will not be through technical flaws but social engineering such as has become popular on PCs lately. It's got to be almost certain that the first will be one of:

1) An attached .EXE in an email, along the lines of iloveyou, anna kournikova, etc.
2) *If* PIE becomes powerful and open enough possible malware attacks, browser hijacking as we see on the desktop.

There's probably enough dumb people to make (1) a possibility in the next couple of years. Hopefully MS will be fully up to speed on their security drive by then, though.

Either way, I still consider myself more likely to have the Space Station drop on my head than get a virus on my Loox this year. (Looks up to check)...

Agreed that the PPC platform has a very small attack surface, and there's little you can do to one remotely.

Probably the first wave of real (not proof of concept ones that asks you to install themselves) malware for the PPC will not be through technical flaws but social engineering such as has become popular on PCs lately. It's got to be almost certain that the first will be one of:

1) An attached .EXE in an email, along the lines of iloveyou, anna kournikova, etc.
2) *If* PIE becomes powerful and open enough possible malware attacks, browser hijacking as we see on the desktop.

There's probably enough dumb people to make (1) a possibility in the next couple of years. Hopefully MS will be fully up to speed on their security drive by then, though.

Either way, I still consider myself more likely to have the Space Station drop on my head than get a virus on my Loox this year. (Looks up to check)...

I agree with you on the social engineering bit, but the problem for proliferating viruses this way is that as soon as people know that program x is a virus, the distribution sites will pull it and it will become obscure from the general PPC public quickly, preventing it from spreading.

Also - it cant replicate further easily (it cant even send email without interacting with the user), so the chances are that it will stop short at the initial infection.

I agree with you on the social engineering bit, but the problem for proliferating viruses this way is that as soon as people know that program x is a virus, the distribution sites will pull it and it will become obscure from the general PPC public quickly, preventing it from spreading.

Also - it cant replicate further easily (it cant even send email without interacting with the user), so the chances are that it will stop short at the initial infection.
Actually it can - as long as the user has an active network connection, which isn't entirely unlikely since they're reading email.

Step 1:
Grab any mail addresses for your contacts using the POOM.
Step 2:
Using your own SMTP engine, mail out copies.

Obviously there are a few hitches along the way such as detending their SMTP server settings (or they could use a designated open one but that limits it even more), but it's entirely possible. Were I so inclined myself I could probably knock up something workable in a few days. With no real security on the PPC for running code (no limited user account), any EXE you can get running on there can essentially do anything the user can. Inbox, etc not being VBA hosts like Outlook etc. just means that you have to do things the hard way, not that they can't be done at all.

There's little doubt that the only reason we're not seeing social engineering-based attacks right now is twofold:
1) PPC is a minority platform in the computing world.
2) Online PPCs are a minority in the PPC world.
So it's a miniroty group among a minoriry group - little chance of anyone being interested, and even if they are few enough PPCs come in contact to spread anything.

True. You are right - and again, the open smtp server could be a good way to do it.

Another thing - mail wont allow you to execute cab files or exe's directly which is another hurdle to overcome... The user has to save the file and then execute it.

Viruses/phishing/scams aren't the problem - its the ignorant who click everything without a care. They cost businesses time and money and people like me have to fix the mess caused by their ineptitude.

It's interesting that you blame the 100's of millions of computer users who will eventually encounter a virus but you let the virus writes (who in my opinion are the scum of the earth) completely off the hook.

Next I expect to hear that terrorists are just trying to make a point by blowing up trains and buildings filled with innocent people.

I am normally a pretty civil person but me thinks we need to loop a noose over the nearest tree limb the next time one of these virus proliferators are caught. They ARE the problem.

True. You are right - and again, the open smtp server could be a good way to do it.

Another thing - mail wont allow you to execute cab files or exe's directly which is another hurdle to overcome... The user has to save the file and then execute it.
Yeah, that's another factor to bear in mind. I actually didn't know that since I've never really used the built in mail much. Then again you should never underestimate the danger of clueless users.

Remember the worm that spread by email, in a password-protected ZIP file where the password was sent in a different email with instructions for the user to follow to open the ZIP with the password and run the EXE inside? Dumb users are ready to go to extreme lengths to infect themselves. :)

Viruses/phishing/scams aren't the problem - its the ignorant who click everything without a care. They cost businesses time and money and people like me have to fix the mess caused by their ineptitude.

It's interesting that you blame the 100's of millions of computer users who will eventually encounter a virus but you let the virus writes (who in my opinion are the scum of the earth) completely off the hook.

Next I expect to hear that terrorists are just trying to make a point by blowing up trains and buildings filled with innocent people.

I am normally a pretty civil person but me thinks we need to loop a noose over the nearest tree limb the next time one of these virus proliferators are caught. They ARE the problem.

Agreed, but their motivation is the sheer glee they experience when another 'dumb user' is snagged.

I blame the users, the software vendors *then* the virus authors in that order. The users ultimately control everything that happens and usually the virus ends up executing on their system through action or lack of on their part.

Software vendors who make OSes, network aware programs, etc, have a responsibility to make sure their programs are well written, without bugs, loopholes, exploits or potentially unsafe actions. MS really dropped the ball with IE and I feel the only recourse is to delete the source and retire from the browser market. Its perfectly OK to blame the malware author, but when there is thousands of them, its becomes the fault of the software vendor for allowing this thing to continue, IMHO. Additionally, MS firewall is nowhere near tight enough to be useful as a firewall.

Finally, the virus writers. They tend to be teenagers lured by the glamour of the art. Its hard to find a good punishment for someone who is barely an adult and simply wrote a few lines to exploit someone else's own mistake. Don't get me wrong, there are some hardcore criminals (probably responsible for the zombie PC wave) and they should have the full weight of the law dropped on their heads. In either case, they are mostly preying on exploits, vulnerabilities and social engineering tactics which includes the aforementioned two elements above. Fix them and virus authoring would get a damned sight harder.

I blame the users, the software vendors *then* the virus authors in that order. The users ultimately control everything that happens and usually the virus ends up executing on their system through action or lack of on their part.

I agree with Jimski.

Why should users have to even worry about these things? In an ideal world, they would go about their business. The virus writers are the ones who change this - not the users and not the software vendors.

I agree that the software vendors have a responsibility to write good code, but no one wants to write bad software (bad software = bad reputation = less sales = less money). Testing is generally done thoroughly (not all vendors do this well), but the difference between 200 or even 20000 people testing software is much different to millions of people testing software. Test cycles follow user patterns, not hacker patterns. I believe Microsoft have resolved much of their security issues with their new security focus, but no one produces software that is completely bug free - and no one warrants that their software is free of defects (unless they are mad).

The point is software vendors write software for a specific use and test it according to that specific use. Virus writers find and exploit vulnerabilities because they are looking for them - i.e. because they are using the software for something other than its intended purpose.

No - the fault lies squarely at the foot of those who write viruses - no one else is responsible for the mess they have created.