Log in

View Full Version : Symbian hits back over security



Ben
6th September 2005, 05:39 PM
...and makes sure you feel thoroughly stupid if you've managed to get infected.

http://news.zdnet.co.uk/hardware/mobile/0,39020360,39216531,00.htm


The mobile virus threat can be negated by users showing a little common sense, according to a senior Symbian executive

Mobile phone operating-system maker Symbian has reacted to growing media and security industry concern about the threat of mobile phone viruses, stating categorically that users are in no danger of getting a virus on their handset.

And David Wood, executive vice president of research at Symbian, told ZDNet UK sister site silicon.com it's crazy to think a company such as his own isn't constantly reviewing all security threats and wouldn't have reacted by now if such threats were real.

Wood said: "Trust me, we really don't want to come a cropper on this one.

"For the past four years we've been in constant talks with a number of partners and antivirus companies because we really don't want to find ourselves in the same trouble that people have now with their PCs ."

Wood believes the simple fact is that users are not at risk at present from mobile phone viruses and doesn't believe there has been an increase in the risk, despite claims to the contrary appearing in the media.

"The number of proof-of-concept viruses is increasing but that's not to say there has been an increase in the risk of infestation or there is any need for panic or worry," Wood explained

What few risks there are in the wild — which appear to exist at negligible levels — can easily be guarded against and do not have an effective way of infecting or spreading, said Wood.

He added that these viruses will only spread with user permission and conceded that in very rare instances a user could contrive to infect their phone.

"If somebody says: 'Can I borrow your phone for half an hour and put an application on it?' you'd be suspicious," said Wood. "So why would somebody open an application from somebody they do not know?"

Wood said he believes there is virtually zero chance that a user who displays "common sense" will ever fall victim to a mobile phone virus, although the threat may increase in time.

Doug Overton, head of communications at WDSGlobal, which handles around 100,000 helpdesk calls each month for customers of HP, Nokia, Orange, Sony-Ericsson and T-Mobile, agreed that the real issue is about proper configuration of mobile phones, which used properly should be impervious to the current smattering of viruses.

But Overton believes for some media and security companies it is often too tempting to talk about sexier issues.

"Security fears can provide a horror story which the media are sure to lap up and this can create a distraction from the real problems.

"Configuration issues have fallen by the wayside when they deserve greater attention."

Despite the insistence that such viruses are currently a non-issue, Symbian is still preparing for a day when that may not be the case.

"We realise that malware writers are going to become more ingenious. We don't know when, or if, a really nasty virus will target mobile phones. I personally don't think there will be one for quite some time," said Wood.

Work on the Symbian OS kernel is ongoing, with security in mind, and version 9.0 will start appearing on devices at the end of this year with improved platform security features.

The company's Symbian Signed application scheme also helps users see when an application comes from a source that is 'untrusted'.

Hands0n
6th September 2005, 11:27 PM
I'm always disturbed at the corporate line that their product cannot be affected by virii. That is a sure red rag to the proverbial bull to the virus writers. A more cautious and less boastful line would have been better! History is littered with such proclamations!!

IBM - There will be no more than 100,000 personal computers worldwide
Decca (iirc) - The Beatles? They'll never amount to much
the list goes on............

Ben
7th September 2005, 12:33 PM
"What few risks there are in the wild — which appear to exist at negligible levels — can easily be guarded against and do not have an effective way of infecting or spreading, said Wood."

Um, being bombarded with an unlimited number of bluetooth connection attempts trying to send the file is a pretty effective way of infecting or spreading, if you ask me! Bluetooth connections definitely need to be throttled, with an option to 'block all' attempts from someone rather than just Accept and Reject. It sounds like they're being incredibly niave given how rife these malware applications are now at any place that has a reasonable concentration of smartphones.

The OS in itself may not be insecure, but its implementation and the way it is used by the end user does not promote security to the fullest like many articles like this one would have us believe. I hope this is simply the 'company line' to divert any sense of panic and that they're actually working on ways to reduce the threat from malware further. I know they're doing a few things, but nothing that has blown me away just yet.