MacDailyNews - Where Mac news comes first

really? and how (pray tell) does he see this happening?

...or is it better to ignore petty details when your job depends on it?

MW "pay" ironic.

It's better to build the anti-virus software first and then come up with viruses to sell the software.

Shouldn't it be F***-Secure
- we won't make a profit if things are secure unless we can con people in to thinking they aren't.

Becuz, ya know, we'se hate for anyting to happen to youse iPhone, isn't dat right, Tony?

Key word here is likely - as in 'it is likely one day that man will land on Mars'

in other words we haven't found one yet but we are happy to take your money if you're worried. ( PS. we offer no money back guarantee to prevent anything - so why invest ? ).

I think they're trying to trick us.

Quick. Run. (Magic Word: before). they. get. you.

Just buy a XXXL condom, the ones manufactured in Nigeria, most inner-city drug stores carry them, and place your iPhone inside.

Instant protection.

Whole article seems to be, yet again, an argument from ubiquity. Sad.

I wonder..... Do they offer anti-malware products for Windows Mobile based phones?

@Wade: That doesn't make sense. I don't think "ubiquity" is the word you were looking for...

"Apple's reputation for bullet-proof security could soon be blown away" because I just made it up. Aren't I great!

'It's 80-90% likely that we will see malware targetting the iPhone," says Patrik.



Ya think? It's 100% likely that it will be targeted. But what's the chance that they will succeed? That's the only thing that's important here . . .

If I got it right, the iPhone SDK will be for paying developers and every app will be inspected by Apple.

The inner "chambers" of the OS are pretty secure, since different levels and "areas" is split up into 256-bit encrypted Disk Images which are verified against the Apple-provided checksum, so if the Image has been altered, next time it won't be mounted. Easier to create a Mac OS X virus than an iPhone virus.

I betcha that it would be a virus that doesn't affect the iphone, or OSX, but might hit window by being spread through the iPhone. If that's the case, imagine: your windows computer gets infected, but your iphone and other macs don't. Do you ditch your iphone, or do you buy a mac?

Wade, you keep using that word, "ubiquity".

I don't think it means what you think it means.

I am so scared.

David Flynn, has exposed F-Secure as a 80%-90% bounty-coder.

MS is far more busy these days hiring security teams to write viruses just so Vista looks ok. Wow!



Hahahahah

OK. Let me be the first to say this. The first iPhone virus that finally proliferates the planet, I want someone to reverse engineer the crap out of it and see if anyone can see where it came from. If I see F-Secure's or Symantec's or any other anti-virus app's fingerprints on that, I've got three words for you - class action lawsuit! You've been warned!

I like his comment about how now "normal" people are now buying Macs. Who does he think was buying them before?

Actually, it's 100%. Since iPhone runs OS X, and there's a trojan for OS X, it's already been done. Doesn't mean it can be transmitted easily, passed from PC/Mac to iPhone, or over mobile phone networks.

I don't have much faith in F-secure since they missed the trojan which is already released (missed as in not even knowing about it).

@Reality Check

That doesn't make sense. I don't think "ubiquity" is the word you were looking for

Makes perfect sense, Windows is omnipresent, ubiquitous, therefore viruses and antivirus peddlers' software are also ubiquitous.

At least I can be confident that my multi-layered and cryptic comments are missing the dull minds of those that lack read comprehension and lateral thinking. Just as well really or the rings may be a-quivering.

"@Wade: That doesn't make sense. I don't think "ubiquity" is the word you were looking for..."

Ubiquity is being all over the place- the argument is one of- there are no viruses for the Mac OS because it is not ubiquitous, and windoze is ubiquitous. Thus, the argument from ubiquity to explain the lack of Mac viruses.

The argument from 'non-ubiquity'?

<b>I already compiled malware for the iPhone!</i>

But it needs Windows as a carrier.

Chances of seeing Jesus in my closet tonight: my guess is 13-17%

Think life is bad for Mac users? My Dad got a new PC (Dell) and tried to set up the Macaffee virus protection etc. It wouldn't accept his old account info so he tried to contact them by phone. Never could get anyone. They offer a premium connection for a pound a minute but he isn't going to do that. Nightmare.

I'm far more worried about extant Windows exploits that threaten my company's infrastructure than any hypothetical iPhone exploits affecting the iPhones we're already using for work. Why no similar, ongoing <i>sturm und drang</i> for Microsoft and their continuing ineptitude? Is it that Windows users and Windows-based IT departments just say to themselves, "This is the way it is, and it keeps us employed anyway"? You'd think that this "ZOMG the iPhone may one day get a virus" somehow outweighs the Windows' insecurity and potentially (and proven) massive negative impact when it's exploited yet again. I wonder how much companies lose because of botnets and damage caused by things like Storm? Shouldn't F-Secure be railing against MS for their continuing shoddy work, rather than dreaming up hypothetical situations? Seems that if they're hyping about potential problems with the iPhone, they should be screaming at the top of their lungs about existing problems with Windows.

(Thanks for correcting the article link, MDN.)

This is no brainer self-promotion. If they are wrong, they can continue to say next year and no one will deny them. If they are right, they become a prominent security specialist.

Meanwhile, I will continue to predict demise of Microsoft. Like Digital Research (CP/M), Apollo (Domain), Data General and DEC (VMS) before them, Microsoft will become another forgotten computer company within next ten years. I been saying it since 1990 is beside the point.

How on earth is the iphone going to get a virus or malware?

EMAIL:
If you get an email with an attachment from an address you dont know just dont click on it - simple.

BLUETOOTH:
Also, with bluetooth, no one can send you a file without you confirming you want it.

WIFI:
Cant see any iphone getting malware from this - especially if you are on a closed network which is password protected.

This is TOTAL FUD!

The FUD tradition against Apple products continues. (Fear, Uncertainty and Doubt is a prehistoric method of propaganda). You'd think they'd get the clue. Symantec made two anti-Mac security FUD attacks in 2005. Utter failures. McAfee followed with their own FUD attack late that year. Utter failure. Then the CEO of McAfee, in a total turn around, suggested that anyone with brains should dump their Windows box in favor of a Mac simply for the sake of SECURITY. This past year we had a flood of FUD from the hacker community. Thankfully none of them wrote anything malicious and Apple were up to the task of eradicating all the vulnerabilities they found. Then last week we were supposed to be shaking in our well-healed Mac user boots about the porno Trojan out in the wild for Macs. Yeah. I'm scared. But at least this this does help waken people up to the fact that NO operating system is ever invulnerable or perfect.

Here is some FUD: Anti-Mac bigots and marketing morons like F-Secure have an 80-90% chance of making fools of themselves by making stoopid predictions about Apple product security.

I hope I make them wet their pants and shiver in ((((FEAR)))).

;-Derek

An email with malicious jpeg file from one of your Window OS friend.

Through yet security hole in a undocumented bluetooth port.

Closed WiFi network? Why? Closed on WiFi, but open to internet through router.

Not a total FUD. Who would have thought Sidekick can be broken into through the cell phone's data connection. Someone did. We don't know if next one will be a worm or a trojan. Just remember, F-security and other anti-virus software makers do not know the answer either. The anti-viurs for most part is reactionary, not proactive. A virus has to hit before they can write the virus definition to stop it. So, the software they are selling today is not likely to stop the virus that comes out tomorrow, at least not for Mac OS X.

"An email with malicious jpeg file ..."

Not so far out. The iPhone was "jailbroken" by leveraging a vulnerability in a tiff library. What can be leveraged for "jailbreaking" could also be leveraged for malicious purposes.

There are other possible vectors. Safari on the iPhone was broken days after launch by Dr. Charlie Miller at ISE:

http://blogs.zdnet.com/security/?p=393

That was down to a vulnerability in open-source software that Apple was using. The vulnerability had already been fixed, but Apple was using an old version -- not for the first time.

The device is far from invulnerable -- nothing is.

However, I think F-Secure is flying a kite. There's no more reason why the iPhone would be struck by a plague of exploits than any other smartphone. Other phones are probably around in greater numbers, which would make them a broader target. Other phones may be easier to crack, too.

I think F-Secure mentioned the iPhone because they know it's a hip product and therefore newsworthy. This interview was about bumping-up F-Secure's profile; that's all.

If by "malware," you include "trojan horse" type malware, they might as well say the chances are 100%. You can't stop the user from being stupid and intentionally agreeing to install evil software. However, if Apple's method for officially allowing third party apps on iPhone only permits such software from "trusted" sources, the risk will be minimized. Then again, there will be users who choose to bypass such measures, so the chances are sill 100% that iPhone malware will appear.

The only Mallware threat I have to deal with is when my wife looks up gap.com on her iPhone.

Just reformat your hard drive and then you won't get a virus.