Proof of Concept PocketPC Virus Created 152
SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."
Can it really spread? (Score:5, Interesting)
Like the typical outlook virus (Score:4, Interesting)
Anyway Pocket PC viruses are going to be rarer than one for Macs
Reminds of Donut [zdnet.com] , the .NET virus ... but there hasn't been a real one in the wild yet ?.
bash$ alias kill='chmod -R 0666 /'
Re:E-Darwin (Score:3, Interesting)
Pocket PC issues (Score:4, Interesting)
Windows CE is actually more secure than Windows XP because the majority of the OS is in ROM. Those files are protected at the file system level - it is not even possible to read or copy the files, let along modify them.
After an infection one could always do a hard reset to quickly have a clean device that is at least usable.
Also, the amount of damage that could be inflicted would be moderate because most PDAs are synchronized with a host PC. So the information on the PDA is essentially backed up multiple times a day.
The real concern would be a virus that could propogate over multiple platforms running different processors. This is one reason to be afraid of
Dan East
As Uncle Cecil (Score:2, Interesting)
As usual, The Straight Dope [straightdope.com] has an exhaustive entry on the issue:
Re:Pocket PC issues (ROM isn't magic) (Score:5, Interesting)
> is in ROM. Those files are protected at the file system level - it is not even
> possible to read or copy the files, let along modify them.
Keeping files in ROM does not inherently constitute a better virus protection.
Of course, altering a ROM file is (usually) impossible. However, any complex
operating system has a lot of options for RAM or FLASH based files to "hook-in",
and RAM and FLASH are certainly not impossible to alter.
A virus that hooks into the startup sequence of a pocket device is as effective
as a hypothetical one that managed to alter the ROM of that device. Sure, a
ROM device might have a "wipe-all" reset button that gets rid of the virus,
but it would get rid of all personalization data as well - files, installed
software, addresses etc.
So, how does that make the ROM device less vulnerable to virus attacks? It
can't be rendered completely unusable. Ok. But all the other threats continue
to exist. You can loose your data, you can spread the virus to other devices,
you could even sync a multiplatform virus to your desktop PC, etc.
Marc
Re:Reminds me of that windows virus... (Score:3, Interesting)
CRAZY!
Comment removed (Score:5, Interesting)
Re:E-Darwin (Score:5, Interesting)
It is, but there is an once of truth in it. The default behavior.
By default, Windows Xp Home runs me as admin, and I had remove permissions for it the be secure...
By default, Mandrake runs me as user. I had to learn to change to root.
But I think the best behavior is with OS X (which I don't own). It prompt you with a password windows each time you need admin access. To me the says: 'STOP! think about what you are doing! Are you sure, you know what you are doing?'
Kinda like the way my sister caught Sircam.exe but when the thing poped-up in ZoneAlarm, she got the reflex to click 'No': "I don't know this application, And everything seems to work OK without it, so there...". She was infested all right, but it didn't spread... (and didn't clog her dial-up line). And off, I did have the "AAAHH! VIRUS!" Reaction when I saw the same pop-up on her computer... Now she google for the file when she don't know... I'm soo proud of my sister, growing up before my very eyes *snif*
Education, can go a long way, but if people can't know they have problems, we can't help them... Default install would go even further... If would force so people to think...
Windows isn't the problem, Ignorance is the problem. Education is the solution.
Re:Yet another reason to run Linux on your PDA (Score:3, Interesting)
Seeing as how niether the PocketPC nor the PalmOS was built from the ground up with the idea of getting on the net right away, I'm not sure why you'd put any more faith in any PDA short of the Zaurus with its Linux based roots. (Yes, I realize you basically stated this in your subject line, but I don't see how you could ignore Palm in this case given their large market.)
I will say this, though: PDA's aren't like computers, at least not today. Your PDA is chained to your computer. It is, for all intents and purposes, a peripheral. You can't, for example, get on the net with either a Palm or a PocketPC and download/install an app. You have to go through the syncing operation. Because of this very nature of these devices, you can rather easily switch to a brand new unit or get back up to speed on one that's been completely reset. (Doubly useful if your PDA is damaged/stolen, which they are far more prone to than virus damage.) In short, virus security is not that high of priority. It is 'a reaason' to be using Linux on your PDA, but it's so low on the totem pole compared to usability that I wouldn't expect a lot of people to give it that serious of thought. Sad? Maybe. Whoopee, download a patch.
I'm not trying to completely poo poo your point. It's valid. I'm just trying to put it in the proper perspective. The lesson I learned from this story isn't that I should ignore the idea of getting a Palm or a PocketPC, but rather that I should turn lock down the Bluetooth feature on whatever PDA I end up getting. The nice thing about BT is that it does have a trust based relationship doohicky going on with it. I know that's true for PocketPC, and I cannot imagine that the Palm or Zaurus wouldn't respect it either. That's just plain good sense whether the OS is secure or not.
comparative endemics (Score:3, Interesting)
This isn't new... (Score:2, Interesting)
Re:E-Darwin (Score:4, Interesting)
Linux also has APIs for use by local users, that probably should not be callable by just anyone on the internet. The recent exploit on Windows Mozilla has reduced my confidence that Linux Mozilla is not exposing internal APIs.
Mozilla is a big complex app, and I'm not sure I trust it anymore. (I sure as hell haven't audited it. Have you?) I'm starting to think I need to either stop using it, or somehow sandbox it.