![]() |
#1 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
|
![]()
A query for the many tech-experts out there.
Acting on advice from a Sony thread, as it is a question that may affect all makes of wifi readers, what, if any, protection do these have against virus, Trojan, malware and other nasties ? And can we install things like Avast and Malaware, run scans and things, to keep things safe and functioning ? Or doesn't the risk exist ? Or do we just hope the bogies can't see a profit, or any fun, in messing around with our reading habits ? ![]() |
![]() |
![]() |
![]() |
#2 |
Guru
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 902
Karma: 1660722
Join Date: Nov 2009
Location: Maryland
Device: PRS-650, PRS-600, PRS-350
|
Only an issue if you root your reader and use it for general browsing.
If you leave it stock and only access the reader store, should not be a problem. |
![]() |
![]() |
Advert | |
|
![]() |
#3 |
Omnivorous
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,283
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
|
I don't know what OS Sony uses, but as long as it's not Windows, you probably don't have to be concerned. Kindles, Nooks and Android based units are completely safe.
|
![]() |
![]() |
![]() |
#4 | |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
|
Quote:
As for "only accessing the reader store," many readers have at least something like a web browser, and while it's very unlikely, even the official store can be compromised. Google Apps and the generic Android store have both been used to distribute malware, if only briefly. It it becomes a widespread problem, though, anti-virus will become available for these devices. Just hope you aren't part of the reason why, before it happens. |
|
![]() |
![]() |
![]() |
#5 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
|
[QUOTE=taustin;1817963........... Just hope you aren't part of the reason why, before it happens.[/QUOTE]
Quite ! But most readers will at the very least buy a few books from "outside" commercial sites - Waterstones etc, more so if they're cheaper than official sites - which is the point of having a browser, surely, to, well..... browse ! Which leaves us open to attacks, yes ? So basically, there is a possible danger ? So where's all the helpful info as to what to do, should it happen ? Tell me they've thought of it, please... ![]() |
![]() |
![]() |
Advert | |
|
![]() |
#6 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,251
Karma: 3720310
Join Date: Jan 2009
Location: USA
Device: Kindle, iPad (not used much for reading)
|
Books themselves are not executable. You'd be more likely to encounter a problem using a browser on the reader, and having the browser hijacked.
For example, Kindle is based on Linux, so if you installed an executable (Linux-based) on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see. Don't know what Sony is based on, but the same principle applies. You aren't executing books. |
![]() |
![]() |
![]() |
#7 | |
Sith Wannabe
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
|
Quote:
The Android Marketplace offers anti-virus apps that run discretely on the device and scans all downloaded files for threats before allowing you to install, and they can of course also scan all data on the device if necessary. Android AV apps are a lot more common today than last year, and as Android becomes more popular it will become a bigger target, and as a result the selection of anti-virus apps will undoubtedly continue to grow. So for any eReader running an Android OS, there is a part of your answer. If I remember right, my Sony 950 runs a Linux based OS. Linux, like Android and unlike Windows for the longest time, separates out the part that you the user can access from the important system files that Windows XP malware targeted in order to entirely cripple a machine. That why you need to give yourself elevated command-line access in Linux before you can do certain things, and why you need to root your Android device if you want to be able to do certain things to it. Without those elevated permissions, you are very limited in what you can do to modify the devices itself. This means that it's hard for malicious software to install itself to a level where it can do real damage. Please note that it's very easy for you to over-ride a lot of this security by telling the Android Marketplace "yes, please accept all permissions and install this". Pay attention to what the app wants to do, and when in doubt, say no! As for using the built-in browser to buy books from other sites, that actually moves a lot of the security issues fro your device to the store website. So if you use the browser on your Sony T1 to buy from Waterstones.com, then you would enter the info into their encrypted payment page in your browser and send it over your encrypted wifi over to them. If Waterstones have even the slightest little clue about information security, they store your info on a very secure server, that is separate from the website and protected in very paranoid ways, because that's EU law and they don't want to be dragged to court over being careless about your personal information. And once it's in their possession it is now up to Waterstones to keep your information safe, and up to you to clear the cache in your device browser so that it can't be seen and used by someone who picks your pocket on a crowded bus. Sorry if this was a bit vague. I haven't spent nearly as much time as I should on learning about these issues. If anyone out there has, please, feel free to correct any mistakes I made (and share your links!). ![]() |
|
![]() |
![]() |
![]() |
#8 |
Sith Wannabe
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
|
Oh yeah, this too. The only danger from opening a book on the eReader is if it is actually a different type of file disguised as an ePub or other book format. The only books where that might actually happen are books that don't come from legal sources, so as long as you buy from legitimate stores, that shouldn't be a problem.
|
![]() |
![]() |
![]() |
#9 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,251
Karma: 3720310
Join Date: Jan 2009
Location: USA
Device: Kindle, iPad (not used much for reading)
|
But the device is still not going to execute the file, even if it is really a program, with '.epub' tacked onto the filename.
|
![]() |
![]() |
![]() |
#10 | |
Sith Wannabe
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
|
Quote:
The important thing to remember is that the people in this world capable of writing that kind of code have far better things to do with their time than use it to try and hijack/infect eReaders. ![]() |
|
![]() |
![]() |
![]() |
#11 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 4,466
Karma: 6900052
Join Date: Dec 2009
Location: The Heart of Texas
Device: Boox Note2, AuraHD, PDA,
|
Of course if you use an ereader that is actually dedicated to ereading and has no
internet interface itself, there is no such problem. No one writes malicious code that can't call home anymore. The worst that can happen to a dedicated ereader is for the code intended for a similar device (but one with an internet connection), could try and mess up the file system. Then a simple reflash of the firmware would set things straight. The CPUs in a dedicated ereader generally use a very small subset of an operating system, (often a form of Linux) with features of the CPU designed to support the very limited set of features, at a very low level. These "Embedded" systems don't have many of the general purpose functions support that the virus creators make use of in their attacks. Besides, the dedicated ereaders use low-power, limited performance CPUs in their design. Luck; Ken |
![]() |
![]() |
![]() |
#12 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
|
![]()
....to Scaly Freak and Ken, for a pretty clear and interesting [yes, even to me, the tech-dummy in the corner] explanation, and all other comments and suggestions.
So it seems we're almost certainly safe, mainly 'cos it's too tricky be worth the effort to get at us, and even if they did, there wouldn't be any dosh [£/$%] in it . I get that ! ![]() |
![]() |
![]() |
![]() |
#13 | |
Guru
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
Same can be said for downloading a movie, if there's a exploit for the player you use to view it, the movie could be crafted to expoit it. Although the exact type of attack depends on how the OS segregates code and data, some now include extra checking to mitigate stack overflows and other buffer based attacks. That said, ereaders are likely a very low target. How many people do their banking on a kindle or enter other critical passwords? Even CC may be already stored on the site you buy books from so targetting an ereader doesn't really sound like it'd be worth it for anyone bent on doing no good. Last edited by JoeD; 11-05-2011 at 10:06 AM. |
|
![]() |
![]() |
![]() |
#14 |
Sith Wannabe
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
|
|
![]() |
![]() |
![]() |
#15 | ||
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
|
Neither are JPEGs, but they have been used to transmit malware. Not all malware transmitted through Office documents have been in the scripting, either. One current one is in embedded fonts, which is also not, per se, executable.
Quote:
Quote:
on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see. Since both major ebook formats are, basically, HTML, and web browers are, at this time, the biggest single vector for malware, that doesn't really comfort me any. The lack of processing power and full time internet connection on most book readers, however, does. Most malware these days is devoted to spamming or identity theft. A book reader is useless for spamming, and can't possibly get identity theft info for more than one person, so such a virus would be over little value. And for malware writers these days, it's all about money. |
||
![]() |
![]() |
![]() |
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Kindle confidentiality and security questions | ritef | Amazon Kindle | 18 | 01-11-2012 01:21 PM |
security | coeus | enTourage Archive | 6 | 05-16-2011 02:15 AM |
Kindle 2 Security | Jasoon Carey | Amazon Kindle | 18 | 08-01-2009 11:35 AM |
Security. | ruibittencourt | Workshop | 30 | 03-05-2009 12:37 AM |