Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book General > General Discussions

Notices

Reply
 
Thread Tools Search this Thread
Old 11-04-2011, 04:11 AM   #1
carpetmojo
Wizard
carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.
 
Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
Exclamation Security questions ?

A query for the many tech-experts out there.

Acting on advice from a Sony thread, as it is a question that may affect all makes of wifi readers, what, if any, protection do these have against virus, Trojan, malware and other nasties ?

And can we install things like Avast and Malaware, run scans and things, to keep things safe and functioning ?
Or doesn't the risk exist ?

Or do we just hope the bogies can't see a profit, or any fun, in messing around with our reading habits ?
carpetmojo is offline   Reply With Quote
Old 11-04-2011, 09:25 AM   #2
Pinecone
Guru
Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.Pinecone ought to be getting tired of karma fortunes by now.
 
Posts: 902
Karma: 1660722
Join Date: Nov 2009
Location: Maryland
Device: PRS-650, PRS-600, PRS-350
Only an issue if you root your reader and use it for general browsing.

If you leave it stock and only access the reader store, should not be a problem.
Pinecone is offline   Reply With Quote
Advert
Old 11-04-2011, 10:47 AM   #3
jgaiser
Omnivorous
jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.jgaiser ought to be getting tired of karma fortunes by now.
 
jgaiser's Avatar
 
Posts: 3,283
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
I don't know what OS Sony uses, but as long as it's not Windows, you probably don't have to be concerned. Kindles, Nooks and Android based units are completely safe.
jgaiser is offline   Reply With Quote
Old 11-04-2011, 11:54 AM   #4
taustin
Wizard
taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.
 
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
Quote:
Originally Posted by jgaiser View Post
I don't know what OS Sony uses, but as long as it's not Windows, you probably don't have to be concerned. Kindles, Nooks and Android based units are completely safe.
That isn't really true. Android malware is certainly less common, to be sure, but it does exist in the wild.

As for "only accessing the reader store," many readers have at least something like a web browser, and while it's very unlikely, even the official store can be compromised. Google Apps and the generic Android store have both been used to distribute malware, if only briefly.

It it becomes a widespread problem, though, anti-virus will become available for these devices. Just hope you aren't part of the reason why, before it happens.
taustin is offline   Reply With Quote
Old 11-04-2011, 05:35 PM   #5
carpetmojo
Wizard
carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.
 
Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
[QUOTE=taustin;1817963........... Just hope you aren't part of the reason why, before it happens.[/QUOTE]

Quite !

But most readers will at the very least buy a few books from "outside" commercial sites - Waterstones etc, more so if they're cheaper than official sites - which is the point of having a browser, surely, to, well..... browse ! Which leaves us open to attacks, yes ?
So basically, there is a possible danger ?

So where's all the helpful info as to what to do, should it happen ?

Tell me they've thought of it, please...
carpetmojo is offline   Reply With Quote
Advert
Old 11-04-2011, 06:05 PM   #6
susan_cassidy
Wizard
susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.
 
Posts: 2,251
Karma: 3720310
Join Date: Jan 2009
Location: USA
Device: Kindle, iPad (not used much for reading)
Books themselves are not executable. You'd be more likely to encounter a problem using a browser on the reader, and having the browser hijacked.

For example, Kindle is based on Linux, so if you installed an executable (Linux-based) on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see.

Don't know what Sony is based on, but the same principle applies. You aren't executing books.
susan_cassidy is offline   Reply With Quote
Old 11-04-2011, 06:12 PM   #7
ScalyFreak
Sith Wannabe
ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.
 
ScalyFreak's Avatar
 
Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
Quote:
Originally Posted by carpetmojo View Post
Which leaves us open to attacks, yes ?
So basically, there is a possible danger ?
Yes, and no. There is danger in that malicious scripts can be run in your browser and track your activity, redirect your searches, or collect your information and then "phone home" to share it. Some browsers are more vulnerable than others, generally the more common it is, the more likely it will be targeted. No one bothers directing an attack towards an obscure piece of software used by 0.5% of the market. In the Windows world they hit Firefox and Internet Explorer, and most likely the default browsers in iOS and Android.

The Android Marketplace offers anti-virus apps that run discretely on the device and scans all downloaded files for threats before allowing you to install, and they can of course also scan all data on the device if necessary. Android AV apps are a lot more common today than last year, and as Android becomes more popular it will become a bigger target, and as a result the selection of anti-virus apps will undoubtedly continue to grow.

So for any eReader running an Android OS, there is a part of your answer.

If I remember right, my Sony 950 runs a Linux based OS. Linux, like Android and unlike Windows for the longest time, separates out the part that you the user can access from the important system files that Windows XP malware targeted in order to entirely cripple a machine. That why you need to give yourself elevated command-line access in Linux before you can do certain things, and why you need to root your Android device if you want to be able to do certain things to it. Without those elevated permissions, you are very limited in what you can do to modify the devices itself. This means that it's hard for malicious software to install itself to a level where it can do real damage.

Please note that it's very easy for you to over-ride a lot of this security by telling the Android Marketplace "yes, please accept all permissions and install this". Pay attention to what the app wants to do, and when in doubt, say no!

As for using the built-in browser to buy books from other sites, that actually moves a lot of the security issues fro your device to the store website. So if you use the browser on your Sony T1 to buy from Waterstones.com, then you would enter the info into their encrypted payment page in your browser and send it over your encrypted wifi over to them. If Waterstones have even the slightest little clue about information security, they store your info on a very secure server, that is separate from the website and protected in very paranoid ways, because that's EU law and they don't want to be dragged to court over being careless about your personal information. And once it's in their possession it is now up to Waterstones to keep your information safe, and up to you to clear the cache in your device browser so that it can't be seen and used by someone who picks your pocket on a crowded bus.

Sorry if this was a bit vague. I haven't spent nearly as much time as I should on learning about these issues. If anyone out there has, please, feel free to correct any mistakes I made (and share your links!).
ScalyFreak is offline   Reply With Quote
Old 11-04-2011, 06:14 PM   #8
ScalyFreak
Sith Wannabe
ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.
 
ScalyFreak's Avatar
 
Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
Quote:
Originally Posted by susan_cassidy View Post
Don't know what Sony is based on, but the same principle applies. You aren't executing books.
Oh yeah, this too. The only danger from opening a book on the eReader is if it is actually a different type of file disguised as an ePub or other book format. The only books where that might actually happen are books that don't come from legal sources, so as long as you buy from legitimate stores, that shouldn't be a problem.
ScalyFreak is offline   Reply With Quote
Old 11-04-2011, 06:51 PM   #9
susan_cassidy
Wizard
susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.susan_cassidy ought to be getting tired of karma fortunes by now.
 
Posts: 2,251
Karma: 3720310
Join Date: Jan 2009
Location: USA
Device: Kindle, iPad (not used much for reading)
Quote:
Originally Posted by ScalyFreak View Post
Oh yeah, this too. The only danger from opening a book on the eReader is if it is actually a different type of file disguised as an ePub or other book format.
But the device is still not going to execute the file, even if it is really a program, with '.epub' tacked onto the filename.
susan_cassidy is offline   Reply With Quote
Old 11-04-2011, 07:27 PM   #10
ScalyFreak
Sith Wannabe
ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.
 
ScalyFreak's Avatar
 
Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
Quote:
Originally Posted by susan_cassidy View Post
But the device is still not going to execute the file, even if it is really a program, with '.epub' tacked onto the filename.
Not in the sense Windows does it, no. But just like you can write a malicious piece of code that can wreak havoc on a Linux system if it is "executed" (=run) with the right level of privileges, I'm sure there are ways that a piece of code can be tricked into running on any form of device with an operating system and cause problems. Wasn't there something like that released for the PS3's OS at one point? Or am I confusing it with the latest Apple virus now?

The important thing to remember is that the people in this world capable of writing that kind of code have far better things to do with their time than use it to try and hijack/infect eReaders.
ScalyFreak is offline   Reply With Quote
Old 11-05-2011, 02:49 AM   #11
Ken Maltby
Wizard
Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.Ken Maltby ought to be getting tired of karma fortunes by now.
 
Ken Maltby's Avatar
 
Posts: 4,466
Karma: 6900052
Join Date: Dec 2009
Location: The Heart of Texas
Device: Boox Note2, AuraHD, PDA,
Of course if you use an ereader that is actually dedicated to ereading and has no
internet interface itself, there is no such problem. No one writes malicious code
that can't call home anymore. The worst that can happen to a dedicated ereader
is for the code intended for a similar device (but one with an internet connection),
could try and mess up the file system. Then a simple reflash of the firmware would
set things straight. The CPUs in a dedicated ereader generally use a very small subset
of an operating system, (often a form of Linux) with features of the CPU designed to
support the very limited set of features, at a very low level. These "Embedded" systems
don't have many of the general purpose functions support that the virus creators make
use of in their attacks. Besides, the dedicated ereaders use low-power, limited
performance CPUs in their design.

Luck;
Ken
Ken Maltby is offline   Reply With Quote
Old 11-05-2011, 03:48 AM   #12
carpetmojo
Wizard
carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.carpetmojo ought to be getting tired of karma fortunes by now.
 
Posts: 3,117
Karma: 9269999
Join Date: Feb 2011
Location: UK
Device: Sony- T3, PRS650, 350, T1/2/3, Paperwhite, Fire 8.9,Samsung Tab S 10.5
Smile Many many thanks.........

....to Scaly Freak and Ken, for a pretty clear and interesting [yes, even to me, the tech-dummy in the corner] explanation, and all other comments and suggestions.

So it seems we're almost certainly safe, mainly 'cos it's too tricky be worth the effort to get at us, and even if they did, there wouldn't be any dosh [£/$%] in it .

I get that !

carpetmojo is offline   Reply With Quote
Old 11-05-2011, 10:03 AM   #13
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
Quote:
Originally Posted by susan_cassidy View Post
Books themselves are not executable. You'd be more likely to encounter a problem using a browser on the reader, and having the browser hijacked.

For example, Kindle is based on Linux, so if you installed an executable (Linux-based) on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see.

Don't know what Sony is based on, but the same principle applies. You aren't executing books.
You can still have issues with non executable data. For example loading the text from a book could cause a buffer overflow which can then use the remainder of the "text" as executable code. Loading a webpage in a browser can have similar exploits, although many browsers have fixed these over the years there may still be bugs lurking.

Same can be said for downloading a movie, if there's a exploit for the player you use to view it, the movie could be crafted to expoit it.

Although the exact type of attack depends on how the OS segregates code and data, some now include extra checking to mitigate stack overflows and other buffer based attacks.

That said, ereaders are likely a very low target. How many people do their banking on a kindle or enter other critical passwords? Even CC may be already stored on the site you buy books from so targetting an ereader doesn't really sound like it'd be worth it for anyone bent on doing no good.

Last edited by JoeD; 11-05-2011 at 10:06 AM.
JoeD is offline   Reply With Quote
Old 11-05-2011, 02:00 PM   #14
ScalyFreak
Sith Wannabe
ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.ScalyFreak ought to be getting tired of karma fortunes by now.
 
ScalyFreak's Avatar
 
Posts: 2,034
Karma: 8017430
Join Date: Jun 2011
Location: I'm not sure... it's kind of dark.
Device: Galaxy Note 4, Kobo Aura H2O, Kindle Fire HD, Aluratek Libre
Quote:
Originally Posted by carpetmojo View Post
So it seems we're almost certainly safe, mainly 'cos it's too tricky be worth the effort to get at us, and even if they did, there wouldn't be any dosh [£/$%] in it .
Exactly! Too much work for too small a reward.
ScalyFreak is offline   Reply With Quote
Old 11-06-2011, 12:05 AM   #15
taustin
Wizard
taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.
 
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
Quote:
Originally Posted by susan_cassidy View Post
Books themselves are not executable.
Neither are JPEGs, but they have been used to transmit malware. Not all malware transmitted through Office documents have been in the scripting, either. One current one is in embedded fonts, which is also not, per se, executable.

Quote:
Originally Posted by susan_cassidy View Post
You'd be more likely to encounter a problem using a browser on the reader, and having the browser hijacked.
That, however, is entirely correct.

Quote:
Originally Posted by susan_cassidy View Post
For example, Kindle is based on Linux, so if you installed an executable (Linux-based)
Cross OS malware has been demonstrated, too, though not, so far as I know yet) seen in the wild.

on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see.

Quote:
Originally Posted by susan_cassidy View Post
Don't know what Sony is based on, but the same principle applies. You aren't executing books.
Since both major ebook formats are, basically, HTML, and web browers are, at this time, the biggest single vector for malware, that doesn't really comfort me any. The lack of processing power and full time internet connection on most book readers, however, does. Most malware these days is devoted to spamming or identity theft. A book reader is useless for spamming, and can't possibly get identity theft info for more than one person, so such a virus would be over little value. And for malware writers these days, it's all about money.
taustin is offline   Reply With Quote
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kindle confidentiality and security questions ritef Amazon Kindle 18 01-11-2012 01:21 PM
security coeus enTourage Archive 6 05-16-2011 02:15 AM
Kindle 2 Security Jasoon Carey Amazon Kindle 18 08-01-2009 11:35 AM
Security. ruibittencourt Workshop 30 03-05-2009 12:37 AM


All times are GMT -4. The time now is 05:53 PM.


MobileRead.com is a privately owned, operated and funded community.