Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 05-23-2012, 07:04 PM   #1
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,041
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Eugene Kaspersky frustrated by Apple’s iOS AV ban

Apple may want to heed the warnings:


http://www.theregister.co.uk/2012/05...ios_antivirus/



http://www.crn.com/news/security/240...c2A**.ecappj03

Last edited by obsessed2; 05-23-2012 at 07:13 PM.
obsessed2 is offline   Reply With Quote
Old 05-23-2012, 07:20 PM   #2
taustin
Wizard
taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.taustin ought to be getting tired of karma fortunes by now.
 
Posts: 1,358
Karma: 5766642
Join Date: Aug 2010
Device: Nook
Someone with a vested financial interest in convincing you that your children will be be eaten by wild dogs if you don't give him money tells you that your children will be eaten by wild dogs if you don't give him money. Go figure.

As he notes, iOS is pretty locked down, and opportunities are almost entirely only in the app store. What he doesn't mention is that the app store is also pretty well locked down. Apple has done a fair job so far of reviewing software for nasty habits before allowing something in the app store, and a better than fair job of pulling stuff out when something nasty slips through. And, here's the important part, if something slips through, they can delete it remotely, which is to say, they have a pretty good anti-virus mechanism in place already.

Giving up enough information for outsiders to even try to build anti-virus apps for iOS simply spreads technical detail farther and wider, and honestly, increases the chance someone will find a vulnerability in the os itself.

And let's not forget, Kapersky has had their own web site hacked to distibute malware (the same sort of drive-by infection that an iPhone or iPad would most likely be vulnerable to, if someone could get at the internal details).

There are those who believe that anti-virus software itself is, basically, a form of grifting. I don't really agree with them (certainly not those who believe that most viruses are made and distributed by anti-virus companies), but I do see their point.

If I used Apple products, I'd prefer knowing that Apple kept those os details internal to having other companies making anti-virus apps, especially considering that most anti-virus software is so bloated as to render the system nearly unusuable. Not to mention screwups in updates. One managed to flag all emails with the letter "p" in them as malware, and Avast (I think it was) recently flagged one of its own definition updates as malware.
taustin is offline   Reply With Quote
Old 05-23-2012, 07:29 PM   #3
elcreative
Wizard
elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.elcreative ought to be getting tired of karma fortunes by now.
 
Posts: 2,888
Karma: 5875940
Join Date: Dec 2007
Device: PRS505, 600, 350, 650, Nexus 7, Note III, iPad 4 etc
Quote:
Originally Posted by obsessed2 View Post
Wow, an unbiased FUD report from Kaspersky with another showing how vulnerable Android can be... actually makes iOS sound like a better bet...
elcreative is offline   Reply With Quote
Old 05-23-2012, 07:58 PM   #4
afv011
Captain Penguin
afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.
 
afv011's Avatar
 
Posts: 2,966
Karma: 2079999999
Join Date: May 2009
Location: Seattle, WA
Device: Kobo Clara BW, Kobo Libra 2, Nook Glowlight
Quote:
Originally Posted by taustin View Post
What he doesn't mention is that the app store is also pretty well locked down. Apple has done a fair job so far of reviewing software for nasty habits before allowing something in the app store, and a better than fair job of pulling stuff out when something nasty slips through.
ORLY?

Quote:
Hacker Charlie Miller has exposed a security flaw in Apple's App Store. The flaw allows a LEGIT app to secretly download an unsigned, app without the knowledge of the user, or Apple through a backdoor entrance.

Remember, this is a signed, listed, inspected and fully authorized app from the App Store. The malicious code was not detected by Apple, and the only reason the app was pulled and his dev account cancelled was because he himself announced the presence of his virus in the app that he wrote.
Source
afv011 is offline   Reply With Quote
Old 05-23-2012, 08:21 PM   #5
Barty
doofus
Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.Barty ought to be getting tired of karma fortunes by now.
 
Barty's Avatar
 
Posts: 2,554
Karma: 13089041
Join Date: Sep 2010
Device: Kobo Libra 2, Kindle Voyage
The problem is, how would an iOS antivirus app even work? In the sandbox model, it's not allowed to scan the storage and memory space of the system or other apps, right? So what is it doing, declaring ITSELF safe? Unless it's using exploits or private API that get other apps banned.

Now, he could release an AV app on Cydia (jailbreak app store), but he's not interested in that bc it's not nearly as profitable.
Barty is offline   Reply With Quote
Old 05-24-2012, 06:00 AM   #6
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
Quote:
Originally Posted by afv011 View Post
ORLY?



Source
How would an AV app running on iOS have helped though? There's no way for virus scanners to detect custom written exploits, the best they can do is update their scan strings and heuristics when an exploit is finally discovered. In principle, by the time they've updated their AV app, Apple would already know about and have pulled the offending app.

AV scanners make a whole lot more sense on Android, not because it's any less secure than iOS, but because it's a lot more open. Users can load unsigned apps if they wish which can come from any source and are an ideal attack vector for malware (much as they are on the Mac/PC).

The only place I can think of an AV being of any use on a totally locked down system is to detect known but not yet fixed exploits. Apple have dragged their feet a few times in the past such as with the java/flashback issue, or the iOS PDF exploit.

iOS had a PDF exploit a while back that people were using to jailbreak their phones, you could argue an AV scanner might have been able to detect that and protect users between the time the exploit became public knowledge and apple fixed it. That's just about the only use case I can think of where AV might make sense on iOS.

However, to do so Apple would need to give anyone writing an AV app complete access to all data on their device or the ability to intercept and stop at any point the download of any data. Technically possible? sure. Likely? not so sure.

If Apple can decrease the gap between notification of an iOS exploit and patch roll out, then it should make AV s/w redundant (on iOS anyway, still important on Mac/PC/anything that users can download binaries from arbitrary locations)

Last edited by JoeD; 05-24-2012 at 06:04 AM.
JoeD is offline   Reply With Quote
Old 05-24-2012, 07:30 AM   #7
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,041
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Quote:
Originally Posted by elcreative View Post
Wow, an unbiased FUD report from Kaspersky with another showing how vulnerable Android can be... actually makes iOS sound like a better bet...

Kaspersky isn't the only one sounding the warnings. Juniper Networks also suggests iOS is at risk. The lack of software protection and a competitive security market leaves users with little protection if malware makes its way through Apple's application vetting process. In the long run, this creates a false sense of security for Apple users and may be an even bigger risk than Android's open model. A failure to accept fallibility is the surest predictor of vulnerability. Apple is far from the only offender when it comes to reluctance to admit security bugs. However, a system without bugs is a developer’s dream that will likely remain a fantasy.
obsessed2 is offline   Reply With Quote
Old 05-24-2012, 08:53 AM   #8
Kali Yuga
Professional Contrarian
Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.Kali Yuga ought to be getting tired of karma fortunes by now.
 
Kali Yuga's Avatar
 
Posts: 2,045
Karma: 3289631
Join Date: Mar 2009
Device: Kindle 4 No Touchie
Yeah, there's a whole strain of "security through obscurity" vs "security through openness" debate that's gone on for a long time.

My guess is that neither works better than the other. If a platform is going to be an attractive vector for malware/viruses, then malware writers will go after it.
Kali Yuga is offline   Reply With Quote
Old 05-24-2012, 09:56 AM   #9
RainingLemur
Spork Connoisseur
RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.RainingLemur ought to be getting tired of karma fortunes by now.
 
RainingLemur's Avatar
 
Posts: 2,355
Karma: 16780603
Join Date: Mar 2011
Device: Nook Color
Quote:
Originally Posted by Kali Yuga View Post
Yeah, there's a whole strain of "security through obscurity" vs "security through openness" debate that's gone on for a long time.

My guess is that neither works better than the other. If a platform is going to be an attractive vector for malware/viruses, then malware writers will go after it.
It's only a matter of time, really. And I'm surprised there hasn't been much of a push for malware/viruses/etc on both major platforms.
RainingLemur is offline   Reply With Quote
Old 05-24-2012, 10:21 AM   #10
morantis
Zealot
morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.morantis ought to be getting tired of karma fortunes by now.
 
Posts: 125
Karma: 769546
Join Date: May 2012
Device: none
It is a little silly to assume that because a vendor does not choose my particular app or software that they are not taking care of a certain issue.
morantis is offline   Reply With Quote
Old 05-24-2012, 11:02 AM   #11
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
Quote:
Originally Posted by Kali Yuga View Post
Yeah, there's a whole strain of "security through obscurity" vs "security through openness" debate that's gone on for a long time.

My guess is that neither works better than the other. If a platform is going to be an attractive vector for malware/viruses, then malware writers will go after it.
I tend to favour the openness as more secure argument, but, only when the developers of both products are on a par skill wise. Both products will release with bugs, hopefully the open one gets peer review and quicker identification of flaws/fixes before they become zero days.

It's 6 of one and half a dozen of the other though when it comes to open software that doesn't get many eyes over it, since the few eyes it might get have no intention on reporting flaws they find On the flip side, it's not much harder for people to find potential areas to exploit in closed source apps, they just pound on them until they find a way to crash it then focus on that area to see if it's exploitable. Obscurity may delay things, but when they are found, it's likely they'll be found by those up to no good before a more honest dev happens across it in a general code review (which can't happen in prop software), not always of course, some security researchers focus on closed source software (has a high install base after all)

When it comes to security based systems though, anything doing encryption or managing passwords, then imo open source and peer scrutiny is the only way.

I'm speculating now, but the reason we may be seeing more malware on android, is that it's currently easier to drop a trojan'd app onto someone's phone via the more open google app store than it is on iOS. That doesn't make iOS more secure, as Apple can and do miss apps that are up to no good in their review process, but maybe there's a perception that you'll get onto more phones via Android before been detected?

@RainingLemur, as people start to do banking over their phones and payment processing becomes more common, I expect the number of reported malware attacks on both platforms will increase. There'll be a bigger incentive for phones to be targeted.

Last edited by JoeD; 05-24-2012 at 11:08 AM.
JoeD is offline   Reply With Quote
Old 05-24-2012, 11:29 AM   #12
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,041
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Quote:
Originally Posted by morantis View Post
It is a little silly to assume that because a vendor does not choose my particular app or software that they are not taking care of a certain issue.

It's even sillier to assume they are taking care of the issue given their track record. Let's hope following two previous major security incidents Apple will be more proactive instead of delayed reactive.


Mene, Mene, Tekel, Upharsin.


An example of Apple’s nonchalant approach to security is the 2009 OS X Java vulnerability that allowed for remote code execution simply by visiting a webpage. This bug was promptly fixed by Java's creator, Sun Microsystems, but Apple left the vulnerability unpatched for more than six months.

http://www.computerworld.com/s/artic...va_attack_code

This incident prompted Ira Winkler, CISSP and president of the Internet Security Advisors Group, who is considered one of the world's most influential security professionals, to write an opinion piece in Computerworld saying the FTC should investigate MAC security.

http://www.computerworld.com/s/artic...ource=rss_news



Apple's response to the 2012 OS X Flashback Trojan was essentially the same as the Java incident in 2009. Immediately as Apple came to know about this malware attack it should have informed its users and sent out some important directives to be followed for the user’s security, but it did not. Instead of hiding the security flaw, Apple should have informed owners on how to disable Java which could have lessened the outbreak until a patch was released. In fact, this outbreak was even preventable because Oracle issued a patch for the vulnerabilities used by Flashback on February 17, but updates weren’t made available to Mac users until April 2.

http://www.forbes.com/sites/adrianki...ware-outbreak/

Last edited by obsessed2; 05-24-2012 at 01:58 PM.
obsessed2 is offline   Reply With Quote
Old 05-24-2012, 11:35 AM   #13
ApK
Award-Winning Participant
ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.ApK ought to be getting tired of karma fortunes by now.
 
Posts: 7,402
Karma: 69116640
Join Date: Feb 2010
Location: NJ, USA
Device: Kindle
Quote:
Originally Posted by Kali Yuga View Post
Yeah, there's a whole strain of "security through obscurity" vs "security through openness" debate that's gone on for a long time.
Also, there is a difference between RELYING on security by obscurity, and simply having obscurity as one more factor in an otherwise sound security plan.

The former is a REALLY bad idea, and what most security types warn about, the latter is a philosophical debate.
ApK is offline   Reply With Quote
Old 05-24-2012, 11:49 AM   #14
afv011
Captain Penguin
afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.afv011 ought to be getting tired of karma fortunes by now.
 
afv011's Avatar
 
Posts: 2,966
Karma: 2079999999
Join Date: May 2009
Location: Seattle, WA
Device: Kobo Clara BW, Kobo Libra 2, Nook Glowlight
Quote:
Originally Posted by JoeD View Post
How would an AV app running on iOS have helped though? There's no way for virus scanners to detect custom written exploits, the best they can do is update their scan strings and heuristics when an exploit is finally discovered. In principle, by the time they've updated their AV app, Apple would already know about and have pulled the offending app.
I totally agree, on iOS you are at the mercy of apple. I was just refuting the claim that the appstore, being curated, was safe.
afv011 is offline   Reply With Quote
Old 05-24-2012, 11:59 AM   #15
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,041
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Quote:
Originally Posted by ApK View Post
Also, there is a difference between RELYING on security by obscurity, and simply having obscurity as one more factor in an otherwise sound security plan.

The former is a REALLY bad idea, and what most security types warn about, the latter is a philosophical debate.
Your comment is dead on. Windows 3.0 started out as an obscure operating system and was very secure. Obscurity is lost with popularity.
obsessed2 is offline   Reply With Quote
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
iPhone AllThingsD: Apple Confirms iOS 5 Bugs Causing Battery Issues for Some iPhones kjk Apple Devices 2 11-03-2011 01:37 AM
Kaspersky Internet Security 2011 causing massive slowdown in loading oldbwl Calibre 13 04-11-2011 02:48 PM
Install fails with Kaspersky Internet Security 2011? khismet Calibre 5 02-28-2011 09:30 AM


All times are GMT -4. The time now is 05:45 AM.


MobileRead.com is a privately owned, operated and funded community.