Trend Micro Mobile Security 2.0 beta available

fulltext · 05-25-05, 07:42 PM

https://www.trendbeta.com/index.php?get=37

Clcik on the above link to apply to be a beta tester. Scheduled date for WM2003/SE handhelds in 7/19.

Trend Micro is beta testing Mobile Security 2.0, an all-around antivirus and spam detection solution for phones and PDAs. Mobile Security provides real-time antivirus scanning, as well as on-access and on-demand scanning. SMS spam detection is also real-time; other vectors for eliminating spam include blacklists and whitelists. Spam messages are segregated into a designated spam folder and logged.

Ward · 05-25-05, 08:26 PM

AVs are unneeded. Even for the PC.

I've ran my systems (3 PCs, 2 laptops, 3 PDAs, a wifi router - new) for 4 years now without a virus. The trick is not to use programs or practises which exposes your setup to infection - get a software firewall installed. It will tell you immediately if anything attempts to access the net without your preconfigured permission. Chances are its something new and consequently malicious. Don't use programs with poor security records, i.e. virtually anything MS. Ditch IE for the much better alternatives, Opera and Firefox. Use an email client which doesn't parse HTML and renames executable attachments. Get a good process viewer and familiarise yourself with the running components of your system - learn to recognise newcomers and kill them at the earliest convenience. And finally, make backups!

Unbelievably - all this consumes less time, money and effort than maintaining an AV, accepting the performance hit as a result then repairing the damage when it fails.

Even if you don't agree, paying for a AV is silly - it probably spends 99.9% of its life doing nothing. When you think about it, when it does do its job, how reliably does it do it? Which run of the mill viruses, it usually works if kept up to date. But with 0-day viruses, you last line of defence, quite simply, fails.

Storino03 · 05-25-05, 09:39 PM

There are FREE Anti-Virus programs out there. Plus, you can get viruses simply by downloading bad files, regardless of the source and/or nature of the file in question.

googe · 05-25-05, 11:26 PM

Originally Posted by Ward

AVs are unneeded. Even for the PC.

I've ran my systems (3 PCs, 2 laptops, 3 PDAs, a wifi router - new) for 4 years now without a virus. The trick is not to use programs or practises which exposes your setup to infection - get a software firewall installed. It will tell you immediately if anything attempts to access the net without your preconfigured permission. Chances are its something new and consequently malicious. Don't use programs with poor security records, i.e. virtually anything MS. Ditch IE for the much better alternatives, Opera and Firefox. Use an email client which doesn't parse HTML and renames executable attachments. Get a good process viewer and familiarise yourself with the running components of your system - learn to recognise newcomers and kill them at the earliest convenience. And finally, make backups!

Unbelievably - all this consumes less time, money and effort than maintaining an AV, accepting the performance hit as a result then repairing the damage when it fails.

Even if you don't agree, paying for a AV is silly - it probably spends 99.9% of its life doing nothing. When you think about it, when it does do its job, how reliably does it do it? Which run of the mill viruses, it usually works if kept up to date. But with 0-day viruses, you last line of defence, quite simply, fails.

I'll agree they are not needed yet for PDA, but I dont think people would benefit from following the rest of what you say here. First of all, it takes virtually no time and effort to maintain any modern AV, other than renewing once a year which takes all of a few clicks.

As far as it doing nothing, your experience doesnt represent the general population at all. Most people I know will have their AVs save them from a threat very frequently, most commonly in the form of all the mass-mailer viruses.

There are even cases where commercial software was infected with malicious code, one of these recent cases was for mobile devices actually.

I have never used AV myself either actually, but I understand the need for it. You have to realize the general population is not familiar with things such as client side exploits targeting certain browsers and email clients. As far as knowing which processes should and shouldnt be there, have you looked at the number of ambiguously named processes modern operating systems have running? You expect the average user is gonna know what those things are and what shouldnt be there? :) Furthermore, its not uncommon for viruses to mimic filenames of things that should be there, or inject into process space of exisiting legitimate applications.

Dont forget that a lot of people have children or spouses that are probably even less technical, and at that point your own safe habits are out the window :)

0day viruses arent usually much of a threat, detection for new viruses is very fast and unless by chance youre one of the first infections that isnt much of an issue. Even if you are, with destructive viruses mostly being a thing of the past, youll at least be cleaned shortly after. Better late than never, on the off chance that does happen.

Going without AV on a PDA is ok for now, but going without AV on a PC wouldnt be a very responsible recommendation IMO :)

BTW, software firewalls are quite a bit more useless than AV, as they are very easy to bypass and only warn you of threats that are already on your system. Any good AV will have said threat dealt with before its even on your system.

Villain · 05-26-05, 03:54 AM

Here is the biggest piece of advice when it comes to Anti-Virus software:

Better safe than sorry.

Yes, some of them are slow to update, but some are also quite fast. Some have 'agreements' to not block certain items, as well (green lantern won't be detected by most of the major anti-virus companies).

Personally, I use AVG for my Windows boxes. I'm non-commercial, so it's free, which is nice. It's regularly updated, even nicer. And, did I mention it's free?

Takes hardly any resources on your PC to keep it up and running, and in the 2 years I have been using it, I haven't been infected on this machine. However, my other PC that has McAfee or Norton installed (depends on what I find first after the re-install phase, I tear it down quite often), will usually get attacked at least once due to some outside factor. The most recent being a friend coming over and grabbing a video file from the net.

As for software firewalls, they're not bad, and well worth having as another measure of protection. However, they are not the end all be all of security, either. If you're infected, what good does it do you to stop that infection from spreading? You're data is already at risk, so now you're going to have to deal with that. How about if the code that is on your machine simply runs a script to call iexplore.exe or some other 'trusted' program, so that it can use it as a conduit to send the data?

Wouldn't be that hard to create a simple script that uploaded the results of keystrokes as a .html file using the 'PUT' command already in most HTML browsers. Granted, it's gotten better in regards to some measures of PC security. However, the proof's of concept for attacks like this are already out there, all someone has to do is find a good way to implement them, and that'll be when the reality sets in.

Ward · 05-26-05, 08:15 AM

Originally Posted by Villain

As for software firewalls, they're not bad, and well worth having as another measure of protection. However, they are not the end all be all of security, either. If you're infected, what good does it do you to stop that infection from spreading? You're data is already at risk, so now you're going to have to deal with that. How about if the code that is on your machine simply runs a script to call iexplore.exe or some other 'trusted' program, so that it can use it as a conduit to send the data?

Wouldn't be that hard to create a simple script that uploaded the results of keystrokes as a .html file using the 'PUT' command already in most HTML browsers. Granted, it's gotten better in regards to some measures of PC security. However, the proof's of concept for attacks like this are already out there, all someone has to do is find a good way to implement them, and that'll be when the reality sets in.

My firewall is one of the decent ones - Outpost Pro. It distinguishes between permission given to windowless apps and their windowed counterparts, thus if iexplore was launched without a window to fetch an URL, Outpost would warn me. I've tried this exploit in particular and it is caught.

Again, this is only if iexplore was actually allowed on my system! :D 'cos it isn't. Only Opera, an FTP client, FTP server, Emule and RemotelyAnywhere are allowed limited permissions. Everything else is blocked and logged.

A virus can run rampant on my systems, but I have a long history with PCs so I mirror my documents regularly from one machine to all others, yeah, even the PPCs. The firewall is containment - something an AV cannot do.

If an AV fails, then I've lost the entire network. More often than not, AVs are slow to detect new viruses - especially the ones that propagate first, infect last.

Finally, AVs do nothing at all against spyware or Windows vulnerabilities. So if you have an AV, fair enough, but get a decent firewall too - it will detect 100% of all spyware regardless of definitions since they all have a common element: reporting to base. And it will shield vulnerably spots in the OS from exploitation.

A box with an AV and Firewall is much more secure, I just choose to forego the AV since I don't believe it is employed under my regime.

fulltext · 05-26-05, 06:59 PM

Sounds you like you have a special environment then. Most users need to run AV, a firewall, and preferrably several AntiSpyware apps.

Do you get/send any email on your machine, ie Outlook, or is it all web-based?

Ward · 05-26-05, 07:17 PM

Opera has a micro email client built in. I prefer it, because I don't need to worry about checking email - the browser checks my 3 POP accounts, GMail, news and RSS every 30 minutes. Since I may check my email on any machine, all are set to leave mail on the server except my laptop which I use only during the evening.