Home > internet, iPod, macintosh, phone, security, software > Virus protection for the iPhone: Why?

Virus protection for the iPhone: Why?

There’s been a growing trend recently to question the behaviour of antivirus software vendors, who’s scaremongering tactics say you must buy their latest product or meet a certain silicon doom. The corporate antivirus market is a far calmer and sensible place, where the product must protect the machine and disrupt the user as little as possible. Contrast this with the domestic market where products have to add new features every year to persuade you to upgrade, and remind you those features are helping.

The September 2008 issue of the UK magazine PC Pro has the front cover headline ‘Is the VIRUS THREAT Real?’ and looks at the severity of the problem. The test machine was a PC and the investigation looked at several areas of web use from the casual surfer to file sharing, gambling and sex. The conclusion was that there are threats, and the further you stray from casual surfing of safe sites the greater the risk. However, as long as you ‘keep you system patched, surf sensibly and take appropriate security precautions’ there’s no need for the paranoia the subject attracts. That’s on a Windows PC, a platform considered very vulnerable to attacks. For many years the situation has been different for Mac’s which have yet to suffer a major security risk from malware.

The news item that started me wondering was about Intego’s Virusbarrier X5, which has this week been updated to add scanning of the iPhone and iPod touch. The scanning is done on the Mac, files are copied from the iDevice to the Mac to be scanned. This is what Intego have to say about the new feature.

‘Now that Apple has made it possible for users to add applications to the iPhone and iPod touch, there is a risk of installing applications that can harm these devices, or take control of them. And users “jailbreaking” (unlocking) an iPhone or iPod touch can install even more applications, increasing this risk. There are a number of security vulnerabilities that make these devices susceptible to attack; exploits for these vulnerabilities can be found easily, and future exploits are certain to be discovered.’

I can see the theoretical risk for a jailbroken device, but suggesting that software from the App Store can cause a problem seems strange given Apple’s control over the service.  Security vulnerabilities have existed on the OSX platform for a long time but haven’t resulted yet in a serious threat. And the last bit about ‘future exploits are certain to be discovered’ is pure speculation, no discovered exploit has so far resulted in a widely used exploit. Being prepared for future problems is good, but surely adequate protection needs an iPhone native app that scans the device during use, not only when it’s docked to your mac. By the time you find out there’s something nasty on your iPhone it could have been propagating itself via wireless data services for hours.

Given the amount of Mac bashers waiting for a serious threat I’m pretty sure everyone will know when one arrives. Until that time the free ClamXav is doing a fine job of preventing me from passing anything on to those using less secure computers.

  1. July 23, 2008 at 10:43 pm

    If your computer has been accessing the Internet unprotected it is infected. Spyware has surpassed viruses as the #1 threat to identity theft and without protection your Internet activities are never private.

  2. basshead
    July 24, 2008 at 5:09 am

    I use the internet daily on Macs without active virus scanning. I use ClamXav to occationally check files I have downloaded, but this is manually started. The Macs do not suffer from spyware or virus infection. Why do I currently need virus protection on a mac?

  3. ozinm
    July 8, 2009 at 2:22 pm

    I’m afraid this is why:

    Apple may be working to fix an iPhone vulnerability that could possibly allow an attacker to remotely install and run unsigned software code with root access to the phone.

    The theoretical attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn’t provide a detailed technical description of the SMS vulnerability.

    An SMS flaw might allow an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. In Miller’s case, it appears he used the flaw he found to remotely crash an iPhone, a sign that a more serious attack might be possible.

    If so, the malicious code could theoretically include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet, Miller said

    Source: http://infoworld.com/d/mobilize/apple-patching-serious-sms-vulnerability-iphone-934

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: