A "JeffM" special: Android.Jsmshider is digitally signed with an Android Open Source Project.
Alexandrovitch Kudiroyaravtsevgovoi
Is 2011 Finally the Actual Year of Mobile Malware?
One problem with this approach is that it would normally require the user to
accept the installation of any download and this is likely to catch the user's
attention at some point.
*But Symantec found an attack which works its way around this* . As seen in
this series of screen captures.
Android.Jsmshider is digitally signed with an Android Open Source Project
certificate, leading the system to accept the payload as a system
update.Other mobile platforms don't seem to be as amenable to malware as
Android. This includes the iPhone/iPad, at least when they are not
jailbroken. But the market volume leader is Android and, as in other
markets, that's where malware authors go. Mobile malware has arrived.
JeffM
[Same old dead horse]
Another already-dealt-with closed-source app.
They didn't even have to wait until the 2nd Tuesday of next month.
Yawn.
As long as userland is populated by can't-see-the-source-code apps,
users will continue to click on the closed-source dancing bunnies
and whatever payload the rogue developers have included will run.
WOPR: "A strange game. The only winning move is not to play.
How about a nice game of chess?"
Android would benefit from a 100% Open Source Software ecosystem.
cc
How is being open source going to help? I bet you could show upwards
of 99% of Android users the source code and they would not recognize a
virus. The appeal of the Android Market being open, is also the cause
of its troubles. Open or closed source seems relatively meaningless.
--
"I'm a mind reader." - Snit
bbgruff
Let me get this straight - you are saying that 1% of Android Users *would*
recognise a virus if the source code was available?
2,000,000 people recognising a virus sounds to be a hell of a good way of
stopping viruses!
There again, I'm still not aware of a single Android virus. Do your figures
hold true for malware generally?
cc
My "figures" were just a generalization (signified by the "I bet" that
started the sentence). The point I was making was what would having
the source solve, if a vast majority of people couldn't understand it?
So yes, my "figures" hold true for malware generally in that most
people would not know malware from the source code. Being closed
source is not the cause of Windows malware. Being closed source is not
the cause of Android malware. Therefore, being open source is not the
solution.
Unless you're going to restrict what users have access to, and have a
thorough review process, being open or closed is not going to prevent
malware being uploaded and downloaded.
Do you think apps being open source would change things?
--
"I don't know the difference between opinion and fact." - Snit
Snit
Even assuming your numbers are correct - that is 1% who *potentially* would
if they were looking.
> There again, I'm still not aware of a single Android virus. Do your figures
> hold true for malware generally?
>
--
[INSERT .SIG HERE]
Snit
6441e798-22a7-486d...@w24g2000yqw.googlegroups.com on 7/19/11
12:39 PM:
The fact iOS users are much safer than Android users shows that the open /
closed source issue is not the only one.
--
[INSERT .SIG HERE]
bbgruff
> The point I was making was what would having
> the source solve, if a vast majority of people couldn't understand it?
Yes, and my point is that it only takes *one* person to understand it.
.... 2,000,000 is even better, of course.
cc
And that one person does what then? Convinces people not to download
it? Goes back in time and convinces all the people that already
downloaded it while that one person was figuring out that it was a
virus not to download it? It's not like people aren't figuring out
that malware is malware, closed source or open source.
If there is nothing to prevent malware *open* source code from being
uploaded/downloaded, the only thing that being open source does is
maybe it's recognized as malware sooner. But that doesn't help those
who had downloaded the app in the mean time.
Do you have any idea of how long some of these malware apps have been
in the Android Market before being recognized as malware by any
chance?
Snit
4963703a-560c-4fd6...@l37g2000yqd.googlegroups.com on 7/19/11
1:02 PM:
> On Jul 19, 3:53 pm, bbgruff <bbgr...@yahoo.co.uk> wrote:
>> On Tuesday 19 July 2011 20:39 cc wrote:
>>
>>> The point I was making was what would having
>>> the source solve, if a vast majority of people couldn't understand it?
>>
>> Yes, and my point is that it only takes *one* person to understand it.
>> .... 2,000,000 is even better, of course.
>
> And that one person does what then? Convinces people not to download
> it? Goes back in time and convinces all the people that already
> downloaded it while that one person was figuring out that it was a
> virus not to download it? It's not like people aren't figuring out
> that malware is malware, closed source or open source.
>
> If there is nothing to prevent malware *open* source code from being
> uploaded/downloaded, the only thing that being open source does is
> maybe it's recognized as malware sooner. But that doesn't help those
> who had downloaded the app in the mean time.
Most Windows malware is closed source - and it found quickly.
> Do you have any idea of how long some of these malware apps have been
> in the Android Market before being recognized as malware by any
> chance?
--
[INSERT .SIG HERE]
JeffM
>>>Android would benefit from a 100% Open Source Software ecosystem.
>>>
>>How is being open source going to help?
>>
(So far, everything is the same as the closed-source model).
2) The infection is removed from the app's source code
3) The new fork of the project is released under a new title.
4) Users rejoice at their now-malware-free app.
With closed-source wares, the ONLY option is to ban the app.
>>you could show upwards of 99% of Android users the source code
>>
In some matters, it only takes ONE individual to achieve the effect:
http://google.com/search?tbs=dfn:1&q=hung-jury
bbgruff wrote:
>you are saying that 1% of Android Users
>*would* recognise a virus if the source code was available?
>
Again, all it takes is *one individual* with the skills and interest.
After that, **everyone** benefits.
>2,000,000 people recognising a virus
>sounds to be a hell of a good way of stopping viruses!
>
The large number of Android users
would certainly make the Open Source meme very powerful.
>There again, I'm still not aware of a single Android virus.
>
Yup. No drive-by infections reported and no botnets.
All the hand-waving is about TROJANS
aka people PURPOSELY installing apps. The fact that
their closed-source purchases don't do what they expect them to
is a consequence of the last-century pay-for-binaries model.
Vetted repositories full of FOSS
is a *much* cooler notion than app stores.
Alexandrovitch Kudiroyaravtsevgovoi
news:CA4B2C29.9F6AD%use...@gallopinginsanity.com...
recommendations", that also apply to Windows too (chuckle) :-)
Symantec Security Response encourages all users and administrators to adhere
to the following basic security "best practices":
Use a firewall to block all incoming connections from the Internet to
services that should not be publicly available. By default, you should deny
all incoming connections and only allow services you explicitly want to
offer to the outside world.
Enforce a password policy. Complex passwords make it difficult to crack
password files on compromised computers. This helps to prevent or limit
damage when a computer is compromised.
Ensure that programs and users of the computer use the lowest level of
privileges necessary to complete a task. When prompted for a root or UAC
password, ensure that the program asking for administration-level access is
a legitimate application.
Disable AutoPlay to prevent the automatic launching of executable files on
network and removable drives, and disconnect the drives when not required.
If write access is not required, enable read-only mode if the option is
available.
Turn off file sharing if not needed. If file sharing is required, use ACLs
and password protection to limit access. Disable anonymous access to shared
folders. Grant access only to user accounts with strong passwords to folders
that must be shared.
Turn off and remove unnecessary services. By default, many operating systems
install auxiliary services that are not critical. These services are avenues
of attack. If they are removed, threats have less avenues of attack.
If a threat exploits one or more network services, disable, or block access
to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host
public services and are accessible through the firewall, such as HTTP, FTP,
mail, and DNS services.
Configure your email server to block or remove email that contains file
attachments that are commonly used to spread threats, such as .vbs, .bat,
.exe, .pif and .scr files.
Isolate compromised computers quickly to prevent threats from spreading
further. Perform a forensic analysis and restore the computers using trusted
media.
Train employees not to open attachments unless they are expecting them.
Also, do not execute software that is downloaded from the Internet unless it
has been scanned for viruses. Simply visiting a compromised Web site can
cause infection if certain browser vulnerabilities are not patched.
If Bluetooth is not required for mobile devices, it should be turned off. If
you require its use, ensure that the device's visibility is set to "Hidden"
so that it cannot be scanned by other Bluetooth devices. If device pairing
must be used, ensure that all devices are set to "Unauthorized", requiring
authorization for each connection request. Do not accept applications that
are unsigned or sent from unknown sources.
For further information on the terms used in this document, please refer to
the Security Response glossary.
Snit
201107192034...@smtp.cobalt.loc on 7/19/11 1:34 PM:
...
>>> Unless you're going to restrict what users have access to, and have a
>>> thorough review process, being open or closed is not going to prevent
>>> malware being uploaded and downloaded.
>>>
>>> Do you think apps being open source would change things?
>>
>> The fact iOS users are much safer than Android users shows that the open /
>> closed source issue is not the only one.
>>
> What are you talking about?,
I am talking about how Windows users and Linux users (Android, at least)
have to worry about malware - it is fairly common. This contrasts with iOS
and desktop Linux users who have a far, far less chance of ever encountering
malware for their system (though there have been a couple significant
exceptions).
...
--
[INSERT .SIG HERE]
Alexandrovitch Kudiroyaravtsevgovoi
Maybe you noticed the ;-)
+ 1, b.t.w.
Clogwog
news:7ef44717-7d84-4b52...@c29g2000yqd.googlegroups.com...
Nincompoopellectual blabbering, IMHO!, 7 is that you?
JeffM
>"best practices"
>[A lot of stupid Windoze-related shit]
>
Much easier (if you are going to use closed-source software):
1) DON'T "be the first on your block to _____".
2) Check the pedigree of the software you would like to use
**BEFORE** you download/install it.
(Malware in the Android app store is pulled within hours.)
3) There is no #3.
Much MUCH easier:
1) Use ONLY Open Source Software (from vetted repositories).
2) There is no #2.