A software developer has updated an application that turns smartphones into sophisticated espionage tools that secretly zap contacts, calendar items, and geographic locations to servers of an attacker's choice. For now, Phone Creeper works only on handsets that run Microsoft's Windows Mobile operating system. But Chetstriker, …
If it wasn't for black hats there'd be no need for Fsecure and its competitors
If it wasn't for black hats, there'd be no need for Fsecure and its competitors.
If it wasn't for black hats and the resultant need for the overhead of anti-virus scanners and secure code, there'd be no need for multi-core processors in regular desktops.
A strong malware industry and strong malware hobbiests are essential to support the AV industry, as well as to support the advanced obsolescence that drives the hardware industry.
It isn't Fsecure that will pay the economic price for malware distribution, it is computer consumers, computer service consumers, and service providers paying, through AV and hardware purchases.
So naturally AV companies and hardware manufacturers are not going to push for the criminal prosecution of malware creators and malware distributors.
Sorry but i dont buy that, i have 3 computers at home and 2 "smartphones" (i hate that word)
none of them have any anti virus software installed on them, all my computers are run through a firewall, and never in many years of service have i ever had a virus etc, the overhead of an AV program if you choose wisely is very little, you do not need multi processor computers to run them, multiprocessor CPU etc are very useful for many other tasks tho, to name a few, video editing, graphics design, sound editing, servers, VPCs, many app multi tasking, compiling, gaming, video decoding/encoding, photo editing, should i go on?, please remove head from cloud.
the single biggest reason people get virus installed and mal/spyware for that matter is because the user has done something stupid. end of story
with regards to this article, if i leave my phone unattended anything could happen to it, infact i have tracking software that is properly built into it(will survive a hardreset unlike this one from the article) that does exactly what this program does so i can keep track of it if i lose it. if you leave your phone around i can copy your contacts and messages without having to install anything on it, i can do this via my phone, or use the amazing technological advance known as a pen.
So my answer to you is, if the world wasnt full of idiots, or and perhaps more politically correct, if people had more education on the use of technology, there wouldnt need to be AV software, and the creators of software like this can go about their HOBBIES which is exactly what it is as they see fit
if it wasn't for windows there'd be no need for fsecure nor any other commercial av/security firms
What is stupid?
Unfortunately most of the Great Unwashed don't know what "stupid" means. To most people there is just "the computer" and they cannot tell where the boundaries of trust are. They get used to downloading stuff and running it. They get used to installing Adobe viewer to view PDFs when "the computer" tells them to. When "the computer" tells them, to download a codec so they can watch a cute kitten video or pron, then will just do it.
Even the reasonably wary are easily tricked. Easy enough for a useful looking utility (eg. an editor or diff viewer) on a reasonably legit looking site to harbour a trojan.
It's pretty obvious what is dangerous when you're driving a car. If the satnav tells you to drive over a cliff, you'll probably not do it (though some have).
How do you know you've never had a virus if you've never had any virus detection software? ;D
(Welcome mat for the virii!)
PCs a full time job
The trouble with PCs is that it's a full time job not to "do anything stupid" and the user often needs to be a Desktop support type to keep things running smoothly. So just to make sure things are up to date is part of using a Windows Machine. AV is becoming less and less effective too with the only real alternative being application white listing.
Driveby Downloads are not the user doing anything stupid but the web developers ignoring the need to protect against SQL injection leading to legitimate sites punting Malware.
Run Windows as a user account will help but Malware authors have started installing under user profile defeating this advice and things like Flash run outside of the Browser environment and has it's own data leaking cookies.
Microsoft got their act together with patching sometime ago so the focus became Adobe, Apple & Oracle who all put out widely used and like all software often full of bugs which over time have become routinely exploited and until recently had rather poor update systems which installed more software (ie: Apple used to punt the awful Safari if you had iTunes/Quicktime if the "stupid user" didn't pay attention) Secunia PSI will help address this but you will find things like Flash and Java leave old versions and PSI also will slow down an older PC.
The problem with Windows is that is it widely used and suffers from the legacy of Windows for Workgroups and Windows 95 which had no permissions so once Windows 2000 and beyond became the norm everybody run as an administrator and while not perfect the Unix permissions are more solid but even the "we won't get Malware" Mac users can be duped by installing software laced with Malware and of course there won't be many with AV installed, personally I think once Malware authors put there mind to it there will be rich pickings from Apple machines.
I've recently started using Ubuntu on a modest Asus Notebook and am impressed by it's performance compared to Windows 7 on the same machine and Ubuntu repository for software and Software updates are relatively seamless but the downsides are poor multitouch mouse pad support and printer support is lacking and power management is not quite up to scratch but I expect this to change over the next year or so.
never said i didnt have any, just said i dont use it :)
because periodically the OS drives are taken off line and checked, Network traffic is monitored and nothing comes in or out without my hardware firewall knowing about it. as i said, the only way someone can get a virus or anything installed on their computer is if someone has sat down at the keyboard and installed something to allow them to do it, there is no other way, you can go on about remote control but again someone would need to allow access to that, and you will note ive specificly stated i do use firewalls.
yes it is easy to do it by mistake and infact on one of my computers i intentially infect it to learn the best way of removing it, it can not spread by its self, it needs a medium, usually email or web access and in all cases the user must do something to install it.
XDA Devs is not a hacking collective!
I doubt I'll be the last XDA member to come on here and say this but it is NOT a hacking collective or anything of the sort. It is, as the name suggests, a group of developers but also enthusiasts, fans and pasing visitors who are looking to get the best out of their smartphone. Some of the work revolves around custom firmware but a lot more of it is about new apps, themes, ways of doing things and discussion about new devices or how-to guides.
Please don't go all Daily Mail on us.
I second that...
... I'm an occassional visitor/member of the forum and without the free help I get from that site and it's members my phones wouldn't be as usable as they are, they have some talented people who give a lot of free time to 'just help' others fix problems or customise something.
Back to front
“Striker does't seem like a bad guy in our book, but a silently installing espionage suite should be detected by a security suite,”
Isn't the job of a security suite to detect bad stuff, whether or not the bad stuff wants detecting?
Or are F-Secure just complaining because they haven't figured out how to detect it yet?
..until I get a MS smart phone, I will not bother with AV, in fact, if I get one of them that does not have an SD slot, how does this work?.
I will consider AV protection for my smart phone (which ever type I get) when the nasty stuff starts coming from on-line rather than somebody manually sticking it on my dog-n-bone.
I wonder if we will see the return of diallers, the like of which I have not seen since I switched from modems to broadband. Now that would pose an issue depending on your data plan.
I suppose technically this 'tool' is a dialler. I wonder if you can get it to silently phone a premium rate number? or sux up all your months data allowance by being a zombie and doing DOS attacks whilst your in the park playing with your dog?
- ahh yes, the old 'zombie-in-you-pocket'.
Paris, because I just don't know.
but can you see the market that will use this. How about parents who want to know their children are safe, or maybe who wants to find out if there spouse/fiance isn't in fact that cheating "bitch" your best mate tells you he/she is.
I'm sorry to tell you this but she is.
She decided to shag someone who knows their there from their their.
Good point. I'll have to keep this in mind....
Perhaps his *point* was
Windows (and I suspect) Android *allow* this behavior to happen.
Apps that install silently and leave *no* trace on running program and process lists.
How is this *not* a faulty design?
Before anyone gets *too* overboard on his demo let's keep in mind it does need *physical* access to the phone (SD card insertion).
But of course you have to ask if this is what "amateur" developers (of phone compromising software) can deliver what are the "pros" capable of?
And what will be found on a closer look at Android's API?
If an amateur can do this, then the capabilities of the pros means that
"Privacy *IS* dead.
Nice attempt to try and discredit Windows Phone 7. Although you didn't mention that operating system by name, nowhere in your article did you attempt to make the distinction between old Windows Mobile and new Windows Phone.
The two are completely different and this article appears to be nothing more than an attempt by The Register to turn people against a new product that has barely launched. Shame on you.
Phone Creeper has been out for more than a year, yet this is the first The Register has ever reported about it... I wonder why?
what is wrong here
Here we have a criminal openly posting criminal apps and what is done about it, nothing, talk about a upside down world, if it were up to me he would be looking at a life in prison for being a criminal and who is to pay for the the damage he causes, why the user of course. Its time these scum were put into jail where they belong, he is claiming that he is doing it because he could.
Its time we stopped being a society where these scum get away with causing these problems for society, a stiff life sentence would sort out a lot of these problems. http://www.theregister.co.uk/Design/graphics/icons/comment/thumb_down_32.png
"It doesn't show up under a phone's installed or running programs, and by default it reinstalls itself if it's removed."
I'd say that if it can reinstall itself then it has truly been removed, just parts of it have been deleted.
/me turns over ipod touch
Hmm, no usb/sd card slot...