Apple Drops The Ball, Norton Comes Up With An iPhone Solution
Reading over the Apple discussion forums I came across a post from a concerned iPhone user whose phone was mimicking actions that resembled malware infections they had seen on different PCs running Windows and were symptomatic “of 3 well documented viruses/worms on unlocked iPhonesâ€.
The response to these concerns were somewhat depressing, albeit common when the discussion comes up regarding any Apple product and malware:
“There are no viruses that affect or infect OS X which has been available for 10 years now, and the iPhone runs an optimized version of OS X.
Nothing can be installed on an iPhone from a received email, from a received MMS, or from a website except for a photo which can be done manually only, and I haven’t read any reports about malware much less a virus being included with a JPEG file even with that Swiss cheese for security OS that is Windows.
There have been reports about malware (not a virus, which is different from malware) being included with unofficial software downloaded from unknown and untrusted sources which requires a hacked/jailbroken iPhone. A carrier locked iPhone can be hacked/jailbroken to unlock it unofficially, or just to install unofficial software from unknown and untrusted sources.
If you haven’t hacked/jailbroken your iPhone, your iPhone doesn’t have any malware and certainly doesn’t have a virus which is different since there are no viruses that affect or infect OS X on a Mac or on an iPhone.â€1
The possible malware infection risk to jailbroken iPhones has been well documented by Apple and others but so many forget that just a few months ago, Nicolas Seriot showed how an app that had been approved by iTunes and downloaded through the App Store could easily compromise the owner’s private data using nothing more that the API officially sanctioned by Apple.
In the real world, we call applications that do this malware, plain and simple.
The common counterpoint to this argument is that there is no malware in the wild that can infect the iPhone OS, which is built on OS X. But as Seriot pointed out, while Apple’s strict controls can keep a lot of the bad out, it certainly can’t keep everything out forever. Give it time and we will start to see malware written for the iPhone because that is where the data/money is.
Norton’s Answer
Symantec seems to be getting an early jump on Smartphone security with their release of Norton Smartphone Security that will be available for smartphones running Android 1.0. The Android version of Smartphone Security works much like the Symbian counterpart. The main focus of the application is to protect user data from being compromised should the phone be lost or stolen. With a simple text message, the user of the missing phone can wipe all data off the phone to protect it from prying eyes. Additionally, it locks up a stolen phone even if the SIM card is removed so the device becomes worthless to anyone who doesn’t know how to unlock it.
What is most impressive about Norton’s Smartphone Security and the two operating systems that run it, is the fact that they address the need to prevent mobile malware threats. Norton claims that Smartphone Security on both the Symbian and Andriod operating systems:
- Detects and removes threats and forbidden files without affecting your mobile device’s performance
- Scans all the files and app updates you download to your mobile device for threats
With so many new threats, like ClickJacking and malvertising, and traditional vulnerabilities, such as SQL Injection and Cross-Site Scripting, it is a relief to see Symbian and Google making an effort to address the need to protect their users. As a happy, and dedicated iPhone user, I hope that Apple follows suit in the near future.
1.   NB – This response is not that of an Apple employee but a register user on the Apple discussion forum.
-
http://www.simple1300numbers.com.au Dave
-
http://www.sequoiamediaservices.com Jeff
