View Full Version : Mobile security suite needed
03-01-2011, 11:09 PM
Hello everybody and a Happy New Year!
I have a Samsung I8910 HD mobile phone. It is a smartphone with a Symbian S60 v9.4 operating system.
My cell phone is an invaluable tool of my everyday activities and contains lots of very important, highly sensitive, confidential data. I also use it very often to carry out various financial transactions online.
As it connects to the Internet, and although the risk of a Symbian phone being exposed to the various dangers of the Internet is very small, to be on the safe side and ensure my peace of mind, I have decided to install a mobile security suite which will provide protection against viruses and other malware, external hacking attacks through a firewall as well as spam SMS messages and unwanted telephone calls. The same mobile security suite should also have an anti-theft software component which should enable me to remotely lock the phone, erase sensitive data and locate it through GPS on Google maps in case it is lost or stolen and even have, if it would also be possible, a parental control component.
Do you know any such comprehensive mobile Internet security suites which can properly run on my Samsung I8910 HD cell phone and if yes, which do you think would be the best in your own personal opinion.
Thank you very much for your attention and I would greatly appreciate a reply.
FWIW, your biggest risk/threat is not having a backup of the data on your phone for when you lose it (by accident, breakage, or by theft). After that, the biggest threat is unauthorized manual access to your data by someone else handling your phone, if you didn't change default PIN/security codes, or do not require their use to access your phone.
Unless you install a malicious app yourself, there's no danger of malware/viruses on your phone.
Unless you install a server app yourself (e.g., a web server), which sits and waits for and accepts external connections to the phone, there's no point in a firewall app (as by default the phone has no apps waiting for such connections). Note also that on a phone network, the network operators do not allow external connections to within their network (even if they assign you a public IP address, which most network operators generally don't).
Make sure you change the default PIN and PIN2 codes for your SIM card, and that you also change the default lock/security code. In addition, set a password for any and all memory cards you use, and enable the PIN/security code queries on power-on, SIM card change and after deactivating the screensaver, and make frequent backups.
If you want to do more, you can use tools to additionally encrypt specific data on your phone, but viruscanners and firewalls on a phone are - besides the psychological piece-of-mind factor - a waste of memory, storage space, CPU cycles, battery power, and money.
09-01-2011, 09:59 PM
Many thanks for your attention and reply. It was good to know that my Samsung I8910 HD Symbian smartphone is not in danger of being affected by viruses or any other malware or suffer any external hacking attacks when connected to the Internet and, therefore, that it is completely unnecessary to install a mobile Internet security suite. This can also save me the cost of the annual subscrption which I would otherwise have had to pay in order to keep the virus definitions of my online security software up to date.
However, reading your reply, the following points have unavoidably come to my mind and I would like to discuss them:
What does FWIW, in the very beginning of your reply, mean?
I have to tell you here that I quite often download a wide variety of digital stuff from the Internet to my cell phone including photographs, music, videos, e-books and games. Is it absolutely sure that I do not incur then any danger of downloading also a virus in this way? And what about all these companies which develop and sell anti-virus and firewall software for Symbian mobile phones, strongly advising their customers, like myself, to install them on their Symbian smartphones in order to protect them from viruses and other malware as well as from hacking attacks when they are connected to the Internet. Are all of them ordinary frauds who try to intimidate technologically ignorant people with lies about concocted fictional dangers in order to con them out of their money? Sorry, but I find it too hard to believe it!
Please forgive my technical ignorance but the following question has naturally occured to me: You say in your reply that I do not need the protection of a firewall as my Symbian smartphone cannot suffer an external hacking attack when it is online because, by default, it does not have any server applications, which wait for and accept external connections, installed on it. We all know, on the other hand, that a Windows PC is at an extremely great risk of external hacking attacks when it is connected to the Internet if it is not protected behind a firewall. And the question is: Do the various versions of the Windows operating system contain any such server applications which make them vulnerable to external hacking attacks in sharp contrast to the Symbian operating system which does not have?
As far as now the issue of protection in case of theft, loss or damage of my cell phone is concerned, thank you very much for all your very useful analytical advice about the management and use of the SIM card PINs and phone lock passwords. I am afraid though that they have very little practical protective value in everyday life for the simple reason that I always have my mobile phone on when I move out and about so that I can receive incoming calls and messages which, of course, means that both the telephone device as well as the SIM card have to be unlocked for this purpose. If, therefore, somebody violently grabs my phone and runs away, something which has unfortunately become a common everyday scene overhere nowdays, the damage will have been done as my smartphone and its personal and confidential contents will then be helplessly unprotected without an anti-theft piece of software.
You say nothing about parental control which is a component of many mobile security suites. Following your advice that mobile security software has essentially absolutely nothing to offer to me in practice and so it is nothing more than a waste of money and system resources, I will not install one and here is then the problem and the question. If I need software for parental control tasks, are there any self-standing applications which can solely and specifically perform the parental control function on my Samsung I8910 HD Symbian 5th edition v9.4 smartphone and if yes, could you please tell me their names as well as the name of the company which has developed them?
The same problem and therefore the same question also applies to the spam SMS/MMS and unwanted calls problem which is rapidly expanding and, in my humble opinion, will develop into a real trouble in the very near future. Spam SMS/MMS and unwanted calls blocking software is likewise a component of many mobile security suites but as, following your advice, I will not install such an entirely useless piece of software on my smartphone, I would again like to know whether there are any spam SMS/MMS and unwanted calls blocking self-standing applications for my Samsung I8910 HD Symbian 5th edition v9.4 smartphone and if yes, could you please, in this case again, let me know their names as well as the name of the company which has developed them?
A tool that could encrypt specific data on my phone would be indeed very useful to me. It could, for instance, create an encrypted folder where I could put certain files containing sensitive, strictly personal, confidential data and hide SMS or MMS messages from certain contacts as well as the names of these and any other contacts from the contacts list. Do you know any good such tools that could be installed and properly function on my Samsung I8910 HD Symbian 5th edition v9.4 mobile phone?
I would greatly appreciate a quick and detailed reply.
FWIW -> http://www.lmgtfy.com/?q=FWIW
Downloading photos, music, etc., has no impact as they don't contain any software that gets executed.
And even if you download software (game or anything), they won't install automatically, but you have to deliberately allow the installation. (And the download isn't also happen without your knowledge, as there's also a prompt/dialog for that.)
Of course, if you install software yourself from dubious sources, then you don't know whether the app is malicious or benign. So, if you download and install applications, do it from reputable sources where there is some control over what they distribute (i.e., use old services such as Handango, or the developer's web site if you trust them, or Samsung's channels - if you had a Nokia phone, you could use Ovi Store). If you get stuff via torrents, etc., there's no way of knowing if you get what you think you're getting, or something bad.
In other malicious software exists, but you can easily avoid it without needing any virus scanners.
For external/network based attacks, there's still no need for any firewalls, if you don't install server applications on the phone, and even then, you'd really only run the risk on a Wi-Fi network (there's no external, unsolicited connectivity on mobile networks to a mobile phone, unless you have a very weird network operator).
And if virus scanner makers advertise the need, then they of course do it to sell their stuff (after all, 3 billion phone users is a big market compared to, maybe 1 billion PC users). It makes no difference to the virus scanner makers, whether phone users really need their products or not for them to sell their stuff. Mostly what they sell is a placebo.
On a Windows PC, you could easily have network services/ports open (web server, file server, instant messenger app, etc.) just sitting and waiting for connections from the outside. Mostly, however, in the PC case, it is still the ignorant user that downloads something via accessing a web site, or accepting a file through a chat/messenger app, or downloading and installing a malicious app (e.g., something they think is an innocent game, but is really a "trojan"; i.e., a malicious app - for example containing spyware or a virus - inside an innocent-looking app).
The difference also with a PC is that the PC can (without a firwall on the PC or the network modem/router it is connected to), be contacted from another machine on the Internet (i.e., it is "routable").
And as I've tried to describe, a mobile phone usually gets a private TCP/IP address from the network operator, which is not addressable externally. And, even if the mobile operator/carrier does give a public IP-address to the phone, they still don't allow unsolicited external connection requests from outside their network through their firewalls directly to phones. Hence, no need for firewalls on a phone, unless your network operator behaves totally unlike all the other network operators (and even so you'd still need a listening server app running and waiting for connections on the phone, which phone's don't have by default).
With a lost/stolen phone, I'd say that in 99.99999999% of the cases, having lock/security codes and PIN codes different from defaults, and SIM changes and power-on and screen-saver recovery requiring the user to enter the codes (+ password protected memory cards) is enough for security.
And as I said earlier, backing up the data, so that the phone is not the only place where the information resides, is a good idea, too.
Note that the anti-theft software that a user can install, can easily be disabled by a phone thief; i.e., if they don't need your data, they can just remove the SIM, and you can't send any remote commands to the phone to lock it down. And if the anti-theft app cannot be uninstalled like other apps, they can simply reset/reformat the app to factory settings (or if it is installed on a memory card, just remove the memory card). In such cases the anti-theft software is useless.
For parental control, the security/lock and PIN codes are enough, if you don't want kids or anyone else using your phone. If you, wish to lend your phone to someone, and then wish to protect/hide something, then some kind of security software might help (unless they uninstall it or reformat the phone, when they have access to the phone; then the situation is the same as with a stolen phone). I have never felt the need for any kind of parental control sw on my phones or PCs, so I have not really any knowledge of their good or bad sides, and what's available for a Samsung phone.
I've also no spam SMS/MMS problems or crank calls (and I've use mobile phones daily all over the world since 1994) so I can't help you with that, either.
Anyway, check out the "Security & Encryption" sofware category here:
01-02-2011, 11:52 PM
Hello again N/A,
Please forgive my delay in replying and many thanks for your very clear and analytical posts. I can fully realise and understand now why anti-virus, firewall and anti-theft software is not practically needed for my mobile.
There is, only one dubious point, however, where I would like a little additional elucidation to feel absolutely sure that I am completely out of even the slightest possibility of online danger.
Most of the time I connect my Samsung I8910 mobile phone to the Internet through a Wi-Fi connection and sometimes the Wi-Fi network is not protected by one of these hardware type of firewalls which are commonly behind most Wi-Fi networks for protection against external hacking attacks.
I quite often then chat with my Windows Live Messenger contacts through my phone browser at the http://mb.live.com website which is specifically designed for mobile phone users and I sometimes also have real-time chat sessions, again through my phone browser, at a a number of other websites offering this service. I can do the same by downloading and installing on my phone a Windows Live Messenger or chat application.
The question and my agony then is: In all of the abovementioned cases, that is either when I use the phone browser or when I chat by using a Windows Live Messenger or chat application, would it be possible for a hacker to connect to my phone and, for example, see my conversation or spread any kind of spyare or malware or erase files or applications from my phone or memory card witout me even knowing it?
Are web-based chat as well as chat applications server applications which open ports to the external world and allow somebody from the outside to be connected to my mobile phone and do any sort of harmful activity?
In all of the above cases, if the Wi-Fi network through which I connect my mobile phone to the Internet is behind a hardware firewall, as it is quite often the case with home LAN and Wi-Fi networks, is then my phone fully protected from such external hacking attacks?
Once again lots of thanks for your very useful advice.
If someone taps into your traffic, depending on the case, they may see/record what you do. The risk exists always regardless of the network.
If you use data encryption HTTPS (SSL/TLS) or other for the data, then it is much harder. The better the encryption, the harder it is to break it.
Even if someone can capture the traffic, it doesn't mean that your actual device is vulnerable to attack because of that.
Very thank you for your message
11-11-2012, 04:18 AM
U can use use your mobile security code itself. Its in setting area in your mobile.
Very thank you for your information, look forward to your update again