All About Symbian Forums

All About Symbian Forums (http://www.allaboutsymbian.com/forum/index.php)
-   Links of Interest (http://www.allaboutsymbian.com/forum/forumdisplay.php?f=20)
-   -   F-Secure Release 5th Edition Anti-Virus Application (http://www.allaboutsymbian.com/forum/showthread.php?t=82400)

Ewan 19-02-2009 09:10 AM

F-Secure Release 5th Edition Anti-Virus Application
 
In all the rush of innovation and new devices, we missed the announcement by F-Secure that they are the first anti-virus company to support S60 5th Edition. Their Mobile Security 5 product is now available via F-Secure or Nokia Download, if you feel the need for some extra strength protection.

Read on in the full article.

Unregistered 19-02-2009 06:41 PM

There's one piece of software that I won't be wasting any memory space on. Even if it were free.

slitchfield 19-02-2009 09:40 PM

Ha! If I'd been around today, this wouldn't have made it as a news post at all - you all know my opinions of the 'anti-virus' industry in the Symbian OS world. 8-)

There isn't a single piece of S60 malware that's worth worrying about. The worst that can happen is that you go cruising for cracked commercial apps (shame on you) and happen to download a trojan, something that's not what it pretends to be. And even then, it can't reproduce and is only one hard reset away from disinfection.....

Steve

PeteASJP 20-02-2009 07:00 AM

"With this certificate, the trojan was signed. And being a signed application it gains privileged access."

http://www.f-secure.com/weblog/archives/00001609.html

Something more advanced coming up? I wonder how this got signed, if it really has been? A sign of Symbian Signed being flawed?

swedan 20-02-2009 07:53 AM

Quote:

Originally Posted by PeteASJP (Post 411805)
"With this certificate, the trojan was signed. And being a signed application it gains privileged access."

http://www.f-secure.com/weblog/archives/00001609.html

Something more advanced coming up? I wonder how this got signed, if it really has been? A sign of Symbian Signed being flawed?

Wow, this is really interesting. If not just a self signed certificate it's of course serious, but could it be? Anyone has more information about this?

UKJeeper 20-02-2009 03:19 PM

When you Google "SymbOS/Yxes.A!worm", all the results eventually point back to press releases from the S60 AV vendors. What a coincidence....

ZSX 20-02-2009 03:46 PM

Gabor Torok thinks this worm may have been Express Signed. he also worries that OSCP checking is disabled by default on most S60 phones so they cannot check if a certificate has been revoked.

blogs.forum.nokia.com/blog/gabor-toroks-forum-nokia-blog/2009/02/20/mobile-worm-yxes.a-an-analysis

Unregistered 20-02-2009 04:58 PM

You need to have done the HelloOX 1.02 hack to suffer from apps signed this way, so if you are going to hack your phone then you can't blame Nokia.

UKJeeper 20-02-2009 05:25 PM

Quote:

Originally Posted by ZSX (Post 411864)
Gabor Torok thinks this worm may have been Express Signed. he also worries that OSCP checking is disabled by default on most S60 phones so they cannot check if a certificate has been revoked.

blogs.forum.nokia.com/blog/gabor-toroks-forum-nokia-blog/2009/02/20/mobile-worm-yxes.a-an-analysis

So if thats the case, (assuming, for one second this might actually BE a risk) wouldn't you just turn ON certificate checking in Trust Settings? At least until this 'threat' is over, or verified?

Still want to see actual proof that is happening, not just press releases from companies who aren't selling enough AV product.

Unregistered 20-02-2009 06:26 PM

People with an axe to grind will comb the farthest corners of the internet in search of some event that will give them some mud to sling. If they want to do that then no company or device is immune. Nokia and S60 come out pretty good.

ZSX 20-02-2009 08:58 PM

The trouble is not you or I who can turn on OSCP checking, it is the millions of handsets out there with owners who don't even know what it is.

Of course this may all be absolutely nothing, so the point is moot, but perhaps OSCP checking should be on by default on all handsets.

PeteASJP 21-02-2009 02:24 PM

New info from F-Secure: http://www.f-secure.com/v-descs/trojan_symbos_yxe.shtml

Unregistered 23-02-2009 02:05 PM

Quote:

You need to have done the HelloOX 1.02 hack to suffer from apps signed this way, so if you are going to hack your phone then you can't blame Nokia.
Although you would be skeptical towards 3rd edition malware, it would be nice if you didn't spread misinformation like this. Yxe has been Symbian Signed with a valid certificate and although the certificate was revoked many users do not have Online certificate check enabled on their device. This has nothing to do with the privilege escalation hack.


All times are GMT. The time now is 12:51 PM.

Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.