F-Secure Release 5th Edition Anti-Virus Application

[Ewan]

In all the rush of innovation and new devices, we missed the announcement by F-Secure that they are the first anti-virus company to support S60 5th Edition. Their Mobile Security 5 product is now available via F-Secure or Nokia Download, if you feel the need for some extra strength protection.

Read on in the full article.

There's one piece of software that I won't be wasting any memory space on. Even if it were free.

[slitchfield]

Ha! If I'd been around today, this wouldn't have made it as a news post at all - you all know my opinions of the 'anti-virus' industry in the Symbian OS world. 8-)

There isn't a single piece of S60 malware that's worth worrying about. The worst that can happen is that you go cruising for cracked commercial apps (shame on you) and happen to download a trojan, something that's not what it pretends to be. And even then, it can't reproduce and is only one hard reset away from disinfection.....

Steve

[PeteASJP]

"With this certificate, the trojan was signed. And being a signed application it gains privileged access."

http://www.f-secure.com/weblog/archives/00001609.html

Something more advanced coming up? I wonder how this got signed, if it really has been? A sign of Symbian Signed being flawed?

[swedan]

Quote:

Originally Posted by PeteASJP

"With this certificate, the trojan was signed. And being a signed application it gains privileged access."

http://www.f-secure.com/weblog/archives/00001609.html

Something more advanced coming up? I wonder how this got signed, if it really has been? A sign of Symbian Signed being flawed?

Wow, this is really interesting. If not just a self signed certificate it's of course serious, but could it be? Anyone has more information about this?

[UKJeeper]

When you Google "SymbOS/Yxes.A!worm", all the results eventually point back to press releases from the S60 AV vendors. What a coincidence....

Gabor Torok thinks this worm may have been Express Signed. he also worries that OSCP checking is disabled by default on most S60 phones so they cannot check if a certificate has been revoked.

blogs.forum.nokia.com/blog/gabor-toroks-forum-nokia-blog/2009/02/20/mobile-worm-yxes.a-an-analysis

You need to have done the HelloOX 1.02 hack to suffer from apps signed this way, so if you are going to hack your phone then you can't blame Nokia.

[UKJeeper]

Quote:

Originally Posted by ZSX

Gabor Torok thinks this worm may have been Express Signed. he also worries that OSCP checking is disabled by default on most S60 phones so they cannot check if a certificate has been revoked.

blogs.forum.nokia.com/blog/gabor-toroks-forum-nokia-blog/2009/02/20/mobile-worm-yxes.a-an-analysis

So if thats the case, (assuming, for one second this might actually BE a risk) wouldn't you just turn ON certificate checking in Trust Settings? At least until this 'threat' is over, or verified?

Still want to see actual proof that is happening, not just press releases from companies who aren't selling enough AV product.

People with an axe to grind will comb the farthest corners of the internet in search of some event that will give them some mud to sling. If they want to do that then no company or device is immune. Nokia and S60 come out pretty good.

The trouble is not you or I who can turn on OSCP checking, it is the millions of handsets out there with owners who don't even know what it is.

Of course this may all be absolutely nothing, so the point is moot, but perhaps OSCP checking should be on by default on all handsets.

[PeteASJP]

New info from F-Secure: http://www.f-secure.com/v-descs/trojan_symbos_yxe.shtml

Quote:

You need to have done the HelloOX 1.02 hack to suffer from apps signed this way, so if you are going to hack your phone then you can't blame Nokia.

Although you would be skeptical towards 3rd edition malware, it would be nice if you didn't spread misinformation like this. Yxe has been Symbian Signed with a valid certificate and although the certificate was revoked many users do not have Online certificate check enabled on their device. This has nothing to do with the privilege escalation hack.