Comments on: Malware-Packed HTC Magic Sold, Shipped By Vodafone

By: dragon

dragon — Sat, 13 Mar 2010 15:36:30 +0000

i have to agree with concerned adult on this one. from all of my research it sounds more along the lines of what i have studied. windows is way more open to getting viruses, linux is more secure but can be hit also but having my choice over smart phones i would go anything other than windows os.

By: Concerned Adult

Concerned Adult — Thu, 11 Mar 2010 04:33:17 +0000

@ADS: WRONG. They are NOT all EQUALLY VULNERABLE. Windows by nature is more so, MUCH more so. That doesn’t mean that any are above being hacked. It does mean that Linux, and UNIX systems by nature are more secure. Yes, there are ways, but viruses are a different animal. They cannot on UNIX systems (Linux included if you’re running it right) auto start and propagate, or infect the root of the C: drive (’cause there is no C: drive), or the root file system for that matter. Why? Because a regular user cannot write to those file systems that will infect the whole system, and because the execution of files in UNIX DOES NOT depend on an extension like .exe. Not only that but this has absolutely NOTHING to do with who has more desktops in the world. There are more UNIX, Linux, and Solaris machines running Websites in the world than there ever will be Windows. Windows users and machines are just the easiest targets.

Now, do I patch my Linux servers and desktops? Yep, quarterly I check and update everyone of the servers and I update my desktops daily. Why? Because I know that no OS is completely invulnerable, well, except maybe for OpenBSD? I recall one of the BSDs had no known remote hacks for years, and that may be it.

Now, in this case none of the aforementioned “maleware” could infect a UNIX, Linux or MAC host (which would include Android) because they are NOT windows, and those viruses all attack windows.

By: ADS

ADS — Wed, 10 Mar 2010 15:25:19 +0000

as a follow up to those who think unix isn’t vulnerable, be it Mac, Linux, Sun, Android, whatever, you might want to do some research on where the first viruses emerged: Think buffer overflow on port 80 – probably before windows even had an IP stack!
Or ask those who professionally patch server farms if there are unix patches for security. There are, on a regular basis, I assure you.
What you don’t have today, is the higher numbers of non corporate end users not running behind firewalls, like windows does.
ADS

By: ADS

ADS — Wed, 10 Mar 2010 15:19:32 +0000

Let’s be clear about the risk to Android or ANY other operating system: They are ALL, at a simple level, EQUALLY VULNERABLE. There IS some safety in tightly controlled stores, like apple has, or as AT&T configured their phone to not allow off-market apps. But as the devices proliferate and largely replace pcs for significant numbers, AND roaming wifi usage increases (think no firewall and a many to many connection – as opposed to a store 1:1 download or behind a provider’s firewall), so will phone viruses.
Windows suffers the most today, simply because it has the widest, and least security educated, user base; hence, it meets the virus writer’s goal of the widest and fastest proliferation of a virus. Smartphones will likely change that over time.
ADS

By: jMAT

jMAT — Wed, 10 Mar 2010 07:00:01 +0000

When I read the first part, the first thing I thought was… hmm Panda cloud Antivirus aye… should try that out… must be something good…

then i read that this happened to a panda av employee and there u have it… i smelled some really foul fish.

what are the odds that this isolated incident of htc gets to someone who works for an av company and the computer they used was running an antivirus…?

this is totally a conspiracy.

By: Heroin

Heroin — Wed, 10 Mar 2010 05:41:25 +0000

This happened to me with a brand new sealed msi (Korean)brand mp3 player a few years ago.. F’d my sht up real good..

Want a conspiracy theory? There’s just such a malware, but undectible, in every cheap Chinese gadget you buy… And in all chinese built laptops.. Probably not.. But seems odd you can buy a Chinese card reader on eBay direct from china for $1 free ship..

By: Kev

Kev — Tue, 09 Mar 2010 21:58:53 +0000

This happened either in the vodafone store, htc assemly line or the SD card manufacturer’s plant. it simply means the card was read by an affected PC at one point. this is not a dastardly conspiracy.

By: Lukehluke

Lukehluke — Tue, 09 Mar 2010 21:24:51 +0000

The problem is that he had Windows.
If he had a Mac or Linux then it wouldn’t be an issue :D

By: marshmel

marshmel — Tue, 09 Mar 2010 21:19:38 +0000

Disable All windows auto runs. Problem solved LoL!!

By: gauntface

gauntface — Tue, 09 Mar 2010 18:41:50 +0000

@DannyB I totally agree with you that this story is related to the flaws in Windows, not Android :-)

By: Logotic

Logotic — Tue, 09 Mar 2010 18:31:29 +0000

Right on target, @DannyB

By: DannyB

DannyB — Tue, 09 Mar 2010 16:00:03 +0000

@gauntface
I read the story differently. I didn’t read this as malware on the Android system that attacks Android.
I read it as Windows malware on a USB device (a phone) that attacks a Windows PC.
Take the USB device (a phone in this case) and plug it into your Windows PC and — poof — you’re infected thanks to the goodness of Windows, and other malware enabling features exclusive to Windows, such as Autorun.
This could happen with any USB device, including ANY phone, or mp3 player.
It is a very credible explanation that an employee on an assembly line picks up a phone, plugs it into an infected PC to test something, and the PC copies the malware to the USB device (in this case, a phone). Put the phone back on the assembly line, package it up like new, factory fresh in a factory sealed box.
Alternately, an employee at the carrier takes a phone, plugs it into an infected PC, and the phone is sold as new.
Android malware that attacks Android or other Android devices is a worthwhile subject to discuss. I just think this story is NOT about Android malware, but IS about Windows malware.

By: treefq

treefq — Tue, 09 Mar 2010 15:58:59 +0000

This harks back to the conspiracy theory of just how can Norton find and release viruses ‘found’ before they were actually distributed to the world. In the 90s it was a common idea that anti-virus software kept themselves in business. Either way, anyone one not running anti-virus on their computers are morons. (this would include certain of my family members.)

Paranoia is the name of the game. Open source is great but you still have to practice common sense.

By: gauntface

gauntface — Tue, 09 Mar 2010 15:26:15 +0000

This is something that Google has just ignored a bit too much for me.

Most app’s will be legitimate, but there must be the odd one or two that will sooner or later prove to be malicious, the problem is, Google gives away alot of information to apps – which is both amazing and bad.

There is many apps that could have legitimate use of contact details (e-mail, phone number, address, photo etc) but then in the background, send all this away to then use as they please. The user wouldn’t know it was happening, so who would flag it as malicious?

I think this story is a bit far fetched, malware on the Android Device, attacking the Android system itself – I doubt very much would occur, virus distribution to computers? unlikely in hardware (sdcard), but sending e-mails containing viruses for computers? Maybe.

I think this story is bogus, but I think it raises a good point :-)

Matt

By: mark

mark — Tue, 09 Mar 2010 15:19:09 +0000

Vodafone are removing any posts regarding this subject from their uk forums without comment.