Apple Event: May 7th at 7 am PT
Some anti-virus companies offer mobile security for Android system phones. Does Apple offer something similar to better protect a user from viruses and other threats via internet?
iPhone 4S, iOS 6.0.1
None available, none required.
None available, none required.
Since there are no viruses that can infect any non-jailbroken iPhone, such is not needed & unnecessary.
So, iphones are impervious to any kind of threat via internet or messaging?
stedman1 wrote:
None available
Not quite true, there are actually quite a number of "anti-virus" apps available, however none are actually needed.
As long as your phone is not jailbroken, you have nothing to worry about.
Ok, great! That's good to know. Thank you wjosten, and stedman1
stedman1 wrote:
None available
Not quite true, there are actually quite a number of "anti-virus" apps available
Depends on what you consider an anti-virus app. Most of what's available that looks like anti-virus software is not actually anti-virus software. There are all kinds of "mobile security" and "threat center" apps from major anti-virus companies, but these don't actually do anything to protect your iPhone from malware (which doesn't exist anyway). The only one that I'm aware of that actually scans for malware is Intego's VirusBarrier app, which only scans e-mail attachments, files on DropBox and the like, for Mac or Windows malware, and only when you specifically tell it to and give it permission to access the file(s) in question. Due to sandboxing restrictions, which prevent apps from interacting with each other or with other apps' files (outside certain very limited and user-initiated situations), it is impossible for any app to do any real scanning for malware, so there are no apps that truly behave like anti-virus apps on Mac or Windows.
Thanks for your reply Thomas. You provided some good in depth information!
> but these don't actually do anything to protect your iPhone
> from malware (which doesn't exist anyway)
Not quite true : )
Malware will always exist, and Apple will always be vulnerable as long as their software has bugs.
iOS 6.0 cleared nealry 200 potential points of infection (of varying degree of quality from the malware's point of view). Confer: http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html..
The risk exists for all software from all vendors, not just Apple. Google, Microsoft, Linux all suffer too.
The trend in enterprise antivirus is provide a 'Secure Browser', and place the Firewall and AV scanner on the server, and proxy all requests from the Secure Browser through the AV componet. Standard users are SOL : (
Jeff
<Link Edited By Host>
If you can point me to one single piece of malware capable of infecting an iOS device that has not been jailbroken, I will concede. However, as far as I have ever been able to determine (and I'm no stranger to this topic), there is none.
I don't believe I ever said that it is impossible for iOS to ever become infected. What I said was that no iOS malware exists and the sandbox architecture prevents any apps from doing any kind of effective anti-virus scanning.
There are some very good reasons that Android is riddled with malware while iOS is not. The difference is how seriously Google and Apple take security issues, and what measures they are willing to take to ensure the security of their devices.
> If you can point me to one single piece of malware
> capable of infecting an iOS device that has not been
> jailbroken, I will concede.
That's easy. The overflow that JailBreakMe.com uses to perform the jailbreak. Malware uses it too.
> However, as far as I have ever been able to determine
> (and I'm no stranger to this topic), there is non
I believe there's a fallacy in that argument. There are plent of offensive security conferences that demonstarte exploits all the time. Because you (or I) are not aware of the malware that takes advantage of the tehnique does not mean it does not exist. Its a non-sequitur - one does not lead to the other.
Jeff
Existence of vulnerabilities does not imply the existence of malware that takes advantage of them. Often, vulnerabilities are closed before anyone actually takes advantage of them.
I track and study Mac malware, spending some time on that almost every day. I have never once encountered any iOS malware, nor have any of my other colleagues in the security community, nor do any of the various anti-virus companies have any iOS malware in their databases. (You'd better believe that the first AV company to find iOS malware is going to announce that fact loudly!) Are you suggesting that there is iOS malware out there in active distribution that the entire anti-malware community as never found?
> Existence of vulnerabilities does not imply the existence
> of malware that takes advantage of them.
I think its a bit naive to claim there's no malware using vulnerabilities (did I re-phrase it correctly?). If you would have said "not in wide spread use," then I would have agreed with you. Apple tightly controls its ecosystem, so its not being spread via the App Store like Google Play for Android.
Apple does not control the web, as JailbreakMe.com demonstrates.
> Often, vulnerabilities are closed before anyone actually takes advantage of them.
Not in Apple's case. They regularly procrastinate on patching. Confer: Apple sat on nearly 200 vulnerabilities while waiting to make their iOS 6.0 press release (http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html). Some of the vulnerabilities were quite alarming - from provisioning to code signing to remote code execution during web browsing.
Look at the number of vulnerabilities known to NVD that include remote code execution for "just" webkit with "just" iPhone: http://web.nvd.nist.gov/view/vuln/search-results?query=webkit+iphone.
I'm befuddled where the leap is being made that "no bad guy is using any of the known vulnerabilities" (again, to restate your position).
Jeff
I'm befuddled where the leap is being made that "no bad guy is using any of the known vulnerabilities"
Because NONE of the numerous professionals who study this sort of thing all day, every day, for a living have ever managed to find one single piece of iOS malware capable of installing on a non-jailbroken system. We're talking about people who work for companies who absolutely hate the fact that the architecture of iOS prevents them from marketing their software for those devices, and who would be quick to announce such a discovery to take Apple down a peg. Yet no such announcement has ever been made.
> Because NONE of the numerous professionals who study
> this sort of thing all day, every day, for a living have ever
> managed to find one single piece of iOS malware capable
> of installing on a non-jailbroken system
You cannot make that leap. Just as Dykstra told us "Testing shows the presence, not the absence of bugs," lack of press releases does not prove the absence of malware.
I've already given you one example - Jailbreakme.com. It works on a non-jail broken device.
I could give you others, too. But you're a guy who "tracks and studies malware", so I'm sure you could find the relevant papers if you choose to look for them. I'll give you one hint for one paper I am aware: Felt. I'll also give you some advice: stop basing your opinions on press releases from marketing departments.
Jeff
iphone mobile security
