Virus/Trojan Protection

steveinuk wrote:
I'm a bit paranoid about this, because I'm so well protected at home and see how many "try" and get through. Surely without any protection on the iPhone its asking for trouble? Isn't it?

Not really. Since nothing can be installed on the iPhone there is no way for a virus or trojan to install itself in the software.

I'm using my iPhone to access various websites, where I need to use login details and as I can't use copy/paste technique like I use at home (a keylogger will just record CTRL+C/V) so I have to type everything in. How long till a keylogger appears on iPhone?

No announcement has been made, though it seems counter-intuitive that someone concerned about security would want their passwords saved...

How long till a keylogger appears on iPhone?

The same is true of a keylogger as any other software. Since the iPhone is not open to add software, the only way to introduce a key logger (or indeed any malware) is via hacking or an unpatched vulnerability. Those who elect to hack their iPhones or refuse to install updates when they are released are are greatest risk, and are the ones to watch for the first signs of such things!

First Trojan reported for iPhone: In this case it attacks modded/hacked iPhones...just another reason not too. As far as other forms of attack, you email filters should catch and clean that route and if you do not know the person don't open it. While surfing the web always be aware of where you are but since you can't "download" on the iPhone, You should not have any concerns. Those that have hacks, have opened the phone to all sorts of stuff becuase they can download and install as this article shows. The creator of the Trojan by the way was 11 years old.

http://www.macworld.com/article/131470/2008/01/iphonetrojan.html

It should also be said that the 'if you don't know the sender, don't open it' proposition is seriously flawed, given that spammers often spam valid addresses (including your own) and virus-infected systems often send out to addresses held in local address books - thus if a friend or family member has an infected system, you'll likely get infected email from them!

However, to actually do anything, any trojan, virus etc has to be able to execute code, and in the absence of an open platform or a vulnerability to exploit, it can't.

I can understand what you and Andy are saying about not being able to catch every bad email and thus that is why I insure that my filters on my email account and izymail.com are at full strength. I have an MSN email account that sends it to izymail.com where I have it converted to an IMAP protocol. With this in place I only average no more then 2 spam/junk messages a day. I have never had an issue with excessive junk mail so have not had your issue.

As far as the preview for email goes...you can change that in: Settings, Mail, Preview and change it to none, thus eliminating the preview that you mention. Again, with a closed platform this should not be a concern, but for your sanity, it can be addressed.

Andy...you are right in all that you say...was just stating an observation and opinion based on my user experience.

Andy...you are right in all that you say...was just stating an observation and opinion based on my user experience.

Yes, apologies - my phrasing was not intended to suggest your contribution was erroneous - just to warn against the often repeated suggestion that emails from known sources are inherently safe. There are a lot of users who have unfortunately discovered that not to be so!

Still, there has been a gradual switch from malware borne by email to malware embedded in websites and masquerading as legitimate downloads. Neither are particularly worrisome for locked iPhones as long as Apple keep up with vulnerability reports (which I have do doubt they do) and issue fixes (which they have certainly already done).

As for the preview issue, most email-borne viruses are carried in attachments, and preview doesn't open those of course. Some infections are carried in the body of email messages (often HTML formatted) and those could represent a risk if the iPhone has been hacked or a vulnerability found and not yet patched, but the media will almost certainly publish references to this as it begins to circulate, so an eye on the computing media is a useful line of potential defence.

Totally agree with you...The freeware sites are the biggest culprits for windows these days. For example...The free version of Adware for windows users always informs of updates and the software is lagit and takes care of all of the garbage that sneaks in through the internet...however, when you go to the website to download, there are confusing buttons that look like the download button but are not and some have downloaded "the wrong" update and end up paying or loading a key logger or other form of trash on. Emails the same thing so, again totally agree with you and just to inform the user world out there...its not friendly and someone is out to get you in some way just for a laugh, so always be "AWARE"...Don't just click it

Have a great day!

Anyone know whats in place to stop virus's/trojans being received via websites and emails?

At the moment, it's the lack of native support for downloading apps. In other words, if it can't download anything executable, it can't receive problem software.

That said, there have been several rounds of iPhone updates due to holes in Safari that allowed executables.

The hacking community is almost always the first to identify any such vulnerabilities. Especially on the iPhone, since those same security holes were used to open the device to non-sanctioned third party apps.

In the near future, Apple will officially open the phone to apps, but they haven't revealed yet how they intend to implement security and/or testing (if any of the latter). There are several decent models to choose from, since programs have been on other phones for years.

A lot depends on trust in any case. For example, there would be almost zero chance of detecting that a disgruntled programmer inserted timed-release code into say, a Flash or Skype app that would get widely used, since no one would go through each line. (This does happen with gambling machines from time to time.)

The good thing is that if you detect a problem, the fix is often as easy as doing a restore on the device. Mobile devices are comparably easy and quick to reset to a previous version. This won't help if someone got passwords, of course, but you could change those.