Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Blocking iPhone Security Software

CmdrTaco posted more than 4 years ago | from the because-we-said-so dept.

Cellphones 148

Barence writes "Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. 'We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,' said Kaspersky. Although he admits the risk of viruses infecting the iPhone is 'almost zero,' he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. 'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture — it wants to control everything.'"

Sorry! There are no comments related to the filter you selected.

Nothing to see here folks (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31440508)

iphone don't need no security software

Re:Nothing to see here folks (4, Insightful)

Pojut (1027544) | more than 4 years ago | (#31440558)

This is more about the closed nature of the App Store more than the necessity (or lack thereof) for a security app. In fact, the sporadic and seemingly hypocritical nature of Apple's approval process alone is reason enough for me to not get an iPhone (being stuck on AT&T and having no hardware keyboard are the other two reasons...although I could look past those two if it meant anyone could had an app put up for download.)

Granted, you can jailbreak an iPhone and install whatever you want, but I shouldn't have to hack a phone just so I can use whatever program I want on it. Being held to Apple's decision on what I can or can't use on there is a deal breaker for me.

Re:Nothing to see here folks (1)

peragrin (659227) | more than 4 years ago | (#31440808)

While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.

To date the spyware and hacks that have been succesful only target jail broken phones. Why because people are stupid and install things wrong.

With apples current approach the buck stops with apple. If an approved app or other malicous software does hit the mass iPhone population apple becomes the only company to blame. Unlike the recent windows virus found on HTC models where HTC can blame any one else. I am waiting for apples tight control to bite them back.

Re:Nothing to see here folks (2, Informative)

AndrewNeo (979708) | more than 4 years ago | (#31440898)

While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.

You say that with no context as to where you live, which is very important. Because where I am, AT&T just turned on 3G less than six months ago, and it's slower than Verizon's which has been on for two years, and hasn't slowed down a bit since I got my Droid.

Re:Nothing to see here folks (1)

node 3 (115640) | more than 4 years ago | (#31441644)

While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.

You say that with no context as to where you live, which is very important. Because where I am, AT&T just turned on 3G less than six months ago, and it's slower than Verizon's which has been on for two years, and hasn't slowed down a bit since I got my Droid.

Says the guy who didn't post where he lives...

Overall, AT&T's 3G coverage is faster than Verizon's. In specific places, such as where AT&T *doesn't* have 3G coverage, or where coverage isn't terribly good, then Verizon's may be faster. But all told, AT&T takes the 3G speed crown in the US.

Re:Nothing to see here folks (1)

Khyber (864651) | more than 4 years ago | (#31441930)

"Overall, AT&T's 3G coverage is faster than Verizon's."

Really? I doubt that, considering AT&T's network has been clogged and hasn't expanded much for the past decade while Verizon has been constantly expanding.

Oh, and I never got more than 50K/s in NY on AT&T 3G network - never under 122K/s with Verizon 3G. Here in California, it's almost the exact same issue.

Re:Nothing to see here folks (1)

Totenglocke (1291680) | more than 4 years ago | (#31442000)

AT&T's network is only clogged in a few overpopulated cities. The other 95% of the country isn't clogged in the slightest. I have an iPhone 3GS and my friend has a Droid - we both get between 120 KB/sec to 350 KB/sec downloads, typically around the 200-250 KB/sec point. If you want to live in an overpopulated area (NYC, LA, San Fran), then just like how you have massive congestion when trying to travel, you're going to get massive congestion on cell networks too.

Re:Nothing to see here folks (2, Informative)

Pojut (1027544) | more than 4 years ago | (#31440948)

AT&T speeds are generally faster than Verizon in my area, but the reception of AT&T phones around where I live is absolutely horrendous...based on what friends who have the iPhone have told me, there are TONS of dead spots around here (Montgomery County, Maryland...hardly the boonies.)

I will gladly take a slow network over spotty network coverage.

Re:Nothing to see here folks (0)

Anonymous Coward | more than 4 years ago | (#31440964)

Join T-Mobile! With them, the speed of the 3G network is a non-issue since, since you won't have one! :D

(Their 3G network is actually growing pretty fast, but still tiny. It's ten miles from my house and getting closer!)

Re:Nothing to see here folks (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31440998)

No, see, they just redefine malware. Even if it looks like malware [aviary.com] , walks like malware [switched.com] , and quacks like malware [gizmodo.com] , if Apple allows it, it's clearly not malware.

Re:Nothing to see here folks (1)

node 3 (115640) | more than 4 years ago | (#31441784)

Wow, the worst "malware" for the Mac can email you and call you! If that was the worst thing that PC malware did, companies like Norton and McAfee would be out of business overnight.

I can't seem to find a link to it now (so maybe I'm wrong), but I thought Apple blocked at least one of the apps where the developer actually called someone. I know the storm8 example you listed has been fixed.

if Apple allows it, it's clearly not malware.

That's absurd. Apple has a process in place to both remove from the store, and if the app is truly egregious, remove remotely from people's phones, any malware that slips past them.

Re:Nothing to see here folks (1)

Ihmhi (1206036) | more than 4 years ago | (#31441806)

Well, I'm sure in due time we'll have iNorton and all of the iPhones will be safe from this kinda stuff.

Re:Nothing to see here folks (2, Insightful)

Bakkster (1529253) | more than 4 years ago | (#31441142)

While AT&T are bad verizon is just as bad if not worse. Ihave watched verizons 3G network slow to a crawl.

You trade speed for coverage between AT&T and Verizon. Just like there are tradeoffs between an iPhone or an Android phone or Blackberry. Decide based on the features you want which is best for you personally.

To date the spyware and hacks that have been succesful only target jail broken phones. Why because people are stupid and install things wrong.

But this isn't an anti-hacking application, so that doesn't apply. This is an anti-theft applications. You know, in case your phone is stolen.

So why not approve it? I can think of two reasons:
1) Does things beyond the API or agreement allows, particularly with encryption.
2) Apple provides an anti-theft service, which this application would compete with.

Re:Nothing to see here folks (1)

Fnord666 (889225) | more than 4 years ago | (#31441466)

So why not approve it? I can think of two reasons:
1) Does things beyond the API or agreement allows, particularly with encryption.
2) Apple provides an anti-theft service, which this application would compete with.

But this isn't an application that was submitted to Apple and denied, so these don't apply either. Kaspersky never claimed that they ever wrote or submitted an application. All they have said is that Apple has not provided them with an SDK. Now this might be because

  1. They want a custom SDK with special calls that do what they need, or
  2. They are in a country that is not allowed to legally download the SDK.

Re:Nothing to see here folks (1)

Mr. Freeman (933986) | more than 4 years ago | (#31442402)

YES, it DOES apply. The reason the won't release the necessary SDK is because anything made with it would likely compete with services that Apple offers.

Re:Nothing to see here folks (1)

Khyber (864651) | more than 4 years ago | (#31441854)

"With apples current approach the buck stops with apple."

No, it actually stops with ME. I can exploit the iPhone OS software and all it takes is you connecting to my Wireless AP. Already having fun pissing off people that come to my house and realize their iPhone QUIT WORKING.

Apple better let those guys get security software made, or Apple is not going to be happy when I sell my exploit.

Re:Nothing to see here folks (1)

cinderblock (1102693) | more than 4 years ago | (#31441426)

Granted, you can jailbreak an iPhone and install whatever you want, but I shouldn't have to hack a phone just so I can use whatever program I want on it. Being held to Apple's decision on what I can or can't use on there is a deal breaker for me.

Apple controls the available software for (among other reasons) their image. If they let people develop security software, people would start to not trust Apple as much, hurting their image and thus sales. They also intentionally keep everything "simple" for their average/target user. Apple's products and philosophy appeal to people that don't understand computers as well as the /. crowd. That being said, if you know how, you can still customize it, but it usually takes getting your hands dirty. I might not have bought an iPhone if I couldn't jailbreak it.

Re:Nothing to see here folks (1)

PopeRatzo (965947) | more than 4 years ago | (#31441592)

Apple has already gone through at least one cycle of making desirable, well-made products to nearly getting out of the hardware business altogether because their stuff was crappy and then back again to making decent goods. At the moment, they rushing headlong into territory that Sony has staked out, of being a company that makes some decent products that discerning people won't touch.

I don't think it will surprise anyone if they have to go through the cycle again.

At least good news ! (5, Funny)

Yvanhoe (564877) | more than 4 years ago | (#31440522)

Leaving Kaspersky out is the first interesting feature I see in this whole Apple App Store scheme !

Re:At least good news ! (3, Interesting)

Ethanol-fueled (1125189) | more than 4 years ago | (#31440754)

If there's anything we learned from the PC universe, it's that many people would rather have viruses run transparently in the background than have their machines slow to a crawl because of overbearing security suites that often don't even identify proper threats.

Having tried the iPhone, I think it's a decent gadget, but it's not fast enough to be able to take performance hits from inefficient security suites.

Re:At least good news ! (2, Interesting)

Yvanhoe (564877) | more than 4 years ago | (#31440842)

If there's anything we learned from the PC universe, it's that many people would rather have viruses run transparently in the background than have their machines slow to a crawl because of overbearing security suites that often don't even identify proper threats.

That's a very interesting point. Virus used to wreak havoc on the targeted computer and destroy files, reboot the machine, etc... Nowadays, all that they hope for is to be able to steal stealthily a few percent of resources and bandwidth. About the same as the antivirus except he is not very stealthy about it.

Re:At least good news ! (2, Funny)

thePowerOfGrayskull (905905) | more than 4 years ago | (#31440978)

f there's anything we learned from the PC universe, it's that many people would rather have viruses run transparently in the background than have their machines slow to a crawl because of overbearing security suites that often don't even identify proper threats.

I'm not sure what PC universe you spend time in, but in mine most users prefer both. They love to run the overbearing security suites because then they *know* they're secure, and don't have to worry about all those weird other things running transparently in the background.

Re:At least good news ! (1)

mellon (7048) | more than 4 years ago | (#31441868)

That's not even the worst of it. The worst of it is that in order for Kaspersky's suite to do anything useful, you'd have to give it full access to the machine. If you give it full access to the machine, suddenly you're *less* secure, because you installed a "security app." So not only do your batteries last a quarter as long, you'll probably get a virus you couldn't have got otherwise.

Re:At least good news ! (0)

Anonymous Coward | more than 4 years ago | (#31440950)

Why? Kaspersky has some of the best products.

Re:At least good news ! (3, Funny)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31441110)

Why? Kaspersky has some of the best products.

Eugene, is that you ?

Re:At least good news ! (0)

Anonymous Coward | more than 4 years ago | (#31441628)

Being the best of shit still makes you shit.

Re:At least good news ! (0)

Anonymous Coward | more than 4 years ago | (#31441076)

..meanwhile, in the real world (yknow, that big one *out there* where most users could not give a toss what runs on their computers, just so long as it runs), Kaspersky is still the first thing I would recommend any average PC user installs.

I would also happily admit that the "enhanced" versions are full of overblown, overboard BS, however, anyone wants to name me a better PC AV solution than Kaspersky, the floor, as they say, is yours?

- Nope, thought not ;-)

Re:At least good news ! (2, Funny)

InsertWittyNameHere (1438813) | more than 4 years ago | (#31441486)

Antivirus XP 2010

Re:At least good news ! (1)

Khyber (864651) | more than 4 years ago | (#31441962)

NOD32.

Owns Kaspersky in every test i try.

Re:At least good news ! (1)

WrongSizeGlass (838941) | more than 4 years ago | (#31441316)

Leaving Kaspersky out is the first interesting feature I see in this whole Apple App Store scheme !

Kaspersky has to wait in line with the rest of us to get at portions of the iPhone API's that aren't "public" or blessed by Apple. Their situation isn't even remotely unique.

We already have an anti-virus (1, Interesting)

omgarthas (1372603) | more than 4 years ago | (#31440524)

It's called Apple App Store, they control absolutely every piece of software that can be installed in your Iphone, I can't see the need for any anti-virus solution...

Re:We already have an anti-virus (3, Informative)

Dancindan84 (1056246) | more than 4 years ago | (#31440620)

We have been in contact for two years with Apple to develop our anti-theft software...

I know lots of people never RTFA, but you couldn't even get through the summary? Here's your sign.

Re:We already have an anti-virus (3, Insightful)

mrsteveman1 (1010381) | more than 4 years ago | (#31440664)

The iPhone has enterprise tools available for anti-theft, too. It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.

Their control of the App Store is abusing and ridiculous, but i don't see a lack of anti-theft features here.

Re:We already have an anti-virus (1, Insightful)

Dancindan84 (1056246) | more than 4 years ago | (#31440710)

Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already...

Also, doesn't change the fact that he was clueless what the article was about.

Re:We already have an anti-virus (5, Insightful)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31441008)

Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete. I happen to be writing this comment with Firefox on a machine that came with IE already....

Apple doesn't want to give developers access to the API's to do things like remote wipe. So they either block everyone from doing it or they make an exception for certain vendors. Apple isn't very big on making exceptions for any external company, even Google gets the choice of doing it the Apple way or hitting the highway. Nobody seems to mind in this case except the anti-virus cartel who are seeing their core market melt way now Windows is becoming secure and they don't have a foothold in this decade's growth market, mobile devices.

Re:We already have an anti-virus (1)

timeOday (582209) | more than 4 years ago | (#31441198)

Just because the iPhone has similar functionality built in doesn't mean 3rd party vendors shouldn't be able to compete.

Apple dosn't see it that way [intomobile.com] . They openly reject competition with Apple software on the iPhone.

Re:We already have an anti-virus (4, Informative)

Anonymous Coward | more than 4 years ago | (#31440768)

Man, you obviously don't deal in the real world or at least in large org.

Google for a couple of mins and you find that the "encryption" on the latest iPhone 3GS has already been broken.

There's no proper central management of the device; the iPhone has to be tethered.

If you set some settings on the device, there's nothing stopping the user from changing configuration again.

So it's fine for you if you want to keep some personal contacts and maybe your shopping list; it's nowhere near the level one would expect it to be used in the financial or government sectors.

That's why RIM and BES reign supreme in that area.
I wish Apple would wise up; lord knows I deal constantly with "senior managers" who want to use their toys at our hospital.

Re:We already have an anti-virus (2, Interesting)

d3ac0n (715594) | more than 4 years ago | (#31440986)

Two words: Good Technology.

Works on iPhone, Android and WebOS.

Disclaimer: I do NOT work for Good technology, but was recently asked to research the use of iPhone, WebOS and Droid in my company's enterprise environment and Good is pretty much the very best of the best out there from what I could tell.

Of course, your mileage may vary.

Re:We already have an anti-virus (4, Interesting)

RulerOf (975607) | more than 4 years ago | (#31441116)

It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.

I know this, because I work for an iPhone nut.

If you're a business user, you're using Exchange 2007 with ActiveSync to remotely manage the iPhone and deliver email. If you've got a wish to drive yourself insane, you're also using MobileMe on that same device.

MobileMe has some neat features, but quite frankly it's complete bullshit that those features (Find my iPhone et. al.) are mutually exclusive from a phone with an ActiveSync binding. MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two.

Re:We already have an anti-virus (0)

Anonymous Coward | more than 4 years ago | (#31441396)

I have MobileMe and ActiveSync set up with no problems at all. Both accounts push changes in both directions, and Find my iPhone works. We don't have encryption enforced by ActiveSync, and I haven't tried a remote wipe through either service, but all of my day-to-day usage is fine.

Re:We already have an anti-virus (1)

Khyber (864651) | more than 4 years ago | (#31442090)

"MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two."

Getting those two to work together is as easy as controlling two computers with Synergy.

Boss needs to be fired if he's not that competent.

Re:We already have an anti-virus (1)

RulerOf (975607) | more than 4 years ago | (#31442196)

Getting those two to work together is as easy as controlling two computers with Synergy.

It's interesting that you chose Synergy as your example. Synergy is a royal pain in the ass to configure for all but the most logical and technical minded people.

For a user who doesn't understand how contacts are stored, where they come from, or why they end up getting duplicated (or at least appear to be that way) without making a really stupid car analogy that won't actually transfer back to referenced analogous use of the device... I'll presume you get the idea.

It just doesn't work or behave the way it should.

Re:We already have an anti-virus (2, Interesting)

rworne (538610) | more than 4 years ago | (#31441334)

That's the rub. Why would Apple allow a $5 or $20 app on the AppStore that negates the only other way to remote wipe or track your iPhone?

Here's the answer: $90/year subscriptions to MobileMe

Re:We already have an anti-virus (1)

ldapboy (946366) | more than 4 years ago | (#31441776)

You can get an Exchange, or Exchange compatible service for less than $90/yr, and use that for remote wipe. For example NuevaSync is $25/yr.

Re:We already have an anti-virus (1, Informative)

Khyber (864651) | more than 4 years ago | (#31442042)

"The iPhone has enterprise tools available for anti-theft, too. "

Every single one of them useless the moment I turn off the phone and clip the antenna wires so it can't get a signal or just add more wire to completely fuck the antenna. Then it's free reign and I can take all the time I want breaking the encryption.

Been there, done that, give me something that's actually new and interesting. I have many friends with iPhones and they're always bringing them to me. Anything Apple can do I've already got circumventions around. Until they physically make the inside of the case inaccessible, their software is totally fucking useless.

Re:We already have an anti-virus (1)

Khyber (864651) | more than 4 years ago | (#31441998)

Here's your sign, pal. Software won't stop me from JACKING THE FUCKING PHONE FROM YOUR HANDS (what REAL theft entails) after I pound your face in.

Anti-theft is a misnomer and bullshit - Anti-data breach would be more appropriate.

Hope that sign isn't too heavy around your neck, I know it's a mighty big one.

Re:We already have an anti-virus (2, Insightful)

Cyberax (705495) | more than 4 years ago | (#31440660)

Two words: browser exploits.

Re:We already have an anti-virus (1)

Xest (935314) | more than 4 years ago | (#31440966)

Another two: SMS exploits [cnet.com]

There is also a lot of iPhone software that phones home, and here's the problem, the app store as a security measure is a complete and utter myth. The app store is NOT about security, it does not make you magically protected. It's also worth noting that Apple boasts about having hundreds of thousands applications on it's app store- is anyone really naive enough to believe that Apple is capable of doing a full security audit on each and every one of these applications?

The app store brings convenience, uniformity and ease of use to buying, downloading and installing applications on the iPhone and gives Apple a method of controlling what users can do with their iPhone, and controlling whether developers can produce competing products to those Apple provides or instead block them to retain a monopoly on said application type on their platform.

Re:We already have an anti-virus (3, Insightful)

RulerOf (975607) | more than 4 years ago | (#31441140)

The app store is NOT about security, it does not make you magically protected.

The app store is about Apple's guaranteed 30% cut.

Re:We already have an anti-virus (0, Troll)

Lunix Nutcase (1092239) | more than 4 years ago | (#31441710)

Boohoo. Apple is running a business not a charity.

Re:We already have an anti-virus (0)

Anonymous Coward | more than 4 years ago | (#31442172)

Ah but here is the rub.

Lets use a physical world analog to this. A store. You sell things in a town. There is only 1 store. That store doesnt own anything they just rent out space at a 30% markup. They also sell a nice line of coffee makers which they conveniently sell at the store. You also want to sell a coffee maker. Suddenly your coffee maker has all sorts of 'issues' and they cant sell it they only sell 'high quality stuff'.

I know you say I will open my own store. Except the people who own the store own the town and the area around it. Crazy? It has happened here in the united states. The apple store is the same thing. Just a different tech...

Re:We already have an anti-virus (1)

Abcd1234 (188840) | more than 4 years ago | (#31441098)

Yes, because none of those apps could possibly have a bug that would allow malicious code to be installed...

Re:We already have an anti-virus (0)

Anonymous Coward | more than 4 years ago | (#31441530)

Well, in a way, yes. The same issues that keep Kaspersky's software from operating correctly on an iPhone keep malicious code from running rampant all over your phone.

Now, it IS possible that someone could create an exploit for a known bug in the Safari app that would steal your Safari data, but apps don't have access to much beyond the resources they need to function. Thus, if you exploit an iPhone app, all you have access to is the data/code that app has access to. Also, the exploit would not be persistent; power-cycle the iPhone and the problem is gone until you do whatever you did to be exploited in the first place.

So, none of those apps could possibly have a bug that would allow malicious code to be installed. They MIGHT have bugs that would allow malicious code to be injected into that app during the current app's runtime window.

Now, I guess if you found a bug in the Store software, you might be able to install malicious code. But we usually call that jailbreaking.

However Spyware on the iPhone is rife (5, Informative)

sh0rtie (455432) | more than 4 years ago | (#31440532)

this guy created a whole site because of the problem and the iPhones inability to block/stop such behaviour
http://i-phone-home.blogspot.com/ [blogspot.com]

Re:However Spyware on the iPhone is rife (0, Troll)

whisper_jeff (680366) | more than 4 years ago | (#31441020)

I didn't read the whole site but, from what I read, this guy is bitching about "such behaviour" on his jailbroken iPhone. And this is relevant how? He made a choice - one that many people make - and that choice has consequences. Play within the walled garden and you have some restrictions but considerable protection. Abandon the walled garden and you have near-total choice but your protections are discarded.

Seriously, I could care less about someone's opinion when they're basing it on their jailbroken device. They made a choice. Deal with the consequences of that choice.

Re:However Spyware on the iPhone is rife (4, Insightful)

clone53421 (1310749) | more than 4 years ago | (#31441206)

The reason he had to jailbreak his iPhone, no doubt, is because otherwise it would have been completely impossible to write a firewall for it, or to hide the phone’s UDID.

How about you actually read his blog? The apps he was testing are from the AppStore...

Top Gun from the iPhone AppStore is currently number 24 on the AppStore paid applications list.

Another accelerometer game, this time a Top Gun remake.

Version tested: 1.2 (current as of writing)

This iPhone app is Pinchmedia enabled, it tracks and reports the following:
- iPhone UDID
- iPhone model & firmware version
- application code
- application version
- iPhone jailbreak status
- if app is pirated/cracked
- application startup & exit times
- has an entry for lat/lon but its not used

Max Injury from the iPhone AppStore is currently number 11 on the AppStore paid applications list.

A mini-game where you have to maximize the damage to a dummy via various challenges.

Version tested: 1.0.2 (current as of writing)

This application is flurry enabled, if you have PrivaCy 0.9.3037-2 or above the metrics will be blocked. This app tracks:

- application ID & version
- iPhone model, firmware
- iPhone UDID

Or how about this one, which not only reports your UDID but also your phone number:

iMobsters from the iPhone AppStore is currently number 14 on the AppStore free applications list

Lets cut to the chase on this one, this is another Storm8 iPhone app the same as Vampires Live.

During use, the application tracks and reports:
- your mobile phone number
- application version, number
- unique ID of your iPhone
- points (if applicable)
- iPhone model
- firmware version

Re:However Spyware on the iPhone is rife (0)

Anonymous Coward | more than 4 years ago | (#31442088)

application ID, UDID, firmware version? so what? show me what a malicious user can do with this information. prove to me that this is a potential nasty exposure. Just because you say its "spyware" doesn't make it a relevant, probable or impactful threat where someone can essentially ruin me or cause me harm. this blog is FULL of all these other apps that provide security...but from what? What harm, what risk, what exposure, what consequence? You know who else has your phone number? EVERYONE. If you don't want to use a device that has an 'always' on feature, then don't use it. AT&T has your phone number too...where is the uproar?

None of true risk data exists in his blog...just "your version numbers are leaked, you need a firewall!"

Re:However Spyware on the iPhone is rife (3, Interesting)

dotgain (630123) | more than 4 years ago | (#31441284)

You'd better read it again (like I just did). To me, the site is quite agnostic toward jail-breaking, and is no less useful to someone with a non-jailbroken device. I believe I feel the same way about jailbreaking as you do (currently not considering jailbreaking my device, fairly sure I'll never do it), but as another poster has said: There's not a chance in hell that Apple have properly audited all the application for security, and it's flat out impossible they'd be able to do so adequately anyway (they don't audit the source). The App Store is not about that at all.

Re:However Spyware on the iPhone is rife (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31441690)

You'd better read it again (like I just did). To me, the site is quite agnostic toward jail-breaking, and is no less useful to someone with a non-jailbroken device. I believe I feel the same way about jailbreaking as you do (currently not considering jailbreaking my device, fairly sure I'll never do it), but as another poster has said: There's not a chance in hell that Apple have properly audited all the application for security, and it's flat out impossible they'd be able to do so adequately anyway (they don't audit the source). The App Store is not about that at all.

Apple may not audit the source but they do have analysis tools [appleinsider.com] to scan for the use of non-public APIs. This provides some security but everything you can do with the public API's will not get checked, unfortunately this includes phoning home some information (because there are times when this behavior is wanted.) So this guy should be applauded for taking the time to check a lot of applications for this kind of behavior and shaming the ones that do.

Re:However Spyware on the iPhone is rife (3, Insightful)

TubeSteak (669689) | more than 4 years ago | (#31441458)

However Spyware on the iPhone is rife

That's not a bug, that's a feature.
The whole point of locking down hardware (at least on a mobile platform) is to create a captive audience.

No shock (3, Insightful)

kennedy (18142) | more than 4 years ago | (#31440536)

Why would apple want to allow someone to create and market direct competition for it's own anti-theft service (MobileMe)?

Re:No shock (3, Interesting)

ircmaxell (1117387) | more than 4 years ago | (#31441006)

Very simple. Liability. I would think it would be possible for a lawyer to make the claim that if Apple's product broke causing the loss, AND that Apple actively blocked --potentially-- better products from working, that they then assumed liability for any damage their original product failed to protect. Right now, liability limitations exist because the user has a choice. "We deny all liability, because you read this and still chose to use our product". But with ACTIVELY suppressing competition, aren't they removing that choice, and hence opening themselves up to liability (Since you had no choice in the first place)?

Note: IANAL

Re:No shock (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31441768)

I would think it would be possible for a lawyer to make the claim that if Apple's product broke causing the loss, AND that Apple actively blocked --potentially-- better products from working, that they then assumed liability for any damage their original product failed to protect.

Based on exactly what statutory or case law do you base this assertion on?

Re:No shock (1)

jellomizer (103300) | more than 4 years ago | (#31441012)

I thought only hardcore fanboys use MobileMe. Everyone else realized Hundred Bucks per year is a bit steep. Especially with other companies offering similar services for less or free.

Re:No shock (1)

ilsaloving (1534307) | more than 4 years ago | (#31441450)

Actually, for the feature set that you get with MobileMe, $100 per year isn't at all unreasonable. My problem with Mobile Me is that Apple's track record for uptime with MobileMe is too spotty. When they migrated from .Mac to MobileMe, the mess that resulted was so incredible that it took them several weeks to get it properly sorted out.

Re:No shock (0, Troll)

Lunix Nutcase (1092239) | more than 4 years ago | (#31441796)

Everyone else realized Hundred Bucks per year is a bit steep.

If $8.50 a month is a steep expense for you then maybe you should stop living off the allowance from your parents and get a real job.

Re:No shock (0, Troll)

Lunix Nutcase (1092239) | more than 4 years ago | (#31441832)

To add context to my statement, a person who has an iPhone is paying at minimum $70 dollars a month. If you can't afford $8.50 a month for MobileME then I'd question why you're buying an iPhone to begin with.

Re:No shock (0)

shutdown -p now (807394) | more than 4 years ago | (#31441276)

Why would apple want to allow someone to create and market direct competition for it's own anti-theft service (MobileMe)?

Why doesn't Microsoft forbid Firefox and OO.org teams from using Windows SDK?

Re:No shock (2, Insightful)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31441462)

Why doesn't Microsoft forbid Firefox and OO.org teams from using Windows SDK?

Kaspersky's not blocked from using the SDK, he can use the same one all other developers are using and can use the same APIs. He could even call private APIs and run his software on his own device, it would just mean he couldn't sell it through the appstore.

Re:No shock (1)

shutdown -p now (807394) | more than 4 years ago | (#31441648)

I fully understand Apple's stance here - Microsoft has a similar one with respect to internal Windows kernel functions that are exposed to outside callers for some technical reasons.

I was, rather, replying specifically to GGP's claim that Apple is morally in the right to forcibly prevent third-party development for its platform if it competes with its own services.

Re:No shock (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31442174)

I was, rather, replying specifically to GGP's claim that Apple is morally in the right to forcibly prevent third-party development for its platform if it competes with its own services.

I see. That's just Apple's philosophy: the iphone isn't hard- or software to them but a combination of both plus the way the user interacts with its basic functions. You may think it's bullshit but as Kaspersky himself points out there are plenty of people out there willing to sell you a device with a different philosophy. I don't know why people have such a sense of entitlement when it comes to iPhone development. Just move to a different platform, enjoy that luxury that wasn't there for such a long time on the desktop (and even in the mobile space until very recently.)

Re:No shock (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31441878)

Where in this story is it mentioned that anyone is forbidden from using an SDK? Kaspersky was whining that there was no SDK delivered that would aid in developing 3rd party security software. Not that he was forbidden from using some existing SDK. Maybe next time you should read the summary more than once in order to actual comprehend it?

Re:No shock (1)

vijayiyer (728590) | more than 4 years ago | (#31441416)

Why would they want another app in the background using the phone's resources to duplicate the functionality of MobileMe? Good question.
It's not like this app would be functional if it only ran in the foreground.
Yet another guy whining because he has a shitty concept for an app with no user benefit that has been rejected. That there exist other shitty apps on the app store doesn't make his any better or warrant an exception by Apple.

We already have something like that (2, Interesting)

BulletMagnet (600525) | more than 4 years ago | (#31440628)

Good Mobile Messaging will do what Kaspersky's trying to do - control the handsets on an administrative level. You lose your iPhone? Administrator remotely wipes your unit.

Mind you, I don't have nor want one of these toys, but it works great across our WinMo and Android fleet...

Re:We already have something like that (1)

strikeleader (937501) | more than 4 years ago | (#31440784)

I did not think know you could remotely wipe a Droid. How do you get the finder to say OK when the phone ask to be wiped?

Re:We already have something like that (1)

tftp (111690) | more than 4 years ago | (#31441516)

How do you get the finder to say OK when the phone ask to be wiped?

Create a dialog with two buttons, "YES" and "NO". Wipe the phone regardless of which button is clicked :-)

it wants to control everything (4, Informative)

HalAtWork (926717) | more than 4 years ago | (#31440676)

"it wants to control everything"

...which is one way of preventing malware, it's working pretty well so far for that platform.

Re:it wants to control everything (1)

srussia (884021) | more than 4 years ago | (#31441288)

"it wants to control everything"

So does Microsoft...

...which is one way of preventing malware, it's working pretty well so far for that platform.

Mmmkay...

Re:it wants to control everything (0)

Anonymous Coward | more than 4 years ago | (#31441308)

and when shoe finally drops and self-propogating malware is loose on the iphone network (and it WILL happen) Apple will be screwed. Apple's unproven anti-malware software, whatever it is, has hardly received the stress-testing that Kaspersky has.

Re:it wants to control everything (4, Informative)

prockcore (543967) | more than 4 years ago | (#31441336)

.which is one way of preventing malware, it's working pretty well so far for that platform.

Depends on your definition of malware. Spyware is rife on the app store. Pinch Media's analytics tracking is all over the app store.. more than 30 million downloads contained their tracking software... at least according to Pinch Media itself.

Here is everything that apps with pinch media analytics are sending to them:

Your iPhones unique ID, iPhone model and OS version, application info, whether or not the iphone is jailbroken, whether or not the application is pirated, time & date you start and stop the application, your current latitude & longitude, and if facebook is installed on your iphone, your gender and birthday.

Re:it wants to control everything (1)

Mister Whirly (964219) | more than 4 years ago | (#31441662)

Another would be to allow no software at all to run at all on the device. 100% security from malware. Of course functionality may suffer some...

Wrong way of behaving (4, Informative)

clone53421 (1310749) | more than 4 years ago | (#31440716)

I don't want to say Apple's is the wrong way of behaving

Well, I do. It’s the wrong way of behaving.

Re:Wrong way of behaving (1)

Locke2005 (849178) | more than 4 years ago | (#31441072)

When ever my daughter acts like an apple, I tell her, "You're behaving the wrong way! And I'm am NOT Newton!"

Re:Wrong way of behaving (0)

Anonymous Coward | more than 4 years ago | (#31441266)

Careful... Apple might sue you for using their name to refer to anything other than Apple Inc.

While we're at it .... (1)

King_TJ (85913) | more than 4 years ago | (#31442006)

I'd like to add that Kaspersky's worthless method of validating their desktop PC client's anti-virus subscription's expiry date is "the wrong way of behaving" too!
We have their corporate AV product where I work, and every few weeks, I get a phone call from at least someone who says their anti-virus stopped updating, and keeps popping up a warning about "black.lst" being missing or corrupt. I wind up forcing a manual refresh from the server console and eventually, it realizes it IS still a legally licensed copy and starts working again.

Nice way to treat your paying customers .... make the product randomly quit on you (with an error message that doesn't at all explain what's really going on, no less).

Re:Wrong way of behaving (0)

Anonymous Coward | more than 4 years ago | (#31442370)

No, you misunderstood; he was referring to the grammatical incorrectness of the sentence.

"Kernel docs", not just a normal SDK? (2, Interesting)

Securityemo (1407943) | more than 4 years ago | (#31440746)

I'm not familiar with mac development, but the "SDK" in question would basically be kernel internal functions docs/unreleased API docs, yes? There may be other reasons besides appstore control freakery that they don't want to release and/or license that out? And even if Kaspersky would reverse-engineer the necessary parts of the kernel, which they obviously could (and their employees probably already partially have, unofficially) they would be sued to hell and back if they used that data in a product (which would be obvious, since there's no other way besides the official channels to get at it)?

until tethering (1)

Mekkah (1651935) | more than 4 years ago | (#31440750)

It is almost zero until they enable tethering.

Oh wait, that won't happen either.

*returns ipad

Just say "no". (5, Insightful)

argent (18001) | more than 4 years ago | (#31440820)

The antivirus companies have been pushing antivirus software for handheld devices since 1999.

In the succeeding decade... so far as I'm aware... the damage caused by viruses on handhelds, ALL handhelds, has been less than the damage due to one false positive incident caused by Norton Antivirus shortly after the pointless hubbub over the Palm "Phage" malware.

Antivirus software for handhelds... just say "no".

Re:Just say "no". (1)

spottedkangaroo (451692) | more than 4 years ago | (#31440958)

False positives suck. Antivirus software is also virtually useless for all but the very oldest viruses. I went through a long process of reporting a virus going to my customers several times per minute. It took 6 months to get the big three I wanted to list the virus to actually list it. 6 months.

This whole signature based BS has got to stop. Frequent false positives (and they happen all the time) aren't even the worst thing about this "technology."

niche player (0)

Anonymous Coward | more than 4 years ago | (#31440862)

Niche players to don't sell 50 million+ handsets... I think Apple will continue to do just fine with the closed and controlled approach.

No sh1t statement of the day (0)

Anonymous Coward | more than 4 years ago | (#31440922)

Kaspersky added. "It's just a corporate culture — it wants to control everything".

Probably not anti-security as much as SOP (1)

DarkkOne (741046) | more than 4 years ago | (#31440960)

My guess it's the simple fact that one program still can't really interact with another program's data.

The likelihood of Apple ever really changing this is probably next to zero, and it's the main reason I have no interest in the iPhone. What use is a computer in my pocket when I either need to use one program that is complex enough to handle every task I could possible need, or I need to make my tasks so simple that no data need ever be shared between two tools?

butthurt (5, Insightful)

stokessd (89903) | more than 4 years ago | (#31441138)

It appears that Kaspersky is butthurt because it sees a potential market for more crap we don't need and the controllers of that market don't want, and have the ability to lock them out of that market.

From Apple's point of view, they have remote wipe on both the corporate and personal levels already. And having somebody inside your shorts providing duplicate functionality is fail from top to bottom. I'm surprised that apple even answered the phone when they saw who was calling.

Also Kaspersky can have the SDK anytime they want, it's free. They will have to pay $99 to actually deploy the apps though. What they want is a super special "inside your shorts" SDK that I'd bet isn't coming anytime soon.

Sheldon

Actually, I'm undecided on this. (3, Insightful)

DdJ (10790) | more than 4 years ago | (#31441226)

I'm undecided on whether this particular behavior on Apple's part is a bad thing (as opposed to other cases, like the Google Voice one, where I'm sure it's a bad thing, and the Opera Mini one, where I'm at least leaning that way).

On desktops, it seems to me that various web ads or email messages encouraging users to install some third-party "security tool" are a major infection vector for malware/spyware. Many, many of the sorts of people who buy Apple products -- and I say this as an Apple user myself -- are... not the sorts of people who routinely make informed decisions about computer security.

Certainly, if third parties are permitted to sell iPhone security software, one might reasonably want them to be subject to considerably more oversight than other software, because of the potential for damage. Again, not because the software is "magic" or other software can't behave badly, but because of the particular ways most real-world users brains just shut down when dealing with security issues. Most people really don't have the mindset for this stuff.

Re:Actually, I'm undecided on this. (1)

fermion (181285) | more than 4 years ago | (#31441858)

On the PC virus scanning software has become a primary problem. It is a problem that PC users must tolerate because of the virus problem on PC. An PC with virus scanning software is only slightly more usable than an infected PC. This is why few people have such software on the Mac, even though there is an equally serious threat.

Spyware and port monitoring software is something different. Programs like Spybot and the like can be implemented without seriously degrading the user experience. My question is if people who load programs on their iPhone have a understand and have real issues with the information exchanged with the vendor. It is like Facebook and Google. Many would agree that the amount of information both have is dangerous, but most seen to have no issue with it.

A solution looking for a problem? (4, Interesting)

aristotle-dude (626586) | more than 4 years ago | (#31441232)

The iPhone3GS already has built in hardware level encryption of the entire storage device. It also has BSD jails for apps to run inside of and there is the Appstore approval process.

This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes. I just don't see that every happening for a couple of reasons.

1. The Kaspersky software itself could have exploitable flaws and given that it would be running at a higher privilege level than regular apps, that opens up a new attack vector for web based exploits to use.

2. Such software would potentially slow the OS down and cause a significant battery drain for no real gain of protection.

Much has been made about FUD articles that say that other apps can access contacts without asking for permission. No shit sherlock. That is a "feature" of the official API and the app approval process is supposed to ferret out nefarious uses of contact lists. I would hate to see UAC style boxes for apps each time I wanted to see a contact list in a third party app.

Jonathan Schwartz's fake career white wash (0, Offtopic)

stock (129999) | more than 4 years ago | (#31441536)

On Tom's hardware Jonathan Ian Schwartz gets a career whitewash job.
After Scott McNeally got booted out of Sun's through Steve Ballmer's $ 2 billion
"rescue" job to keep Sun running, which effectively shut McNeally up from
all hostile keynote speech comments about Microsoft, its now Jonathan Schwartz
who gets his hair greased big time at tomshardware.com :

http://www.tomshardware.com/news/Steve-Jobs-Jonathan-Schwartz-Sun,9844.html

Reportedly it was Schwartz who co-founded [b]Lighthouse Design Ltd.[/b] in 1989 and
therefor has supplied Steve Jobs his NeXtStep Software. This sounds rather far-fetched
to me as at the time when Schwartz joined Sun Microsystems nothing of this was mentioned.

Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist

3mod dowN (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31441608)

beZ fun. It used [goat.cx]

good riddance (1)

roman_mir (125474) | more than 4 years ago | (#31441802)

'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture -- it wants to control everything.'"

- look who is talking. A guy, whose entire success (his and the wife's) is based on pretty much a monopoly set up in Russia and the rest of the former Soviet block by Microsoft.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?