Do We Need Anti Virus for Symbian OS 9 Devices?
Opinion March 26th. 2007, 1:14amTrend Micro has just released a new version of their anti virus for S60 3rd Edition devices. As you may know, S60 3rd Edition is based on Symbian OS 9. One of the new features on this new operating system is Platform Security (PlatSec), which is supposed to protect our devices for malicious programs.
One aspect of these changes is the platform security enhancements. These represent an evolution of the existing perimeter security model of Symbian OS and help ensure the stability of the platform, providing even greater protection against malicious or badly-implemented programs.
If PlatSec is designed to protect us against malicious programs, do we need an anti virus application? Until today, I haven’t heard a virus that attacks Symbian OS 9 devices yet. If you check virus definition database from Trend Micro web site, there are some viruses for Symbian OS already, but all of them attack pre-Symbian OS 9 devices. There is a Java malware application, called J2ME_REDBROW.A that may attack Symbian OS 9 devices, but I am not really sure about that.
Can virus attack Symbian OS devices? I am not a security expert, but I will give my opinion based on my experience doing Symbian OS 9 development. Since the introduction of PlatSec, all applications that use sensitive features of the device need to be signed. For example, an application that is capable of reading contacts from the phone book must be signed. Furthermore, there are some features that need device manufacturer’s approval. For example, an application that tries to access protected folders on the device needs to get manufacturer’s approval. Protected folders here include executable folder and application’s private folder.
What does signing mean? We can look it from two different things here. Firstly, signing means that the developer of an application can be verified. Secondly, signing also guarantees that the application on the user’s side is the same as the one from the developer. It other words, nobody has ever modified the application, for example by adding malicious behavior. Who is doing signing? There are several root certificates installed on Symbian OS 9 devices that can be used to verify application’s signature. Normally, Symbian’s root certificates and device manufacturer’s certificates, like Nokia, are available on the device. It means an application can be signed by Symbian or manufacturer (see also SymbianSigned.com for more information signing).
If Platform Security requires signing, can a virus get into a device? A virus that does not use sensitive features of the device, which means do not need signing, may get into a device easily. For example, a virus that displays annoying messages. Unfortunately, a virus that makes a phone can get into a device easily too because it does not need signing. How about dangerous viruses? There are still possibilities for them to get into a device. Someone must find a way to 1) sign the virus; or 2) install a root certificate to the user’s device that can verify virus’ signature. Both of them are not trivial tasks.
There is another possibility for advanced users to get infected by trojan. They may sign trojan themselves using developer certificates. It sounds silly, but it may happen that someone install trojan that is signed by himself. Why? There are some developers that release distribute unsigned version of their applications. How do we sign them? We can sign them using developer certificates that are bound to our devices (see also these instructions on Mobile9).
Back to the original question, do we need anti virus on Symbian OS 9 devices? Personally, I am not too worried about virus because of the reasons that I have explained above. As long as we always install application from trusted sources, we should be fine. However, if you are a little paranoid or don’t really know how to differentiate between “trusted” and “unknown” sources, having an anti virus may be a good idea.
What I find more useful is actually anti-spam application, which is part of Trend Micro Mobile Security too. It protects us against spam that may come from SMS, for example. This may not be a critical issue either because network operators should be aware of this threat. They should have “something” that prevents their customers from receiving spams, but who knows… 
7 Responses to “Do We Need Anti Virus for Symbian OS 9 Devices?”
Comments are disabled.
March 26th, 2007 at 2:44 am
Antony,
Malicious code can still do damage even on v9 phones. It\’s not just a question of what they can do, but also what the user allows them to do. The unexperienced user, I mean. The one who thinks the PlatSec solves her security problems and she doesn\’t need to bother with viruses. The one who keeps Bluetooth on while in (public) traffic and presses Yes-Yes-Yes to every question just to have the process finished asap. The one who doesn\’t care of exclamation marks, who grants UserRead/WriteData capabilities to any apps. The average user, I mean.
March 26th, 2007 at 8:34 am
@Tote: I fully agree with you. That’s why I said in my posting that somone who doesn’t know how to differentiate between trusted and unknown sources may want to install anti-virus.
March 27th, 2007 at 12:55 am
Modern viruses/trojans are all about social engineering – if user wants to install “that perfect game”, he can do it whoever the signee is. And then even if minimal capabilities are allowed, there always can be some platform bug that can be used for raising the capabilities.
Though I’ve never heard about such a virus for Symbian 9. Maybe Symbian 9 is too small market and still brings little profit for viruses
May 15th, 2007 at 9:16 am
Hello,
Can we store some sort of persistent data into the private folder? I mean can the application reuses some data it stored in the \private folder in previous session.
And more important, does *private* really mean *private to the application* or is it just a kind of sandbox? For example, the owner of device can siphon off the data from \private folder by the backup activity.
Also, a malicious application with AllFiles capability can access the \private folder of any application too.
May 15th, 2007 at 10:08 am
@van: Private here is similar to sandbox. Applications with AllFiles capability have full access to it. Fortunately, only very few applications can have AllFiles capability. Symbian and phone manufacturers control this capability very carefully.
About backup activity, by default, any files on the \private folder will not be backed up. Only when developers instruct Symbian Installer explicitly in their backup_registration.xml file then it is going to be backed up.
May 17th, 2007 at 9:25 am
Tks bro,
I posted a similar msg in Nokia forum and receive the same answer:
http://discussion.forum.nokia.com/forum/showthread.php?t=108093
But sbd manage to play some sort of trick:
\
May 19th, 2007 at 5:32 am
Here is the URL:
http://www.imserba.com/forum/showthread.php?t=80947