Reply
Thread Tools
Posts: 66 | Thanked: 17 times | Joined on Apr 2008
#1
I do wish that Nokia had thought of a product name that led to a better acronym, btw...

Anyway. As I understand - based on nothing but googling - the situation on security is this:

- There are such things as linux software keyloggers, and in theory any app you install on your Nit could install one? App's aren't run in a sandbox mode, or secured in any other way?

- There's no firewall software for the Nit, so a keylogger wouldn't have a problem getting your paypal password and whatever other details it could steal out to the world once it had them?

- There's no sign of this or anything like this ever having happened? although it seems to be much on the mind of Nokia's legal dept, judging from the warnings about non-Nokia sw App Mgr provides

- Virus and logger attacks on Linux systems are extremely rare in the wild (possibly because Linux systems are assumed to be competently firewalled? which, of course, the Nit's aren't, and can't be)

In summary, security seems to be based on "We hope no one ever bothers to attack." Which may well be the case, and will probably work given the (regrettably) low profile the platform has, but it still means that I won't be using the thing to access my regular mail accounts, but only the backups I keep for accessing on hotel machines, etc.

Anyway, *if* the above is true, then my biggest wish for OS2009 is a firewall.

(I remember seeing a Nokia site with advice on security on the Tablets, but every time I've clicked it, it failed to work.)
 
tabletrat's Avatar
Posts: 481 | Thanked: 65 times | Joined on Aug 2007 @ Westcountry, UK
#2
Originally Posted by meanwhile View Post
I do wish that Nokia had thought of a product name that led to a better acronym, btw...

Anyway. As I understand - based on nothing but googling - the situation on security is this:

- There are such things as linux software keyloggers, and in theory any app you install on your Nit could install one? App's aren't run in a sandbox mode, or secured in any other way?

- There's no firewall software for the Nit, so a keylogger wouldn't have a problem getting your paypal password and whatever other details it could steal out to the world once it had them?
I don't see how a firewall would help you in this situation.
A software firewall only protects you from software outside trying to get in, it can only provide minimal protection the other way (well, it could provide more, but that would be irritating). Also the other disadvantage the firewall would have is if you can control it, something running as you can control it too and switch it off.

I would say it would offer you the worst of all worlds - it would give you an sense of security that just wasnt true.
Better to make sure you know what is running on your NiT
 
Posts: 187 | Thanked: 27 times | Joined on Apr 2007 @ Southampton, UK
#3
Its important to note that while software like keyloggers could be installed on an nit it would require the user to install it. This is why one should only install software from trusted sources. One of the advantages of open source software is that if you have the skills you can look at what the software does, so you could find out if it had maliscious code in it.

Its also important to note that because of the linux architecture no software can be automatically be installed from visiting a website as you have to set any file downloaded as executable.
__________________
There is no place like /home.
 
qwerty12's Avatar
Posts: 4,274 | Thanked: 5,332 times | Joined on Sep 2007 @ Looking at y'all and sighing
#4
Also how many armel keyloggers do you find? ;p

Actually, one arm keylogger elf was compiled for my sony ericsson w810....
 
Posts: 66 | Thanked: 17 times | Joined on Apr 2008
#5
Originally Posted by tabletrat View Post
I don't see how a firewall would help you in this situation.
A software firewall only protects you from software outside trying to get in, it can only provide minimal protection the other way (well, it could provide more, but that would be irritating).
Mine certainly only allows the connections I authorize. Implemented properly, it isn't irritating at all.

Also the other disadvantage the firewall would have is if you can control it, something running as you can control it too and switch it off.
That's not a disadvantage, it's a flaw - a disadvantage would be if having the firewall was worse than not having it, whereas you're arguing that the firewall isn't *perfect*. Yes: I certainly wouldn't have a machine without a virus checker and other protective apps as well as a firewall.

Otoh, switching off a firewall probably means GUI interaction (or certainly the firewall can be designed that way) so the effort for the virus writer has gone way up. Or his job may be impossible, doing on what the OS allows.

I would say it would offer you the worst of all worlds - it would give you an sense of security that just wasnt true.
This is an argument that the Religious Right uses over condoms and Aids. The empirically observed result is death among believers.

(Hint: do you drive through stop lights because you are wearing a seatbelt? Employing a safety measure doesn't flip a magical switch in the human mind to forget about a problem - it just means that the person has taken a step to reduce the threat level. If you believe otherwise, good luck with the campaign to ban seat belts, motorcycle helmets, firearm safeties, safe sex education, tetanus shots, safety shoes, parachutes, and fire extinguishers and exits.)


Better to make sure you know what is running on your NiT
But you don't in any meaningful sense, unless you wrote every line of code running. Unless you're referring to some sort of runtime monitoring tool?

Last edited by meanwhile; 2008-04-13 at 20:40.
 
Posts: 66 | Thanked: 17 times | Joined on Apr 2008
#6
Originally Posted by peterjb31 View Post
Its important to note that while software like keyloggers could be installed on an nit it would require the user to install it. This is why one should only install software from trusted sources.
...Which would restrict most users to Nokia's own software and very little else.

One of the advantages of open source software is that if you have the skills you can look at what the software does, so you could find out if it had maliscious code in it.
Yes: if you have excellent programming skills and nothing else to do, this is certainly an option. Hands up everyone that will work for..?

The real security advantage of Open Source is the hope that enough people are looking at the code for a project so nastiness will be revealed by one of the people on the project. I have my doubts that development is active enough on the platform for this to work.

However I would agree with openness as a crude heuristic for greater trustworthiness: if I was an attacker, I'd write a useful non-open source program for the platform - probably a good PIM.


Its also important to note that because of the linux architecture no software can be automatically be installed from visiting a website as you have to set any file downloaded as executable.
My concern is definitely with the apps that users choose to install.
 
Posts: 137 | Thanked: 70 times | Joined on Mar 2008
#7
Yes, checking source, signatures,chksums of packages is always a good practice. clamav-for virus checking works well ,also rkhunter for rootkit checks ,denyhosts for blocking ssh connections if you do leave port 22 open; and am sure other open source security tools should work well on the IT.
 
brontide's Avatar
Posts: 868 | Thanked: 471 times | Joined on Oct 2007 @ Capital District, NY, USA
#8
Originally Posted by meanwhile View Post
Mine certainly only allows the connections I authorize. Implemented properly, it isn't irritating at all.
Of course the keylogger could just use the web or mail to export the data. A firewall is virtually useless for stopping outgoung data.

Of course the easier vector is just to dump all the plaintext passwords store in the NIT as well as MicroB and cookies. Installing the malware is easy as most .install files are downloaded over http. and could easily be be subverted with additional code.

Easier yet is just to add code to pidgin.

Reallistically it's not worth the time... even code that subverted 50% of the NIT's thats still less systems than code that subverted .001% of the windows boxen out there.
 

The Following User Says Thank You to brontide For This Useful Post:
tabletrat's Avatar
Posts: 481 | Thanked: 65 times | Joined on Aug 2007 @ Westcountry, UK
#9
Originally Posted by meanwhile View Post
That's not a disadvantage, it's a flaw - a disadvantage would be if having the firewall was worse than not having it, whereas you're arguing that the firewall isn't *perfect*. Yes: I certainly wouldn't have a machine without a virus checker and other protective apps as well as a firewall.
I have several and always have had.

Originally Posted by meanwhile View Post
Otoh, switching off a firewall probably means GUI interaction (or certainly the firewall can be designed that way) so the effort for the virus writer has gone way up. Or his job may be impossible, doing on what the OS allows.
Almost never means GUI interaction. Anything you can control in any way, can be controlled by any other thing If you have a virus/keylogger/whatever, it is running at the same privilege level as you, so it can control your firewall as well as you can. Maybe even better because it is putting effort into it.


Originally Posted by meanwhile View Post
This is an argument that the Religious Right uses over condoms and Aids. The empirically observed result is death among believers.
That is going to an extreme to try and prove an argument. It is nowhere near the same level of importance.

Originally Posted by meanwhile View Post
(Hint: do you drive through stop lights because you are wearing a seatbelt? Employing a safety measure doesn't flip a magical switch in the human mind to forget about a problem - it just means that the person has taken a step to reduce the threat level. If you believe otherwise, good luck with the campaign to ban seat belts, motorcycle helmets, firearm safeties, safe sex education, tetanus shots, safety shoes, parachutes, and fire extinguishers and exits.)
Again, going to an extreme to try and prove your point doesn't make it any more valid.
But no, employing a safety measure does statistically flip a switch to reduce the thought about the problem. Ok, you are not going to go into your daft example, but many studies have shown that people employing safety mechanisms do actually think less about a problem. Especially when that safefy mechanism is more of a placebo.
A hardware firewall is a fantastic thing. A software firewall is better than nothing from protecting you from the outside, and gives you some protection from the inside.

Originally Posted by meanwhile View Post
But you don't in any meaningful sense, unless you wrote every line of code running. Unless you're referring to some sort of runtime monitoring tool?
No, I am referring to knowing what you install on your NiT, and knowing where it came from. You can't be expected to know every line of code running, but you can be expected to know what you have installed, and know what level of trust you give that code.
 

The Following User Says Thank You to tabletrat For This Useful Post:
Posts: 1,950 | Thanked: 1,164 times | Joined on Jan 2008 @ Seattle, USA
#10
Originally Posted by brontide View Post
Reallistically it's not worth the time... even code that subverted 50% of the NIT's, thats still less systems than code that subverted .001% of the windows boxes out there.
So Nokia's failure to include a PIM app is actually intended to be, in a roundabout way, a security feature!
__________________
.
. .

Help Save This Forum
for N8x0/Diablo Users! Register and Vote for Solution #1 on this Brainstorm. (The Solution will let you see New Posts with any threads you choose -- like the N900 and Maemo5/Fremantle threads -- filtered out.) (To understand the Solution better, see these posts #17, #18, and #19.)
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 04:34.