Do we really need mobile Anti-virus ? AVG for WP7 released
Posted Wednesday, September 7, 2011 at 7:35 pm by Jason Cartwright
Desktop anti-virus is an absolute necessity, with an unprotected machine online lasting only a few minutes before becoming infected. So how about our data-powered mobile devices of today, do they too need AV protection ? Today arrives a Windows Phone application from security company AVG, it serves two main functions.
The AVG WP7 app allows you to scan files stored on your device for infections. Strangely it seems only audio and image files are scanned, with videos and documents being missed out, at least according to the report. AVG’s inability to scan documents created, is likely a result of the sandboxed nature of application storage. Typically desktop AV sits at a lower level of the OS, allowing it to access all parts of the disk.
The other feature of the app is a ‘secure’ browser. This works by checking links on request, before visiting the site. Should the site be known to be malicious, the user will be prevented from visiting the site, with a warning displayed. While you may be ‘safer’ you are actually giving up some functionality of the IE browser built into WP7. Particularly to those devices running Mango and IE9.
While mobile platforms are experiencing exponential growth, in reality malicious sites and software is still, on a whole, targeting Windows. It’s a similar situation to MacOSX, AV providers will try and sell us on the idea of the need for security everywhere, but the reality is, right now, there’s very little need. There’s certainly a case for this to change at some point in the future, but the protection needs to be automatic and transparent to the user.
The user-initiated scanning provided in this app, really isn’t the solution. Security vendors need to work with Microsoft to get lower-level access, while being acutely aware of the performance impact on lower-powered mobile devices.
The AVG app is available in the WP7 Marketplace now.
Exclusive: Interview with Eugene Kaspersky
Posted Monday, May 30, 2011 at 10:55 am by Jason Cartwright
On Friday 27th of May, I had the chance to sit down for an exclusive interview with Eugene Kaspersky. We discussed his work at AusCERT 2011, Kaspersky AV/IS 2012, the emerging mobile threats, the importance of choosing the right staff, company culture and much more.
One of the more interesting responses from Eugene was that Microsoft’s Security Essentials, available for free, has remarkably had almost no impact. He believes consumers recognise that free solutions don’t contain the technologies and features of a paid solution.
Are 95 Million CityVille players at risk of cross-site scripting ?
Posted Tuesday, February 22, 2011 at 4:59 pm by Jason Cartwright
The insanely successful Facebook game – CityVille by Zynga has more than 95 million active monthly users. An amazing figure, but are those users at risk of cross-site scripting attacks. If you not familiar with XSS, its a vulnerability in web applications, using this attacker can steal users’ information.
This is pretty alarming considering its connected to your Facebook account, the place that you’ve shared a lot of your personal data.
Internet Explorer 9 certainly thinks so, displaying the following information bar to users – “Internet Explorer has modified this page to help prevent cross-site scripting.”
If your a CityVille user and haven’t ever seen a message like this, that’s likely because your not using IE9. It is after all still in release candidate stage, so I wouldn’t expect many of the 95 million would be. Due to IE9’s improvements in security the cross-site-scripting vulnerability may have been there all along, but only picked up by new protections.
From the message, it suggests that IE9 actually modified the page (read removed the bad code), preventing it from running, so you should be safe.. assuming you’ve never used CityVille with anything else but IE9.
Windows Live Hotmail goes SSL, passes by Google*
Posted Wednesday, November 10, 2010 at 8:45 am by Jason Cartwright
Gmail users concerned with security were able to enable SSL connections to their mail for over a year now. A few months ago, Google turned this on by default for all users, problem is, this is only for gmail, not any of the other Google services. This means Calendar and Contacts are still pushed in the clear.
Microsoft have announced today that they have enabled users to turn on SSL which secures the connection between you and Microsoft servers for not only Hotmail, but also Calendar, Contacts, SkyDrive, Photo, Docs, devices.. pretty much everything. At the moment its opt-in, hopefully one the bugs are ironed out, this is in place by default.
To enable HTTPS for your Windows Live, go to https://account.live.com/ManageSSL.
Twitter helps people find you
Posted Monday, March 1, 2010 at 7:54 pm by Jason Cartwright
Stop! Before privacy advocates rush to burn twitter at the stake (assuming they’re finished with Google Buzz), please remember this latest move is entirely optional. When logging into http://twitter.com you’ll be prompted with a screen that reads ‘Be found on twitter’ and asks you confirm your profile information.
Twitter say they are aiming to increase discovery of your profile. I already have a public profile, so for me, this was a no brainer – the more followers the better.
Update
Post updated. Thanks to James for pointing out your email won’t be displayed publicly.
