back to article Symbian signing is no protection from spyware

Spyware for Symbian version 9 is now available signed and verified through the Symbian Signed process, according to anti-malware specialist F-Secure. Though such applications track what the user is doing and automatically upload that information to a remote server, at least one application is carrying a Symbian Signed …


This topic is closed for new posts.
  1. Dillon Pyron

    Symbian signed?

    Symbian signed, but not by Symbian? Much as I dislike MS, at least when you get a signed driver, you know it's been vetted by MS. I would have thought the same would apply to Symbian. Looks like I'm sticking with my Moto V551 for a while longer.

    Must invest in F-Secure and others developing security products for smart phones, that seems to be "the next big thing".

    Dillon in Tejas, who has more compute power in his office than some third world countries.

  2. Anonymous Coward
    Anonymous Coward

    Who Set Up FSecure as God Anyway?

    The key point here is not that FlexiSPY is Symbian Signed, but that a company like FSecure has the nerve to set itself up as some kind of moral authority on legitimate software.

    Let us imagine for a moment, that the next version of FlexiSPY detected the existence of FSecure, and unilaterally decided to identify it as a Virus or Malware, and either disabled FSecure, or advised uninstallation of the FSecure product, would that be justified?

    FSecure have set themselves up as judge and jury and refuse to engage in a discussion with Vervata, whose products they are interfering with. Indeed, they are probably on dubious legal grounds here, and this is something that will be interesting to investigate. As I recall, there have been precedents for this kind of action, and the issue of Gator lawsuits comes to mind . However that is an avenue that no one needs to pursue if FSecure would actually respond to contacts from the companies whose products they interfere with.

    Lets recall the first release of FlexiSPY, and that FSecure made claims that it could be transmitted and installed without the user knowing what they were doing. Vervata immediately made changes to the dialogues to address these concerns and send copies to FSecure. Did that please FSecure? Of course not! They are more interested in fear mongering about mobile Viruses, as one cant imagine the current threat level of mobile viruses could keep a FSecure engineer busy for more than a few hours per week!

    The real question is one of defamation and the freedom to install what you choose on your devices. Let us ask once again, who made them judge and jury regarding commercial, signed applications, that can be traced to the source and makes the nature of its operation blatantly clear. I suspect, as many of us in the industry do, that the issue of Viruses in the mobile space is not significant enough for FSecure to have a business case for their product, but I do understand that they have to earn a living. However, there must be checks and balances, and FSecure need to be accountable for their decisions. Until that happens, developers will have no choice but to ask the user to remove FSecure, or ask for the users permission to kill the FSecure process every time it is detected.

    Until FSecure start becoming answerable for their interference with legitimate third party applications, it is FSecure and not Vervata that must be considered a rogue company and producer of Malware.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021