Wednesday, May 23, 2007

Symbian Signed is not an anti-virus software

The Register reported today that a new spyware for mobile phones had appeared on the horizon. It's harmful for S60 phones, too, 3rd Edition devices included. And what causes the stir in the water is that it's a Symbian Signed application.

There's a general misconception here, I'm afraid. I think the biggest problem most people don't understand that signing has not much to do with protection against malicious programs. These people don't understand that the process is about signing (surprisingly), i.e. certifying that the application comes from a well-known source. Additionally, in order for an application to be Symbian Signed it must undergo thorough testing being done by independent test houses. Since this application is Symbian Signed, it must have passed those tests.

The problem is that it's impossible to test everything an application can do. It's even possible to acquire for a capability (and get it!) just by saying that the application needs it for a different purpose. As this example shows: I can ask for e.g. NetworkServices capability and say that I need it for remote backup. And then make no mention on the fact that I will use it for other reasons, too. You know, it can be done since no-one checks the source code, it's not part of the approval process for Symbian Signed certification. And it will never be, I suppose, as no-one will ever share their best kept secret (i.e. the source code) with outsiders.

What Symbian (Signed) could do better, though, is that they shouldn't advertise these signed applications as "trusted". Because they aren't. What you can trust, though, is that the author of a Symbian Signed application is accountable. If he/she/they produce a software that proves to contain some malicious code, then they can be "caught" and counter-measures can be taken. What counter-measures? For example, the author's certificate can be revoked and added to a list, called Certificate Revocation List or CRL for short. This list can be always checked upon on-line. For example, when a user is just about to install a 3rd party software whose author is not known (or at least not trusted), the Application Installer can do this cross-verification as part of the installation process. Pretty useful info, isn't it? Worth noting that most users are not aware of this and they have this feature disabled on their phones. Including me, but that's on purpose. :-\

Just my two cents,

Tote

Friday, May 18, 2007

My new N95 - comments

I have received my new Nokia N95 device as a reward from Nokia for contributing to the launch of their new service, Forum Nokia Wiki. I was among the top 10 Forum Nokia Champion contributors, you know. We have received something else, too, but it's still too early to talk about it. I'm planning to get back about it in a month or so.

Well, I was very excited about this device, because I must admit it was my dream device. THE smartphone that I've always dreamed of. I have read couple of reviews on it by now (e.g. on AllAboutSymbian or Symbian Freak) and I was very convinced that the only issue that these reviews had found in common was the battery. The fact that it gets exhausted very easily, very fast. That's okay, I thought, I believe that's an issue that I can easily handle. I'm sure that Nokia is aware of this problem, too, and they're on it to fix it. Not necessarily with this phone, but with future phones.

However, I think I can tell you/them a few other hints they might want to pay attention to. Or maybe not, but at least I did not keep my comments secret on this great device. :-)

  • Lack of memory card in the package. This is the third device from the N-series that I have got without any multimedia cards. First, an N90, second an N73, now it's an N95. Hey, it's a multimedia phone and I can hardly believe that the built-in storage is sufficient for multimedia purposes. And I can't believe it, either, that Nokia is to save some money on NOT including a memory card in their sales package, because the price of such a piece of hardware is so low. Then why is it not included?
  • Battery. The topic that I have already mentioned. It's just right my second day, but it has already proved to be true that I need to charge the battery once a day. I was already recommended to get used to it, now I'm on that path. :-|
  • GPS. This is the first GPS device of mine, so I don't know too much what to expect from it. I can see, though, that the built-in program is data-hungry and tries to get that data from the internet (without a network connection it doesn't really work, i.e. is not really useful). It's not a good sign for me, because I have decided not to spend too much money on using GPS, but try to keep my spending as low as possible. Perhaps the installation of additional maps will solve the problem, I don't know, I'm just hoping that.
  • Connected to TV. There is an RCA jack included in the package with which we can attach the phone to the television so that you can see it real-time on your telly what you're doing on your phone. It's a pretty nice feature that can be used, among others, for demoing, showing your pictures/video/etc. to your family, browse the web in full screen on your tv, etc. However, for some reason, voice was not audible when I was e.g. playing a game. I'm unsure as to where the problem is - on my phone or with my TV, in any case, it's waiting to be fixed. Just tell me if you have experienced this and managed to get over with it.
  • Localisation. You know, I'm from Hungary, Europe and although I'm pretty much happy with using English I've already got used to using T9 on my phone. It's such a brilliant feature that now I can hardly live without (at least in terms of short messaging:). The problem is that as I have forgotten to indicate my wish to have Hungarian language included on my phone I can't make use of (Hungarian) T9, either. Unless somebody smarter than me enlightens me how to fix this problem with the least pain.

That's it for now! By the way, before I forget: thanks, Ron and Forum Nokia, for this great device. It was really worth the effort of contributing to the Wiki. I wonder if others know that they can win an N95, too. :)

Cheers,

Tote