> The structure of PalmOS is such that a "virus" or "worm" in the > classic sense, while not impossible to write, is darned difficult > to propogate.
With all due respect, this is false. It could propagate on HotSync, on beaming of applications, on memory card insertion, via WiFi/Bluetooth/whatever, etc. > There really isn't a way for malicious code to add itself to an > already existing binary. With all due respect, this is *utterly* false! Overwriting infection is trivial - this is what the Phage virus does. Companion infection is simple - this way you can make even the applications in the ROM look infected. Parasitic infection is only a bit more difficult, if you're writing the virus in C - but for something written in assembly language, it's not a problem. > It could conceivably attach itself, but there really > isn't a way to get the system call it once it has done so. With all due respect, this is false. From the point of view of the system, it will be just calling the original application. > About the only you could do is write a trojan. Even then, there > is no way for it to surreptitiously send itself to anoth palm > device. With all due respect, this is probably false. I am not familiar enough with the PalmOS support of Bluetooth, but on the Symbian platform even Trojans can spread like wildfire through this mechanism. > When a binary IR beams or bluetooth transmits itself, a > notification pops up on the receiver. The receiver must accept > the program in. So what? On a PC running Windows, nowadays most viruses send themselves as e-mail attachments. The user not only has to "accept" the attachment - in most cases s/he has to actively double-click on it, in order to run it. Nevertheless, such viruses spread like wildfire all over the world. As a mass, the users are less intelligent than you seem to give them credit for, alas. :-( > Once a malicious piece of software is in place, it can set alarms > to cause itself to be invoked repeatedly Oh, that's only one of the possible mechanisms - in fact, one of the less likely ones to be used. There are much simpler ways in which a virus can receive control. > But it really can't replicate itself. With all due respect, this is UTTERLY wrong. > We haven't seen viruses for PalmOS really. Who's that "we"? There is one virus for PalmOS (and several Troajan horses) - and I have definitely seen it. Perhaps you mean that it hasn't become prevalent, so the general public hasn't seen it? That is correct - it's a silly overwriting virus, after all. However, much more sophisticated ones are possible. The only reason why we haven't seen them already is not because PalmOS is somehow "virus-proof" (it ain't) - but because, like it or not, it is not widely used enough to catch the attention of the virus writers - and since one virus for it already exists, there isn't even the incentive of being "the first to write a virus for that environment". But that could change... > it really isn't possible to write the the kind of > self-reinfecting code that more advanced OSes make possible. In a sense, PalmOS is more "advanced" than MS-DOS was - and there are thousands of viruses for MS-DOS. *Any* sufficiently general and open OS allows viruses to be written for it - yes, even Linux and MacOS, and hundreds of viruses for them exist, although many people refuse to believe this. It is not how "advanced" an OS is that is important - it is how *popular* it is. Of the mobile OSes, currently Symbian has about 60% of the mobile market - that's why right now the virus writers are targeting mostly that OS. > Basically, there's no sport in wrecking a PalmOS handheld. Do not make the mistake of equating a virus with mindless destruction. There are many other things a virus could do. If it can just spread itself widely, that often is satisfaction and incentive enough for its author. PDAs are often used to store sensitive personal data that might be worth to be stolen. Some companies even use them as secureID generators. Take a look, for instance, at this paper: http://downloads.securityfocus.com/library/security_analysis_palm_os.pdf And if you think that what's described in it is scary, let me tell you that its authors don't really seem to have a good grasp of what is really available to a virus writer on this environment; they seem to come from a security environment; not from an anti-virus environment. Much, much worse things are possible than the ones described in that paper. > Besides which, if a program load bricks your handheld, you wipe > it and do a restore sync. Oh, really? And how do you know which program it was? What if it starts doing its damage one month after you installed it? What if the damage is not "wipe everything out at once" but is insted "change a few bits here and there"? What if instead of doing the damage itself, it Trojanizes *other* programs, so that *they* do the damage when you launch them? And what if, meanwhile, the program has spread itself to other devices? > You can't bring a program payload over in sending or receiving > mail I'll admit that I don't know whether this is true. Can't you receive e-mail with attachments? If the e-mail says "look at the great Palm application in this attachment", many users will run the attachment, if they could. What about Bluetooth/WiFi/MMC? Again, I don't have such a device, so I admit that I don't know what is possible there - but at least under Symbian there are viruses that spread via Bluetooth and MMC. Regards, Vesselin -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
