> It is kind-of interesting that the capabilities you need to create > a valid anti-virus program are related to the capabilities needed > to create a valid virus in the first place.
That's often true, indeed. After all, both viruses and virus protections often need to fiddle with very deep aspects of the OS. But it is not always true. As far as viruses are concerned, they need deep tricks only if they want to do something really sophisticated - e.g., a virus which infects applications as they are launched or received via beaming - instead of just looping though all applications on the device and infecting them all at once. Good virus protections, though, *always* need it. For instance, a good virus protection has to cover all data entry points of the protected machine - so that it can intercept *any* kind of virus (sophisticated or not) before it has had the chance to do its thing. The same kind of problem (viruses have it easy, anti-virus programs have it hard) is true in some other aspects, too. For instance, a virus writer doesn't care whether his virus is compatible enough and would be satisfied if it can run on just a few devices and/or would infect only some kinds of applications. (For instance, I've seen a DOS virus that infected only files that were 17 bytes long.) An anti-virus program, OTOH, must be very compatible and run on as wide range of devices and OS versions as possible and be able to scan all kinds of executable code - or the users will complain bitterly. The general public often thinks that virus writers make good anti-virus researchers. Nothing can be farther from the truth. Making a virus is *easy*. Trivial, I would say, although I'm probably biased; I've seen so many viruses that everything there seems obvious to me. Making a good anti-virus program, OTOH, is *much*, MUCH harder - and requires a completely different set of skills. > The problems you are having is probably one of the reasons that > so few Palm OS virus's exist. Nahh. They would be a reason not to have viruses that infect on launch or on beam - it wouldn't be a reason not to have many other kinds of viruses. No, the reasons why there are so few (one, really) viruses for PalmOS are the following: 1) Like it or not, it's not a popular evironment. There are tens of millions of Windows users - and probably just a few thousands of PalmOS users. It's not a popular environment even among the PDA users; it currently has about only 6% of the market. (Symbian, for instance, has about 60% of it.) It used to be much more popular - it had 90% of the market in 1999 - but, I guess, the virus writers (and Palm, Inc.) missed their chance. 2) The pattern of information sharing is not very virus-friendly. Users don't often pass executables to each other (although it does happen occasionally) - they mostly download from centralized archives. Again, let me emphasize, this doesn't make virus spread *impossible* - after all, somebody could intentionally upload virus dropper to one of the popular archives. But it is much less likely to happen and is easier to protect against than, say, somebody double-clicking on an executable e-mail attachment under Windows. 3) Net connection was weak till recently. While a virus could beam itself to another device, it would be virtually impossible to succeed doing so without the consent of the recepient. Very few PalmOS devices used to have Internet capabilities, too. The mail clients were not very friendly to executable attachments. It wasn't easy to target the pupulation of PalmOS users by spamming them with some malware. These things are changing, though - what with viruses spreading via MMS and stuff... So, while viruses for PalmOS are definitely possible and even exist, they are certainly not a threat - yet. There is a potential of them becoming a threat there, though - which is why I am writing my application. Of course, it's always possible that PalmOS will go the way of AmigaOS first (i.e., essentially die, despite the existence of fanatical enthusiasts who just won't admit that the OS is dead) - which is why I'm doing it for fun, in my spare time; it's not an official project of our company and I can't epxect to get any of the company's resources like programmers, etc. (Although I obviously know how to program, I'm not a professional programmer myself; my real field of expertise is computer anti-virus research. I design algorithms for virus detection, design data structures to be used by our products, reverse-engineer file formats, maintain a virus collection, that sort of thing.) > However, you should not 'dis' PalmOS, just because you are having > difficulty writing an anti-virus program. That depends on your definition of "dis". :-) As I said, PalmOS is great for some kinds of tasks. It just sucks from the point of view of the developer of anti-virus software. And I have every right to "dis" any OS I want from this point of view - since I suspect that I know more about this field than anyone else here. > I don't believe that Palm OS was deliberately constructed to make > it difficult for virus writers, Of course not - no OS ever was. Even the so-called "provably secure" ones (e.g., the ones based on the Bell-LaPadula model with mandatory access rights) are vulnerable to viruses. Although I'm hearing rumors that the next version of Symbian will have features that would make virus spread very, very difficult. It will run only cryptographically signed applications and what an application is allowed to do would be enforced via cryptographic policy (so that an infected calculator won't be allowed to run in the first place - and, even if it is, won't be allowed to, say, send e-mail). That, too, won't make viruses *impossible* - but it *will* terminate them as a real threat. Microsoft did something like that in Office 2000, which is why the macro viruses are disappearing as a threat - although they are still possible and are being created, of course. I think I also heard some rumors about the future PalmOS devices running only digitally signed applications, which would be a good thing, from the point of view of anti-virus protection (although both users and some developers are going to hate it). > but it does tend to make it difficult for them. Oh, no it doesn't. Writing a virus for PalmOS is *trivial*. It's the making of a good anti-virus protection that's difficult. :-) > My suggestion (again) is you need to setup a rock-solid NDA with > PalmSource, persuade them that you are providing a necessary > service, and get access to to the low level knowledge you require. Thank you for your suggestion. I have thought of that - but it is not worth the effort, for the following reasons: 1) Our company already has experience with this kind of thing - we have signed an NDA with Microsoft, for instance. The result was rather disappointing - we're getting very little information that we couldn't get by other means and the NDA gags us so that we can't easily share our knowledge with other anti-virus researchers. 2) I don't see what PalmSource could tell us under NDA that would be really useful to us. I doubt very much that there is some "secret" way to intercept applications beamed by the Launcher under OS 5.x or to intercept application launching in OS 6.x. My frustration was not caused by my lack of knowledge - when I lack knowledge about something, I keep digging until I aquire it. My frustration was caused by discovering that what I needed to do couldn't be done. If anything, it is PalmSource that could gain from us - by listening to our advice about what changes to make in theis OS, in order to make it more difficult for viruses and easier for the anti-virus programs. However, I very much doubt that they would be willing to listen. 3) Given that there is just one PalmOS virus, that it is a rather silly one and very unlikely to spread, how can we convince them that we're providing a useful service? In my experience (Microsoft, IBM, Nokia) big companies don't like to listen to "what might happen in the future" arguments. In fact, it's hard enough to make them listen to arguments related to what's happening right now - especially if it means that their product is somehow deficient and needs to be fixed. :-) It is also the reason why, when ready, my application will be free. Currently, viruses (although certainly possible and existing) are not a threat for the PalmOS environment. I don't think that it would be practical trying to convince the users to pay for something that would (maybe) protect them in the future, when/if viruses become a threat. True, some anti-virus producers do sell versions of their product for PalmOS (although it usually comes bundled with a version for PocketPC too) - but I don't know how well it sells; I suspect that it doesn't. Regards, Vesselin -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
