GROWTH IN THE WIRELESS MARKET
The world is going mobile. While the lack of affordable mobile phone service is a fairly recent memory for many consumers, today, most consumers take for granted the ability to communicate with friends and family anywhere, anytime, at a reasonable cost. At the same time, mobility is the watchword today in business. Global prosperity and an even faster pace of business are driving the desire for employees, partners, and customers to be able to communicate, without regard for location. The estimates of wireless device pervasiveness grow with the release of each new. The estimates of wireless device pervasiveness grow with the release of each new analyst report. Some industry analysts estimate that the number of wireless devices worldwide will outnumber desktop and notebook computers four to one by 2005. One research firm predicts that 525 million WAP-enabled (wireless application protocol) handsets will be in users’ hands as early as 2003. International Data Corporation1 puts the number at 1.3 billion WAP-enabled handsets worldwide by 2004, up from 99 million in 2000.
And the migration from simple voice communication to data communication is underway in earnest. According to Cahners In-Stat Group2, the most successful wireless data system is the short message service (SMS) on Global System for Mobile Communications (GSM) networks. Cahners points out that in a single month early this year, users sent 8 billion SMS messages worldwide. Interestingly, for many users in some parts of the world (including most notably, Japan), the wireless device is the most prevalent mode of accessing the Internet, compared to PC Internet access. More than 200 million SMS subscribers already dot the globe, and Cahners projects 742 million worldwide wireless Internet subscribers in 2004 and 607 million SMS subscribers in the same year
OVERVIEW OF THREATS AND POTENTIAL DAMAGE
Yet, like each new communication and computing medium before it, wireless voice and
data communication presents the opportunity for less desirable applications. The rapid
spread of wireless communications presents new opportunities for hackers, disgruntled
employees, and others to prove their prowess in spreading viruses and malicious code.
On the surface, the vulnerability of wireless devices to viruses and malicious code threats
appears to follow the same patterns of vulnerabilities that the wired world has
experienced. Yet, upon closer inspection, the vulnerabilities are more numerous and
complex. Such threats to the wireless community can be categorized into three groups:
Ø Application-based threats
Ø Content-based threats
Ø Mixed threats (a power-packed combination of application and content-based threatsnot yet seen in the real world)
APPLICATION BASED THREATS
In the wireless world, application-based threats are posed by executable malicious code that latches on to existing, or new, wireless applications. Application-based threats are potentially present anytime a software program is downloaded to, or executed on, a wireless device particularly when the program is downloaded or received from an unknown source. In the wired world, these threats are roughly analogous to the early viruses borne by executable programs (which were later superceded by the rise in Macro viruses-malicious code borne by non-executable files). The first malicious application-based program that specifically targeted the Palm operating system (OS) used in Palm Pilot personal digital assistants (PDAs) was called “Liberty Crack.” The free software, which could be downloaded from a Web site or accessed via Internet relay chat (IRC) rooms, pretended to convert the shareware Liberty Game Boy program into a registered version. When the program was executed, the user was not aware that, in the background, the program was deleting all executable applications in the handheld device. Liberty Crack did not affect the underlying Palm operating system or the embedded applications. Since the discovery of Liberty Crack, antivirus experts such as Trend Micro have been tracking a number of other application-based, potentially destructive Palm programs, including Palm Phage-the first known virus designed to affect Palm PDAs. First seen about one month after Liberty, Palm Phage infects all third-party application programs when executed. Instead of running normally, infected executable files infect other thirdparty applications programs. Palm Phage can theoretically spread to other machines when the Palm is synchronized with a PC or when a Palm beams data via an infrared link to another Palm. At about the same time, several joke programs were observed on PDAs that operate on the EPOC operating system. Little more than nuisances, these programs (e.g., EPOC_Alone.A and EPOC_Ghost.A) disturb users by sounding an alarm or flashing lights on the EPOC-enabled device. While these programs do not spread from device to device, they demonstrate that malicious code can cause bothersome disturbances on wireless devices. Furthermore, the wireless world is seeing the regular birth of new technologies, with more on the horizon. Some of these technologies will expand the functionality of the
CONTENT BASED THREATS
In content-based threats, the content (e.g., derogatory messages) is the threat, or malicious use of the content is the threat (e.g., spamming of email). While email has become the “killer app” of the wireless world, it is also one of the most vulnerable to attack. Hence, the most common content-based threats to the wireless infrastructure occur through infected email or spam mailThe first content-based Trojan to attack wireless devices occurred in June 2000 with the appearance, in the wild, of the Visual Basic Script (VBS) Timofonica on the wireless network of Madrid, Spain-based Telefonica SA. Timofonica spread by sending infected email messages from affected computers. When an infected email reached a PC, it used Microsoft Outlook 98 or 2000 to send a copy of itself via infected emails to all addresses in the MS Outlook Address Book. This enabled the Trojan to spread quite rapidly. In the wired world, this behavior is similar to that of the “ILoveYou” email virus that caused worldwide damage estimated as high as $700 million in May 2000. But Timofonica was more than an email virus. For each email it sent, the Trojan also dispatched an SMS message to a randomly generated address at the “correo.movistar.net” Internet hostAlthough the program reached out into the wireless world, it propagated via land-based PCs and emails, not from phone to phone directly. Nevertheless, Timofonica demonstrated in-the-wild, the ability of malicious code to tap into the wireless infrastructure and spread with great speed.
MIXED APPLICATION/CONTENT BASED THREATS
The third type of threat is worse than the previous two types combined. While not yet seen in the wild or even in the laboratory, a threat that integrates techniques from both of these threat types could be formidable indeed. Imagine a virus that involved the unwitting download of sophisticated malicious code attached to a shareware program that wiped out wireless device applications and propagated itself rapidly across the wireless infrastructure via address books of email. Such a virus could cause damage to each device it encountered and spread across a country, or across the world, overnight.
SOLUTION TREND MICRO’S TOTAL VIRUS/MALICIOUS CODE PROTECTION
A PROTECTION SOLUTION FOR WIRELESS INFRASTUCTURE MUST HAVE THE FOLLOWING ATTRIBUTES:
• Multiple layers of protection to address the various entry points and transmission
paths of viruses and malicious code
• Integration of centralized management of all antivirus solutions including
maintenance of gateway, server, desktop, and device-level protection
• Implementation within the wireless infrastructure for early detection to minimize
damage and costs
• Tools tailored to the wireless threat, rather than merely applying wired world tools
• Mechanisms for automatic maintenance, updating, and upgrading of virus protection
since such protection is only as good as the last update
• Involve all parties via increased awareness of the potential threat including corporate
IT managers, service providers, operating system and application developers, and end users
THERE ARE SOME PRODUCTS THAT ADDRESS THE VIRUS AND MALICIOUS CODE PROTECTION NEEDS OF THE WIRELESS COMMUNITY. THEY CAN BE CATEGORIZED AS FOLLOWS:-
· Solutions for desktop computers.
· Solutions foe wireless devices.
· Solutions for wireless gateways(e.g.,wireless server and email servers.)
DESKTOP COMPUTER SOLUTIONS: OFFICESCAN AND PC-CILLIN
Since the PC synchronization function is a key transmission path for the spread of many wireless viruses and malicious code, protection at the PC is a must. Trend Micro offers two complementary products that provide such protection at the desktop-OfficeScan™ and PC-cillin®. In 1999, Trend Micro upgraded these desktop solutions to intercept wireless viruses and malicious code before they can infect the wireless device. PC-cillin is Trend’s award-winning consumer desktop virus protection product. PC-cillin offers an attractive package of virus scanning capability, an easy-to-use interface, and minimum system overhead. Long hailed by analysts and users, PC-cillin is certified for Windows 2000 as well, and its features enable fast updating and email virus scanning. To help administrators control desktop scanning, cleaning, and reporting options centrally, Trend Micro OfficeScan Corporate Edition provides a complete solution for networks of any size. Most administrators face the challenge of maintaining adequate, up-to-date virus protection at the desktops of employees. Studies have shown that many desktop users do not regularly update, and even disable, virus protection. OfficeScan Corporate Edition essentially shifts the control and responsibility of maintaining desktop antivirus protection from end users to administrators. The product includes automated deployment options, unattended automatic software updates, scalability, and centralized real-time reporting.
WIRELESS DEVICE SOLUTIONS FOR DEVICE TO DEVICE THREATS
TO PROTECT DEVICES FROM WIRELESS VIRUSES AND MALICIOUS CODE, A SEPARATE PRODUCT IS NEEDED FOR EACH PLATFORM.THE INITIAL RELEASE OF THE VIRUS SOFTWARE INCLUDES THE FOLLOWING FEATURES:
§ Familiar User Interface - Device-specific design provides the look and feel of
applications already in use offering comprehensive control with a minimal learning
curve.
§ On-Demand Scanning - Each supported wireless device has its own antivirus scanner
than can be called upon at anytime, anywhere to check for potential threats when
they are first received.
§ Easy Maintenance - Product and Virus Pattern file updates are easily accomplished
using device standard procedures, making it easy for users to keep protection
current.
§ Minimal Footprint - PC-cillin for Wireless strikes a perfect balance between
providing effective security and efficiently using limited memory resources.
•
WIRELESS GATEWAY SOLUTIONS
Since all email sent to wireless devices and all applications wireless devices download must ultimately originate on some type of server, virus and malicious code protection for the wireless infrastructure must begin at these servers. To meet this need, Trend Micro will soon introduce
InterScan® VirusWall® for Wireless Gateways-a product specifically tailored to protect a range of wireless gateway servers from the specific threats posed in the wireless arena. Corporate administrators will install this product on their wireless gateways to protect corporate users, while service providers can install it to protect their subscribers.InterScan VirusWall for Wireless Gateways is a server-based product that integrates information flow management with virus protection at the wireless gateway. Applicable to WAP gateways, NTT DoCoMo gateways, email servers, and others, it is composed of two parts:
• VirusWall, to secure SMTP and HTTP traffic from viruses and malicious code
• eManager™, to block wireless threats by filtering content based on keywords/phrases
InterScan VirusWall for Wireless Gateways incorporates intelligence for Compact HTML (CHTML) and the Wireless Markup Language (WML), enabling detection of viruses and malicious code in these wireless Internet protocols. Trend Micro updates itsvirus pattern files at least once each week.more often as emergencies dictate or as needed. Updates can be retrieved automatically or manually.
Simply scanning for known viruses and malicious code is insufficient. As in the wired world, viruses and malicious code in the wireless infrastructure are likely to appear in many variants over short periods of time. To address this threat, InterScan VirusWall for Wireless Gateways employs rule-based technology, Trend Micro’s ScriptTrap™, which enables the analysis of virus or malicious code activity via behavioral monitoring. Using the same approach as Trend Micro’s patented MacroTrap® technology for Macro viruses, ScriptTrap scans for potentially malicious scripts in specialized protocols such as CHTML and WML. For example, if the malicious code intends to dial 911 without keys on the keypad being depressed, this code is blocked, regardless of its exact form, since the user has decided that this is never a desirable action.
eManager has been redesigned to include new rule sets that specifically address wireless content threats such as spamming (used by the recent Timofonica Trojan) and the exploitation of security holes such as buffer overflow type vulnerabilities.
CONCLUSION
The threat from malicious code in the wireless world is in its infancy. In fact, malicious
code has yet to negatively impact wireless device users. But this will soon change.
In much the same way that the Internet changed the way that viruses, Trojans, and worms
were created and distributed, the wireless world represents a fertile breeding ground for
hackers and e-vandals who are willing to exploit this expanding medium. And traditional
approaches to antivirus security will not provide the necessary security.
Implementing proactive steps now against this inevitable threat is highly recommended.
And as wireless technologies and applications expand and evolve, careful attention must
be made to update and maintain these security measures. The alternative to waiting until
the threat materializes in the wild ensures that substantial costs will be incurred in the
form of reduced productivity, loss of confidential information, and impaired consumer
confidence.
Securing the wireless world from viruses is a multi-layered effort. Wireless device users
should download and install device-based security like Trend Micro’s PC-cillin for
Wireless and use it to scan any application as soon as they receive it from any source.
Corporations must secure their networks with solutions that include provisions for
catching wireless threats as they pass through the Internet gateway, email servers, and
desktops. And Service Providers and others should plan now to implement antivirus
solutions to secure the traffic they manage for their customers.
REFERENCES
· www.google.com.
· www.howstuffswork.com.
· WEBSTERS POCKET REFERENCE BOOKS.
The world is going mobile. While the lack of affordable mobile phone service is a fairly recent memory for many consumers, today, most consumers take for granted the ability to communicate with friends and family anywhere, anytime, at a reasonable cost. At the same time, mobility is the watchword today in business. Global prosperity and an even faster pace of business are driving the desire for employees, partners, and customers to be able to communicate, without regard for location. The estimates of wireless device pervasiveness grow with the release of each new. The estimates of wireless device pervasiveness grow with the release of each new analyst report. Some industry analysts estimate that the number of wireless devices worldwide will outnumber desktop and notebook computers four to one by 2005. One research firm predicts that 525 million WAP-enabled (wireless application protocol) handsets will be in users’ hands as early as 2003. International Data Corporation1 puts the number at 1.3 billion WAP-enabled handsets worldwide by 2004, up from 99 million in 2000.
And the migration from simple voice communication to data communication is underway in earnest. According to Cahners In-Stat Group2, the most successful wireless data system is the short message service (SMS) on Global System for Mobile Communications (GSM) networks. Cahners points out that in a single month early this year, users sent 8 billion SMS messages worldwide. Interestingly, for many users in some parts of the world (including most notably, Japan), the wireless device is the most prevalent mode of accessing the Internet, compared to PC Internet access. More than 200 million SMS subscribers already dot the globe, and Cahners projects 742 million worldwide wireless Internet subscribers in 2004 and 607 million SMS subscribers in the same year
OVERVIEW OF THREATS AND POTENTIAL DAMAGE
Yet, like each new communication and computing medium before it, wireless voice and
data communication presents the opportunity for less desirable applications. The rapid
spread of wireless communications presents new opportunities for hackers, disgruntled
employees, and others to prove their prowess in spreading viruses and malicious code.
On the surface, the vulnerability of wireless devices to viruses and malicious code threats
appears to follow the same patterns of vulnerabilities that the wired world has
experienced. Yet, upon closer inspection, the vulnerabilities are more numerous and
complex. Such threats to the wireless community can be categorized into three groups:
Ø Application-based threats
Ø Content-based threats
Ø Mixed threats (a power-packed combination of application and content-based threatsnot yet seen in the real world)
APPLICATION BASED THREATS
In the wireless world, application-based threats are posed by executable malicious code that latches on to existing, or new, wireless applications. Application-based threats are potentially present anytime a software program is downloaded to, or executed on, a wireless device particularly when the program is downloaded or received from an unknown source. In the wired world, these threats are roughly analogous to the early viruses borne by executable programs (which were later superceded by the rise in Macro viruses-malicious code borne by non-executable files). The first malicious application-based program that specifically targeted the Palm operating system (OS) used in Palm Pilot personal digital assistants (PDAs) was called “Liberty Crack.” The free software, which could be downloaded from a Web site or accessed via Internet relay chat (IRC) rooms, pretended to convert the shareware Liberty Game Boy program into a registered version. When the program was executed, the user was not aware that, in the background, the program was deleting all executable applications in the handheld device. Liberty Crack did not affect the underlying Palm operating system or the embedded applications. Since the discovery of Liberty Crack, antivirus experts such as Trend Micro have been tracking a number of other application-based, potentially destructive Palm programs, including Palm Phage-the first known virus designed to affect Palm PDAs. First seen about one month after Liberty, Palm Phage infects all third-party application programs when executed. Instead of running normally, infected executable files infect other thirdparty applications programs. Palm Phage can theoretically spread to other machines when the Palm is synchronized with a PC or when a Palm beams data via an infrared link to another Palm. At about the same time, several joke programs were observed on PDAs that operate on the EPOC operating system. Little more than nuisances, these programs (e.g., EPOC_Alone.A and EPOC_Ghost.A) disturb users by sounding an alarm or flashing lights on the EPOC-enabled device. While these programs do not spread from device to device, they demonstrate that malicious code can cause bothersome disturbances on wireless devices. Furthermore, the wireless world is seeing the regular birth of new technologies, with more on the horizon. Some of these technologies will expand the functionality of the
CONTENT BASED THREATS
In content-based threats, the content (e.g., derogatory messages) is the threat, or malicious use of the content is the threat (e.g., spamming of email). While email has become the “killer app” of the wireless world, it is also one of the most vulnerable to attack. Hence, the most common content-based threats to the wireless infrastructure occur through infected email or spam mailThe first content-based Trojan to attack wireless devices occurred in June 2000 with the appearance, in the wild, of the Visual Basic Script (VBS) Timofonica on the wireless network of Madrid, Spain-based Telefonica SA. Timofonica spread by sending infected email messages from affected computers. When an infected email reached a PC, it used Microsoft Outlook 98 or 2000 to send a copy of itself via infected emails to all addresses in the MS Outlook Address Book. This enabled the Trojan to spread quite rapidly. In the wired world, this behavior is similar to that of the “ILoveYou” email virus that caused worldwide damage estimated as high as $700 million in May 2000. But Timofonica was more than an email virus. For each email it sent, the Trojan also dispatched an SMS message to a randomly generated address at the “correo.movistar.net” Internet hostAlthough the program reached out into the wireless world, it propagated via land-based PCs and emails, not from phone to phone directly. Nevertheless, Timofonica demonstrated in-the-wild, the ability of malicious code to tap into the wireless infrastructure and spread with great speed.
MIXED APPLICATION/CONTENT BASED THREATS
The third type of threat is worse than the previous two types combined. While not yet seen in the wild or even in the laboratory, a threat that integrates techniques from both of these threat types could be formidable indeed. Imagine a virus that involved the unwitting download of sophisticated malicious code attached to a shareware program that wiped out wireless device applications and propagated itself rapidly across the wireless infrastructure via address books of email. Such a virus could cause damage to each device it encountered and spread across a country, or across the world, overnight.
SOLUTION TREND MICRO’S TOTAL VIRUS/MALICIOUS CODE PROTECTION
A PROTECTION SOLUTION FOR WIRELESS INFRASTUCTURE MUST HAVE THE FOLLOWING ATTRIBUTES:
• Multiple layers of protection to address the various entry points and transmission
paths of viruses and malicious code
• Integration of centralized management of all antivirus solutions including
maintenance of gateway, server, desktop, and device-level protection
• Implementation within the wireless infrastructure for early detection to minimize
damage and costs
• Tools tailored to the wireless threat, rather than merely applying wired world tools
• Mechanisms for automatic maintenance, updating, and upgrading of virus protection
since such protection is only as good as the last update
• Involve all parties via increased awareness of the potential threat including corporate
IT managers, service providers, operating system and application developers, and end users
THERE ARE SOME PRODUCTS THAT ADDRESS THE VIRUS AND MALICIOUS CODE PROTECTION NEEDS OF THE WIRELESS COMMUNITY. THEY CAN BE CATEGORIZED AS FOLLOWS:-
· Solutions for desktop computers.
· Solutions foe wireless devices.
· Solutions for wireless gateways(e.g.,wireless server and email servers.)
DESKTOP COMPUTER SOLUTIONS: OFFICESCAN AND PC-CILLIN
Since the PC synchronization function is a key transmission path for the spread of many wireless viruses and malicious code, protection at the PC is a must. Trend Micro offers two complementary products that provide such protection at the desktop-OfficeScan™ and PC-cillin®. In 1999, Trend Micro upgraded these desktop solutions to intercept wireless viruses and malicious code before they can infect the wireless device. PC-cillin is Trend’s award-winning consumer desktop virus protection product. PC-cillin offers an attractive package of virus scanning capability, an easy-to-use interface, and minimum system overhead. Long hailed by analysts and users, PC-cillin is certified for Windows 2000 as well, and its features enable fast updating and email virus scanning. To help administrators control desktop scanning, cleaning, and reporting options centrally, Trend Micro OfficeScan Corporate Edition provides a complete solution for networks of any size. Most administrators face the challenge of maintaining adequate, up-to-date virus protection at the desktops of employees. Studies have shown that many desktop users do not regularly update, and even disable, virus protection. OfficeScan Corporate Edition essentially shifts the control and responsibility of maintaining desktop antivirus protection from end users to administrators. The product includes automated deployment options, unattended automatic software updates, scalability, and centralized real-time reporting.
WIRELESS DEVICE SOLUTIONS FOR DEVICE TO DEVICE THREATS
TO PROTECT DEVICES FROM WIRELESS VIRUSES AND MALICIOUS CODE, A SEPARATE PRODUCT IS NEEDED FOR EACH PLATFORM.THE INITIAL RELEASE OF THE VIRUS SOFTWARE INCLUDES THE FOLLOWING FEATURES:
§ Familiar User Interface - Device-specific design provides the look and feel of
applications already in use offering comprehensive control with a minimal learning
curve.
§ On-Demand Scanning - Each supported wireless device has its own antivirus scanner
than can be called upon at anytime, anywhere to check for potential threats when
they are first received.
§ Easy Maintenance - Product and Virus Pattern file updates are easily accomplished
using device standard procedures, making it easy for users to keep protection
current.
§ Minimal Footprint - PC-cillin for Wireless strikes a perfect balance between
providing effective security and efficiently using limited memory resources.
•
WIRELESS GATEWAY SOLUTIONS
Since all email sent to wireless devices and all applications wireless devices download must ultimately originate on some type of server, virus and malicious code protection for the wireless infrastructure must begin at these servers. To meet this need, Trend Micro will soon introduce
InterScan® VirusWall® for Wireless Gateways-a product specifically tailored to protect a range of wireless gateway servers from the specific threats posed in the wireless arena. Corporate administrators will install this product on their wireless gateways to protect corporate users, while service providers can install it to protect their subscribers.InterScan VirusWall for Wireless Gateways is a server-based product that integrates information flow management with virus protection at the wireless gateway. Applicable to WAP gateways, NTT DoCoMo gateways, email servers, and others, it is composed of two parts:
• VirusWall, to secure SMTP and HTTP traffic from viruses and malicious code
• eManager™, to block wireless threats by filtering content based on keywords/phrases
InterScan VirusWall for Wireless Gateways incorporates intelligence for Compact HTML (CHTML) and the Wireless Markup Language (WML), enabling detection of viruses and malicious code in these wireless Internet protocols. Trend Micro updates itsvirus pattern files at least once each week.more often as emergencies dictate or as needed. Updates can be retrieved automatically or manually.
Simply scanning for known viruses and malicious code is insufficient. As in the wired world, viruses and malicious code in the wireless infrastructure are likely to appear in many variants over short periods of time. To address this threat, InterScan VirusWall for Wireless Gateways employs rule-based technology, Trend Micro’s ScriptTrap™, which enables the analysis of virus or malicious code activity via behavioral monitoring. Using the same approach as Trend Micro’s patented MacroTrap® technology for Macro viruses, ScriptTrap scans for potentially malicious scripts in specialized protocols such as CHTML and WML. For example, if the malicious code intends to dial 911 without keys on the keypad being depressed, this code is blocked, regardless of its exact form, since the user has decided that this is never a desirable action.
eManager has been redesigned to include new rule sets that specifically address wireless content threats such as spamming (used by the recent Timofonica Trojan) and the exploitation of security holes such as buffer overflow type vulnerabilities.
CONCLUSION
The threat from malicious code in the wireless world is in its infancy. In fact, malicious
code has yet to negatively impact wireless device users. But this will soon change.
In much the same way that the Internet changed the way that viruses, Trojans, and worms
were created and distributed, the wireless world represents a fertile breeding ground for
hackers and e-vandals who are willing to exploit this expanding medium. And traditional
approaches to antivirus security will not provide the necessary security.
Implementing proactive steps now against this inevitable threat is highly recommended.
And as wireless technologies and applications expand and evolve, careful attention must
be made to update and maintain these security measures. The alternative to waiting until
the threat materializes in the wild ensures that substantial costs will be incurred in the
form of reduced productivity, loss of confidential information, and impaired consumer
confidence.
Securing the wireless world from viruses is a multi-layered effort. Wireless device users
should download and install device-based security like Trend Micro’s PC-cillin for
Wireless and use it to scan any application as soon as they receive it from any source.
Corporations must secure their networks with solutions that include provisions for
catching wireless threats as they pass through the Internet gateway, email servers, and
desktops. And Service Providers and others should plan now to implement antivirus
solutions to secure the traffic they manage for their customers.
REFERENCES
· www.google.com
· www.howstuffswork.com
· WEBSTERS POCKET REFERENCE BOOKS.
No comments:
Post a Comment