http://www.bbc.co.uk/news/technology-12249624

A couple of interesting articles on the bbc technology website this morning. The link above looks at the massive growth in trojans and viruses attacking smartphones.

There's also an article to do with the new windows os, seems like it sends and receives large packages of "phanton data" which quickly uses up your data allowance.

Its being taken down as primarily a third party app issue but microsoft haven't ruled out the possibility that the os itself could be causing the problem.

All of this leads to one question: how secure are we from attack?

with andriod an alike rulin the roost they will be a more popular targets so we can "slip under radar" also the linux kernel its self is a kinda firewall an viruses dont affect linux theres prob bout 10 viruses for linux compared the 100 billion out for windows so unless some black-hat person decides to hate maemo we should be safe from em

The attacks against Android might affect Maemo precisely because they share the same Linux core.
However, the actual difficulty will be with different processors/architectures.
There are different solutions:
1.Python/perl/HTML/Javascript/Java/sh/alike architecture-independent virus/trojan;
2.storing several versions on server and downloading the needed one to phone;
3.fat virus which contains versions for all the architectures.
Of course, it's difficult to build virus which would know vulnerabilities of all phones in the world. So most likely, Maemo will be left out.

What I got from that article was:
"Don't get an Apple product and if you've got an Android device, be careful what you install."

It all boils down to the same sensible precautions you'd take on a Linux system. Don't install anything unless it's from the official or other trusted repositories!

Trojans and viruses are two different monsters altogether. Viruses are designed to do damage to the file system of the host computer. Trojans on the other hand are small packets of data hidden inside legitimate programs and apps and are designed to sniff out things like passwords, credit card numbers, and contacts.
Then send them to a recipient over the web.

Last year security experts (I hate that word) trawled the app stores pulling random apps from the shelves and scrutinizing them. They found literally dozens of Android and iPhone apps that contained data that allowed the apps to report back with user info without the end user knowing or being informed prior to installation. There was maybe a small number of other apps for other O/S'es involved but they were probably less of a significance.

In this day and age it seems the big players are the OS manufacturers, service providers and data mining companies are the main culprits nowadays.

Have a lookee here: http://www.badphorm.co.uk/page.php?2

http://www.guardian.co.uk/business/phorm

How long will it be before the norton, mcafee and avg's of the world start developing and selling anti virus and spyware programs tailored for the smartphone market?

As a small business owner running windows across 15 laptops and a server I can personally testify to the huge business cost of keeping our network safe. It's literally a couple of grand a year minimum.

The issue I see here is that I spend all that money keeping the office network safe but we could see data, confidential leaks and virus threats from our phones. I've issued all of my employees with smartphones (mostly blackberry). These phones are hooked up to our office network through laptops on a daily basis.

Will Norton on a laptop detect a virus or trojan on the smartphone or do I need a whole new security protocol running on our smartphones to have some gaurantee of security across every aspect of our network? And at what cost?

Disclaimer: I use one Maemo 5, one Windows (non-Aero interface), and sometimes have a look at Ubuntu. Not expert in any of these operating systems.

There are rumours that any Linux has firewall built in, and the only thing you need, is to set it up (everything blocked, except the white-listed sites, and you have to trust these sites). And of course, keep Linux and all programs on it up-to-date. Install programs only from official repositories. Read manual thoroughly. The well-known flavours of Linux are: Ubuntu, Debian, Fedora, and maybe, some others.

What kinds of leaks and threats on phones? Is it based on social engineering (don't laugh, that's how Google was attacked less than a year before and had large quantity of source code stolen) or on out-of-date software or on up-to-date-closed-source-software-holes-which-aren't-patched-by-software-creator?

And on Windows, use up-to-date Firefox with NoScript and AdBlockPlus. And keep Adobe Flash turned off most of the time. And run programs as limited user as long as you can.

When saying "rumours", I mean, that I haven't actually tried it myself, and I haven't heard a research which would say that:
Linux with its default firewall set up properly
is more resilient against DOS, DDOS, virus, trojan, drive-by downloads and other threats than:
Windows with its default firewall set up properly;
and
Mac OS (X) with its default programs set up properly.

I know, Windows Firewall is a joke which can be bypassed and turned off by malware. But I yet to hear somebody announcing Linux the most protected OS officially. Though I would be willing to believe that.
http://www.securiteam.com/exploits/6A00J0UBGS.html

White-list point is: you cannot know everybody who attacks you, but you can know all your friends. So, instead of black-list use a white-list. It should be shorter and easier to maintain.

The cost of protecting Linux is learning to use it. And it will be difficult to get "guaranteed" support for money (like Apple Care) while relatively easy to find free no-guarantee support.

Rumours? Nope. That's pretty much how I run my home network. Not sure what you're getting at on the whitelist point though... Total cost of protecting my Linux machines? £0.

I once had a a virus/trojan try to install itself on my Nokia 3650 while i was in a shopping mall. I recognized the suspicious behavior and prevented it from installing, sent a bluejack warning to the sender about the infection and later at home i checked the install file with the antivirus on my desktop machine and indeed it was a Symbian virus.

Virus self-replicates without the user's intervention by exploiting OS/apps vulnerabilities.

Trojan requires the user to trigger execution of its payload, generally disguised as something benign.

All OS (including Linux) are vulnerable to trojans, if the user is duped to run the infected binary.