Can SPV download a virus.

[Guest theplayer]

Hello all

Can the SPV download a virus that has attached itself to an email?

Cheers

[Guest Bazz]

This is a complicated one.

In theory yes. However, in actual fact most viruses are platform specific so PC viruses won't work on Apples, Windows desktop viruses probably won't work on Windows Smartphone.

Also I'm not sure e-mail attachments are read. Or HTML (the way most e-mail viruses are spread) is read in e-mails.

Next, most viruses require an application or script to be run. If it ain't signed by Orange - it won't run on your phone (unless you've unlocked your phone). That's one reason why Orange is locking the phones.

Even if you've unlocked your phone applications still can't get access to the phone side of things so it shouldn't be able to make calls, send SMSes or cost you money.

It's also a lot easier to recover from a virus on a phone. Just Hard Reset and you're back to were you were. I wouldn't worry too much about it now, but yes - your phone is now closer to a computer so computer viruses could be a threat in the future...

Barry

[Guest Monolithix [MVP]]

Pocket Outlook cant handle html e-mail.

You would not be able to run any (for now) virus on your SPV, as all Windows ones are compiled for x86 processors, the SPV uses an ARM CPU, with a completely different archetecture.

You'd have to be stupid or insane to run a .scr, and you should check with the sender before running any .exe's you recieved from them.

All in all it's pretty hard, if not impossible, to get a virus on the SPV.

Until some sick sod decides to make an app that is compiled for ARM CPUs, and then it would be confined to PPC/SP/WinCE. there anre't any reports of any yet.

[Guest MECX]

would your virus checker on your main computer pick up virus made for an arm processor??

[Guest Monolithix [MVP]]

Probably not, but then an ARM virus would not run on your PC, the virus would have to hijack activesync and copy itself across to your phone, and then you'd still probably need to execute it before it became a problem.

[Guest Steve_Medin]

Granted, as a member of a business that derives hard coin from signing software, you have to expect I would offer reasons to keep the phone locked. I won't be sly or underhanded about my comments.

In the afternoon I've spent here reading posts, I see that many people have released unsigned software, and it is being warmly welcomed by friends and acquaintances of the developers. It's great to see that a common trust has been built. People know that to some extent, if there was a nasty bug in something they downloaded here, they could come back and tear down the reputation of the developer.

Be careful with your unlocked phones, though. Software runs on a locked phone in two levels, and one of those levels even Baltimore cannot grant to software, only Orange can. At that level, the phone is basically wide open. Every API call in the Smartphone SDK is enabled. Calls that can access all your data regardless of what app saved them, calls that can open GPRS connections, calls that can reach across separate running programs... Take Orange Backup for example. It is signed in a way that it has the full range of APIs. It's accessing all your phone's data and transmitting it over a live connection. Now, you trust Orange won't poke around in your data, and you like the idea that Orange can restore all your data. The whole process is monitored by you and done at your request.

Fortunately, today, relatively trustworthy people are offering free software to their friends through this and other forums. Once unlocking becomes commonplace, the level of penetration and fame gained by a really bad app increases, and hackers will be tempted by that market.

So someone writes a bad app and now your phone book is published on a web site somewhere. Since your phone is unlocked and ignoring security policy, when Orange broadcasts a revocation of that app, your phone ignores it and continues to do bad things. Those bad things could harm your privacy, harm Orange's network, and in the case of a worm-like outbreak, could leave Orange no choice but to interrupt your service.

Damn shame if that happens right when you get hit by a bus.

Now that's a load of sensational rubbish, but I hope it makes a valid point. We know that SPV users are looking around for software, and developers are questioning the costs to go through signing. Given an easy way for developers to distribute free software, no SPV user will need to be exposed to the risks of an unlocked device. Baltimore, Geotrust, Orange, and Microsoft are all actively discussing this issue. It's not my place to make any statements about the outcome of those discussions, I'm just one engineer. On that note, it should be clear my comments are my own and I'm just here to help.

[Guest awarner [MVP]]

Cheers for that, It's good to read views from the "other side of the fence" so to say

excellent post and it does make you think.

Our biggest problem from our side ;) is that we feel Orange is dragging their heels in getting software signed

making it very frustraiting for SPV owners to obtain software.

Even more so when they should have included some of the more vital applications

with the phone ie all-explorer and the GPRS counter.

That's when we need unsigned apps like Notbad and Task manager, just to make the phone more usable.

This is software that should have been included in a phone sold as a

replacement for your PDA.

Have fun

Ashley

[Guest Steve_Medin]

I hear you.

Orange deserves no blame here. They are not involved in the signing process except for privileged software.

The Baltimore/Geotrust service is up and operational, and we're doing everthing in our power to get that point to the developers. I have to admit when I say that that I feel like Mr. Prosser from the Planning Office explaining to Arthur Dent that the plans to knock down his house had been on file for months.

Baltimore and Geotrust will be attending the 3GSM World Congress this month, where we hope to ensure that software developers know that the process is in place to get signed code onto the SPV.

[Guest awarner [MVP]]

Cheers Steve now we know.

Why did'nt Orange just tell us that :roll:

[Guest Monolithix [MVP]]

Exactly, most developers seems to be trying to get their software signed through Orange, which has a huge backlist. Hopefully once developers become more aware of the Baltimore/GeoTrust system we should be able to expect more software.

It still doesn't cover the Freeware problem though (although i appreciate this is being worked on).

[Guest Stellar Patrol Vehicle]

the spv is a virus

[Guest yatpeak]

If you don't like the phone, why are you on the site?

Wyatt