Re: Cell Phones: Viruses are Catching

This story raises a fundamental question for me, akin to the question

> I asked when the Microsoft Office macro viruses first emerged about 11 > or 12 years ago.

It now asks about macros every time I open something, and I always disable them. Is there any way now to globally disable macros: don't ask, don't enable, not even on internal parts of Office, or stuff I'm composing, ever again? Or at least not until a full OS reinstall?

Why on EARTH would I ever *WANT* my cellphone to be programmable via a > text message I received? > The cellular company has -- or is culpably > negligent if it doesn't have -- some other means to send programming > updates to my phone.

Nextel seemed to use this as a way of updating an address list from a web interface. The guy at my company responsible for updating the corporate list of company phones would push the list out when important changes happened. At least I *was* asked whether to accept it - but it wasn't very verbose about who it came from before I had to decide, and the guy sending them out didn't announce it ahead of time. I do not know whether it was possible to send such a message from outside Nextel to one of their phones. I suspect it was, if you knew how.

Things like ringtones should be compartmentalized, if not strictly > limited to non-executable data. Games and other programs should also > have some other point of entry to the absolute exclusion of text > messages. No program should ever be able to initiate a message of > any kind without specific and explicit confirmation by the user.

Agreed. I will note, however, that Outlook allows sending email that can put stuff in other people's calendar when it is opened, and there is no warning that it is such an entry before you open it. I expect soon I will have hourly reminders to "order Natural Male Enhancement" ... Security seems to go out the window in favor of user convenience. I'm surprised there aren't complex passwords, and you are given three multiple-choices for the password, and the correct one is always the middle one.

It's not as if the potential for abuse was unforeseeable. No software > is ever perfect, but these products are apparently designed without > the slightest attention to basic security issues. It's like worrying > about the latch on the gate when there's a fifty-foot [15m] hole in > the fence.

One of the 1400-mile holes in the 2100-mile border is the ability to double-click on something from an external source and execute it. I consider that a fundamental mistake for a web browser or email client. Another fundamental mistake is not being able to tell what it is beforehand.

One of the very first questions in designing the software for a device > like this should be, "What programs might the user want to download > and why?" That leads into, "How should programs be allowed access into > the device?" and "How do we make sure that unauthorized programs don't > sneak in?" That's your fence; *then* you can worry about the gate.
Reply to
Gordon Burditt
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.