Vulnerability Development mailing list archives
Re: PocketPC exploitation
From: Ratter <ratter () atlas cz>
Date: Fri, 23 Sep 2005 14:34:31 +0200
JM> I would like to contribute to the list a paper i just had published that JM> discusses the vulnerabilities of current virus detectors for pocket pc's, it JM> is scary to think that such simplistic detectors are the current state of JM> the art for such powerfull devices, it leads one to think that the lessons JM> of the past have not been learned, feedback on the paper is appreciated and JM> welcomed, i hope it helps those interested in this area of research feel JM> free to contact me. OK, here's the feedback. You're creating unnecessary havoc. There are AFAIK two or three pocket PC viruses/trojans. One is done by me, second is probably a modification of mine and third is a trojan done by some russian writer. All are very easy nonencrypted code, so what else than a simplistic detector you would like to have? Yes, there exists polymorfic generator written by Vecna/29A (published in last 29A magazine) and a Dust version that uses it. But this virus is on my disk only, it will probably never be published as I'm retired. So the question stands - for what you want to add detection for encrypted/polymorfic/epo/metamorfic/whatever viruses to PPC detectors, when there is _no_ virus, that uses them? Can you see the overhead it would cause? The antivirus size increase? The time increase spent on detection? This really is ridiculous. When the time comes (and it probably will come), adding advanced detection techniques to given PPC antiviruses is a matter of very little time, because as you say all of these techniques are relatively well elaborated in the PC world. When there will be people out there that will take every ITW virus/worm and modify by few bytes, then the time comes to add more advanced scanning techniques. Now it's simply waste of resources on both sides - antivirus companies and _mainly_ user's devices. You have very nice equations in the paper, very academic approach, but well, the paper lacks one thing. Real life experience. -- Best regards, Ratter
Current thread:
- Re: PocketPC exploitation Nicolas RUFF (Sep 19)
- Re: PocketPC exploitation dennis (Sep 24)
- <Possible follow-ups>
- PocketPC exploitation Jose Morales (Sep 21)
- Re: PocketPC exploitation Ratter (Sep 24)
- Re: PocketPC exploitation Jose Morales (Sep 24)
- Re: PocketPC exploitation Ratter (Sep 24)