Page 1 of 3 123 LastLast
Results 1 to 20 of 41
  1.    #1  
    Like, for instance, an app from AppScoop?
    Last edited by dbdoinit; 01/13/2010 at 02:35 PM.
  2. #2  
    not that im aware of
  3. #3  
    Pretty sure general WebOS apps are "sandboxed" from the rest of the OS. However, native apps might be a bit of a different story. But only a few native apps exist at the moment from reliable sources.
  4. #4  
    Are you asking this because the apps are being distributed outside of a centralized, controlled environment like the App Catalog? Or are you asking about WebOS in general, i.e., about its security relative to malware? Because if it's the former, then I'd say things are no different than for any platform other than Apple's (and Android's?) where the only place to get an app is from a trusted site.
    Treo 600 > Treo 650 > HTC Mogul (*****!) > HTC Touch Pro (***** squared!) > PRE! > Epic
  5. #5  
    Quote Originally Posted by Kyusaku View Post
    Pretty sure general WebOS apps are "sandboxed" from the rest of the OS. However, native apps might be a bit of a different story. But only a few native apps exist at the moment from reliable sources.
    Even then they aren't really "native" but instead plug ins to native code but still run in a javascript/html card.

    At least thats how they made it sound. Sounded complicated but hey....as long as my multitasking abilities remain.
  6. #6  
    The web distribution apps do go through an automated security check, from my understanding of things.

    I'm sure detection is not perfect, but if you're concerned about that, stick to App Catalog stuff.
  7. ads
    ads is offline
    ads's Avatar
    Posts
    71 Posts
    Global Posts
    172 Global Posts
    #7  
    Hate to dissapoint, but even web sites can hose ANY platform; a matter of ingenuity for the hacker. There's amazing misunderstanding of a lot of this. For example, folks think unix/linux is safer than windows, and it IS. But the reason is the hackers go after desktops which are largely windows, and way more likely to not be up to snuff on security patches. EG, it's a matter of 1. largest opportunity and closely related 2. how they can get them to spread the fastest. The first viruses were, and many still try this with new releases of web browsers and apps, buffer overflows from hitting a network port, and this was on unix. There are bluetooth viruses, PalmOS I think had a couple, on and on. Back up what's important, and place your bets folks. Those that really knwo this stuff will tell you, if some other OS passes windows in total use/popularity, it WILL become the most vulnerable OS, and Internet explorer, likewise, as it passed Netscape, is the browser most often hacked, not that MS did much to stop anybody in the early days...
    ADS
  8.    #8  
    Yeah, I know that nothing is ever really completely safe. I was just wondering if DL'ing one of those apps was almost like opening up a spam e-mail or clicking on a link that executes some kinda havoc.
    Yes, wynand32, i'm a little concerned about the lack of the controlled app catalog environment. I know that it'll be great for us in regards to selection, but at what risk?
    And jhoff80, how can we know how good that security check is until something goes wrong?
    I know Palm is just trying to please us with this additional app system, i'm just wondering if i have to worry about using it. But like you guys said, if i feel leery about it, just stay w/the official catalog huh?
  9. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #9  
    there's no isolation between any app on this platform, every "regular" app is a webpage running in the context of a single process. So if any of them can figure out how to exploit the "browser", they can gain access to the data of every other app.

    Similarly, it seems every native app runs as root, giving it full privileges to anything on the device.
  10. #10  
    Treat your pre like you would a computer. The chances of malicious software getting on it are probably lower than on a desktop PC, but every single OS on every platform has vulnerabilities, it's just a question of whether they are exploited or not.
  11.    #11  
    Quote Originally Posted by spotter View Post
    there's no isolation between any app on this platform, every "regular" app is a webpage running in the context of a single process. So if any of them can figure out how to exploit the "browser", they can gain access to the data of every other app.

    Similarly, it seems every native app runs as root, giving it full privileges to anything on the device.
    So we don't have any kind of protection from anything out there?
  12. doc31's Avatar
    Posts
    707 Posts
    Global Posts
    919 Global Posts
    #12  
    Quote Originally Posted by dbd View Post
    So we don't have any kind of protection from anything out there?
    Theses apps like the apps in the app store are still hosted by palm. They just aren't reviewed and "approval" if anyone reports something like a worm Palm will remove the link.
    I don't care what you say SPRINT kicks
    Treo650/Treo700p/Treo700wx/Treo755/HTC Touch/ Treo Pro/ Touch Pro/ Touch Diamond / Palm Pre / HTC EVO Shift / Nexus S 4G
    My Themes - Prethemer
  13.    #13  
    Quote Originally Posted by wunderbar View Post
    Treat your pre like you would a computer. The chances of malicious software getting on it are probably lower than on a desktop PC, but every single OS on every platform has vulnerabilities, it's just a question of whether they are exploited or not.
    Good advice... I do.
    That's why i wanted to ask you guys about this.
  14.    #14  
    Quote Originally Posted by Doc31 View Post
    Theses apps like the apps in the app store are still hosted by palm. They just aren't reviewed and "approval" if anyone reports something like a worm Palm will remove the link.
    So maybe we should wait a couple of weeks after an app is posted to AppScoop to see if it gets kicked out due to somebody reporting it.
  15. ads
    ads is offline
    ads's Avatar
    Posts
    71 Posts
    Global Posts
    172 Global Posts
    #15  
    Just like on PCs, I think the largest exposures will be email attachments (by far) and web pages. In the open development community, you don't see/hear much of ANY developer putting exploits out as apps; it could easily be done, but for the most part, just isn't, so I think almost any store environment, preware, etc, are fairly safe. Haven't heard of this much either, but the old habit of using IR to share apps, if the platforms would have had many exploits(they didn't), could well have been really bad, and I'd stay away from that today. Its like infected diskettes being shared in the old day, unit to unit; almost like unprotected sex. You're not just sharing that app with the person you dl if from!
    As I think about this though, the scary part if an exploit on address books - probably should say when - comes along, synergy may mean they hose up every sandbox you play in, gmail addy's , facebook, im lists, all of it. hmmm... I don't yet own a pre, am not a coder/expert, just thinking out loud.
    But back to your question, I believe apps from real store is of little concern.
    ADS
  16. #16  
    I'm not as worried about losing non-backed up data on my Pre as I am about an app that could possibly be running in the background and stealing banking info. I'm guessing that's possible?
  17.    #17  
    Quote Originally Posted by ads View Post
    Just like on PCs, I think the largest exposures will be email attachments (by far) and web pages. In the open development community, you don't see/hear much of ANY developer putting exploits out as apps; it could easily be done, but for the most part, just isn't, so I think almost any store environment, preware, etc, are fairly safe. Haven't heard of this much either, but the old habit of using IR to share apps, if the platforms would have had many exploits(they didn't), could well have been really bad, and I'd stay away from that today. Its like infected diskettes being shared in the old day, unit to unit; almost like unprotected sex. You're not just sharing that app with the person you dl if from!
    As I think about this though, the scary part if an exploit on address books - probably should say when - comes along, synergy may mean they hose up every sandbox you play in, gmail addy's , facebook, im lists, all of it. hmmm... I don't yet own a pre, am not a coder/expert, just thinking out loud.
    But back to your question, I believe apps from real store is of little concern.
    ADS
    Heh heh, thanks.
  18. #18  
    since we are talking about security, I have seen a huge increase of personal security rogue antivirus infections coming from yahoo email. Seriously like 3 a day now. I remoted in and saw a customer delete without opening an email in her spam folder. Presto it activated an html attempt to infect. Closing with alt F4 caused yahoo email to refresh to a full page my computer spoof. Another alt f4 to close ended the attempt. Removing the email from the trashbin with empty caused another round of spoofs and fake alerts. Nasty little bugger.

    the trick that's working if someone does get it locally is to get taskmgr open within 15 secs of the pc booting and kill the psec.exe process. Then use your fav and updated antimalware remover to get it out. I like malwarebytes.
  19.    #19  
    Quote Originally Posted by speak easy View Post
    I'm not as worried about losing non-backed up data on my Pre as I am about an app that could possibly be running in the background and stealing banking info. I'm guessing that's possible?
    Yeah, that's a big concern of mine too.
    Banking, credit, passwords, keystroke recorders etc etc....
    Last edited by dbdoinit; 01/13/2010 at 03:07 PM.
  20.    #20  
    Quote Originally Posted by mrloserpunk View Post
    since we are talking about security, I have seen a huge increase of personal security rogue antivirus infections coming from yahoo email. Seriously like 3 a day now. I remoted in and saw a customer delete without opening an email in her spam folder. Presto it activated an html attempt to infect. Closing with alt F4 caused yahoo email to refresh to a full page my computer spoof. Another alt f4 to close ended the attempt. Removing the email from the trashbin with empty caused another round of spoofs and fake alerts. Nasty little bugger.
    I agree. I spend more time getting viruses off my kids' computers than I spend sleeping, lol.
Page 1 of 3 123 LastLast

Posting Permissions