Ask DACS
January 2012

Moderated and reported by Jim Scheef.

AskDACS is a Question and Answer session before the main presentation at the monthly General Meeting. We solicit questions from the floor and then answers from other audience members. My role as moderator is to try to guide the discussion to a likely solution to the problem.

Q – Is it necessary to use an anti-virus or anti-malware product to protect a smartphone? If so, what products are available and does anyone here have experience with these products?

A - The term "smartphone" has been around for a long time and predates even the first Apple iPhone. I prefer the term "app-phone" meaning a cellular phone device that can also run applications. What we are discussing are app-phones and not merely a cell phone with a nice contact list and primitive web browser. The first comment came from a member explaining the difference between the "protected" environment of the Apple iPhone and the almost totally open Android Market. All apps distributed thru the Apple App Store have been tested and reviewed by Apple. With only rare exceptions, this has kept rogue applications away from iPhone users.  Next, it is extremely difficult to directly install apps on an iPhone. You must first "jailbreak" your phone which allows the owner to bypass much of the iPhone's security features.

In contrast, applications in the Android Market are not tested at all, by Google or anyone else. The developers submit their programs and that's that. Customer feedback (comments below each app in the Market) is all that's available to prevent you from installing a program that does bad things. From time to time Google will remove apps reported as malicious. Discussion continued about how such programs work.

Both types of app-phones employ many security features to prevent access to key areas of the phone's operating system by either the owner or applications, both normal and rogue. Since the Android operating system is a version of Linux, "root access" is the key to bypass all internal security. The Android equivalent of the jailbreak is "rooting" your phone, giving access to all parts of the operating system. Normally only programs with special permissions have such access, and presumably a rogue program would also be limited, just as in the iPhone, provided you have not already opened the door.

We did not discuss how rogue software or malware could spread from phone to phone over the Internet. This is the theoretical danger against which the anti-virus manufacturers hope to protect your phone. While all app-phones are theoretically vulnerable to some degree, such exploits have seen no press coverage and little in the trade press. I believe that should such a worm be found to replicate in the wild, the press coverage will be quite loud. After all, everyone has one of these phones so there is ample reason for reporters to exaggerate and twist the facts out of all proportion.

With all this as background, there are a surprising number of companies offering mobile security products. In my post-meeting research, I was surprised to see the range of features these apps offer. For example, here are the key features of F-Secure Mobile Security - $40:

• Protects your personal and confidential content from viruses and malware
• Enables safe browsing and safeguards your identity online
• Locates your lost or stolen device, or the person holding it
• Protect your children from unsuitable web content
• Locate your children anywhere using their mobile device  (source: f-secure.com)

Kaspersky Mobile Security 9 costs $10 "on sale" and offers these Key Features:

• Disables or cleans stolen phone even if the SIM card has been replaced
• Advanced phone-finder technology provides Google Maps coordinates
• Blocks unwanted calls and texts from specified or unknown numbers
• Real-time virus scanning and advanced firewall for 24/7 protection
• Privacy mode hides designated contacts, calls, and SMS texts
• Supported Platforms: Windows Mobile, Symbian, Blackberry, and Android (limited features on some platforms)   (source: kaspersky.com)

Note that Kaspersky lists virus scanning fourth, indicating its importance relative to the other features.

AVG Mobilation offers both free and pro ($1, Android only) versions

Others include Norton Mobile Security ($30, Android only) and Trend Micro Mobile Security ($30, Android only).

Some observations:

• Obviously no one trademarked the name "Mobile Security".
• Theft or loss of the device is probably the biggest danger, followed by identity theft. With physical access to the device, a thief can get at your personal data via a USB cable - unless it is encrypted, of course.
• I particularly like the Kaspersky feature that can remotely wipe or disable a phone even if the SIM card has been replaced. Norton locks the phone if the SIM card is removed.
• Given the replacement cost of a lost or stolen phone, a program to help find it could be cheap insurance.
• The anti-virus industry predicts that Android phones will be targeted by malware. Of course, they do - they pray every day for this to happen! They need a new market.
• Scareware - just like the fake anti-virus programs on PCs - is likely to become a problem on all types of app-phones as soon as browser vulnerabilities are be found.

An aside to this discussion is the process by which Android OS updates get from Google to your phone. Unfortunately the phone manufacturers must massage each new version of Android before the carrier can send it out to the phones. Some manufacturers and carriers are better - as in more prompt - than others at this process. The sad fact is that any phone more than a year old is unlikely to get any updates and these updates are the only way vulnerabilities will ever be patched. So, as your phone ages it becomes more vulnerable to malicious exploits. Someday "new every two" may not be new enough. Given this scenario, a security program may provide some benefit.

One last point: the fact that most of the programs are available only on Android does not mean that the Android platform is inherently more vulnerable. Android is now the most popular cell phone operating system - it is the Windows of cell phones - so this is where application developers, and malware authors, now see the largest market.

Q - I just bought a Barnes and Noble Nook Tablet e-book reader which uses a version of Android. Using the developer settings to load an app directly (rather than from the App Market), I installed a file browser program. Now I'm trying to find the directory where third-party apps are installed. Does anyone have any helpful experience?

A - In "regular" Linux, user application binaries (programs) are installed in /usr/bin or /usr/sbin. Often there is no special subdirectory but the binaries are simply dumped in with all the other programs. Configuration files go in /etc. Here a special subdirectory is often created for the application. Configuration files and directories are often hidden by placing a period in front of the filename. Program data is generally stored somewhere in the /var directory tree. Remember that Android apps are written in Java and will not have a ".exe" file extension.
Discussion continued with much speculation about where the apps might be found but no one really touched on the permissions issue of normal "user" privilege versus the total access allowed under root privileges. When you install an app from the Android Market, a page is displayed showing the permissions required by the app. You than approve these permissions before the Market downloads and installs the program. When the app runs, it gets those permissions and no more. This includes the file manager so it cannot bypass any file permissions.

In my post-meeting research, I found that it is likely the device owner cannot access many areas of the file system due to permissions set by Google or Barnes and Noble (who acts as the "carrier" for a device like this). Why the owner can find and read the folder where the system apps are installed but not the folder where user-installed apps are installed is a mystery, but this situation seems to also exist on my Droid 3 phone. So, the most likely answer to this question is that the file explorer program cannot access some areas of the file system without first rooting the device. To sample available file manager apps, I installed two such apps from the Android Market: "Explorer" by Speed Software and "Linda File Manager" by nylinda.com. Of these two, Explorer offers the most information while Linda File Manager offers ease of use in exchange for detailed info. Both let me explore the files on both the SD card and the phone's internal storage. Both also blocked access where permissions would not allow access when running under normal "user" privileges. Some file manager apps offer two versions: one for user-mode access and one for devices that have been rooted.

Is anyone interested in starting an Android SIG?

D - The discussion then digressed into philosophies about information on the Internet. That discussion is outside our scope and is not covered here.

Q - On the Windows 7 task bar, when I hover the mouse over the icon for Firefox, sometimes I get thumbnails of the active windows and sometimes I just get a list of the window titles. What causes this and how can I get the thumbnails back?

A - The thumbnail display is called "Aero Peek". The first approach was to look at a setting in Firefox 9 that enables showing multiple thumbnails. This is on the Tabs tab on the Firefox Options dialog. Unfortunately this was not the issue. Some quick typing into a search engine led us to a Windows 7 function that controls the thumbnail feature. This showed us that the thumbnails are a feature of the Aero Windows interface. This explains why the virtual machine I use for demonstrations displayed the list rather than the thumbnails - none of the Virtual PC environments support the Aero interface in a guest machine. I will distill al of the discussion and my post-meeting research as follows:

• The thumbnail view is only available when an Aero theme is active. Keep in mind that most of the Aero themes included with Windows have an identical non-Aero theme. If your window title bars are transparent, then you are in Aero mode, the reverse is not necessarily true.
• Anything that disables Aero mode disables the thumbnail display. Anything that "pushes" Windows out of Aero mode disables the thumbnail display. What things can cause this is not known (by me).
• Win7 switches from thumbnails to title list whenever there is insufficient room to display the thumbnails. Thus with Firefox set to display thumbnails, the display will change to a list of titles when there are more tabs open than can fit across the bottom of the screen. Of course, "more tabs than can fit" is a fluid number. I had to open sixteen tabs before the list replaced the thumbnails. It took nine tabs to fill the bottom of the screen. As I opened more tabs,. Win7 gradually reduced the size of the thumbnails up to a maximum of fifteen. The sixteenth tab caused the switch to a list. Your mileage will undoubtedly vary.
• As I experimented with all this, Firefox became unstable and crashed repeatedly with 15 or 16 tabs open. The crash may not be a Firefox problem as I also had eleven other windows open in nine applications including two virtual machines, Outlook email and Ms Word with this document.
• The thumbnail behavior is not limited to Firefox. All other applications including IE that open multiple windows or tabs behave exactly the same between thumbnails and the title list.

Since the meeting I received several emails from the member who asked this "quick question" and, in his case, the open source media player VLC (videolan.org) seems to cause Windows on his machine to switch out of Aero mode - sometimes. Looking at the skins available for VLC, perhaps some are incompatible with Aero and force Windows to drop out of Aero mode. The Wikipedia article on Windows Aero is a good place to start as it gives the hardware requirements for Aero and details several features (besides transparency) you can use to confirm your machine is in Aero mode - such as Aero Shake.

During the discussion someone found this posting on Windows 7 Forums: " Windows 7 - Taskbar List or Thumbnail Previews Mode - Change". This is the site I said I would include in the write-up, so here it is. There are links to many tutorials on how to use advanced features in Win7.

Questions for the upcoming meeting can be emailed to askdacs@dacs.org.

Disclaimer: Ask DACS questions come from members by email or from the audience attending the general meeting. Answers are suggestions offered by meeting attendees and represent a consensus of those responding. DACS offers no warranty as to the correctness of the answers and anyone following these suggestions or answers does so at their own risk. In other words, we could be totally wrong!