Earlier today I published a tweet via LinkedIn alerting my colleagues and followers to a vulnerability detected by Computer Associates in the Android smartphone operating system whereby premium service numbers were dialled randomly. As you can appreciate this could cost thousands of dollars in a single billing period (Trojan targeting the Androids). After reading of this new malware in the wild I thought I would quickly do a Google for Android anti-malware products. At the top of the list is an Android forum and the usual O/S bigotry was seen. This got me to publish this post.
Firstly lets define malware. According to Wikipedia malware is:
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.
Malware is in abundance across the internet and is commonly delivered in spam. As is clear, malware sources are no longer limited to programs.
As many of you would be aware there has long been a belief shown by non-Windows O/S administrators that their platform does not need antimalware protection as it does not suffer from such threats as it can not run Windows executable (.EXE or .COM) files, this argument is most often purported by Mac, Linux and UNIX administrators. In fact it was one of the main selling points for these operating systems. Whilst it is indeed true that these operating systems are less likely to be the victim of a malware attack, that has very little to do with the operating system robustness. Rather the market share of these operating systems.
All of these operating systems are significantly dwarfed by Microsoft Windows within the computing market. As such malware creators see a greater opportunity in that platform. Interstingly, Macintosh has seen significant growth and the previous bigotry towards antimalware products has been reversed as the attractiveness of attacking that platform have steadily increased.
Further, when you consider that malware has moved on from such a limited definition the belief is clearly from a bygone and more innocent era. Any system
administrator that truly believes this now needs their head read.
That said I am now seeing the same arguments being purported in relation to mobile computing devices, primarily smartphones however iPad’s and iPod’s also fit this profile. Common features of all smartphones are the ability to receive and send e-mail, browse the internet, and run applications. Further, increasingly these smartphones are based on an operating system based upon those of traditional computing devices. Android for example is a derivative of Linux. As mobile devices continue to add functionality their attack footprint grows, as does the attractiveness for the malware proponents to exploit the flaws in the devices underlying operating system. The logical conclusion therefore is that these devices will steadily increase as entry points for malware infections within the home and commercial environment.
It is thus my belief that all computing devices that access a public internet, or a private intranet, require some form of antimalware defence in the near future. Without a base level defence any network activity must be seen as a potential security issue.
Currently not all mobile computing device operating systems have a solution accessible, however many vendors of antimalware products do have some part solutions. Further development and collaboration with the mobile computing device vendors is still required so that corporations can invest in a centrally managed, device independent antimalware platform for mobile devices including RIM BlackBerry, Nokia Symbian, Nokia Maemo, Google Android, Apple iOS and Windows Mobile.
These mobile solutions should also be integrated with existing protection consoles so that Security administrators can get a true picture of all endpoint devices within their organisation and their current protection levels. That holistic approach must be a design requirement for any product for it to be truly effective within enterprise.
Note: Whilst I do not want this post to degenerate into which antimalware is better than the other, I would appreciate suggestions of products that are primarily aimed at mobile devices of all types. Sooner or later I am going to be pressed for a suggestion and would like to be forearmed.
The “U Comment, I Follow” Revolution
Recently I became aware that the default installation of WordPress marks all comment links with the rel=’nofollow’ tag. The effect of this tag is that search engine spiders such as GoogleBot will not follow the link to your site, thus the only effect of the comment is if a human follows the link.
The origins of the nofollow tag are steeped in the early days of blogging where spammers were common place, and spam control mechanisms were not. The nofollow thus presented the nefarious activities of the spammer resulting in a profit from the increased sales of whatever product they were pushing.
In the current day however there are multiple spam control options available to combat this disgraceful activity. In fact one is shipped with WordPress by default in akismet. They are very effective and constantly updated. They are not faultless so the blog administrator should review all comments. However, the amount of illegitimate spam is vastly reduced. As a result the nofollow tag is less a legitimate spam control mechanism.
Given the effects of the spam control mechanisms I believe that commenters should be rewarded for their commentary. So I thought I would check the WordPress Dashboard and look for a simple toggle option for enabling/disabling the tag. Unfortunately, it is not a natively user configurable option. I hope that makes it into WordPress 2.5.
As such I have over the previous few days been investigating ways to remove the nofollow tag from comments. After a brief Google search I found the dofollow plugin by Kimmo Suominen. The plugin is highly configurable, but as mentioned earlier an administrator should still check comments regularly to ensure they are relevant and are not some clever spam.
I also found a complimentary plugin called CommentLuv. This plugin will interrogate the supplied URL and if possible retrieve the commenters last blog and place a direct deep nofollow free backlink to it. In this way other blog commenters will see potentially interesting content and visit. Further, search robots will also follow the link to the post.
With these natural advantages I decided to display that SCHWOIT is a proud believer in the I Follow Movement. Again looking at the fiddyp site I found the fast friends follow fair comments post. I liked the design and so decided to integrate it with my design. It is displayed in the header floating over the Bird Of Paradise leaf.
I am a proud member of this movement and encourage all bloggers to embrace the movement.
Tags: akismet, backlink, blog, bloggers, comment, commentluv, dofollow, google, googlebot, i follow movement, nocomment, nofollow, robot, search engine, search engine robot, seo, serp, spam, spam control, spider, wordpress
201 Comments »