<?xml version="1.0" encoding="utf-8"?>

<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->

<!-- This component and the accompanying materials are made available under the terms of the License 

"Eclipse Public License v1.0" which accompanies this distribution, 

and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->

<!-- Initial Contributors:

    Nokia Corporation - initial contribution.

Contributors: 

-->

<!DOCTYPE concept

  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">

<concept id="GUID-98F104F6-8850-4417-907E-113F2166EBD9" xml:lang="en"><title>Threats</title><prolog><metadata><keywords/></metadata></prolog><conbody>

<p>Increasingly sophisticated mobile software has improved features and

intelligence in mobile devices. At the same time, the increasing volume of

high-end mobile devices has shaped the profile of an average user from an

IT professional to an average-skilled end user.</p>

<p>This shift has created new opportunities for malicious parties who usually

want to gain access to the valuable information stored in mobile devices.</p>

<section id="GUID-1F289359-8538-4352-AD30-DB83C0779E9C"><title>Types of threats</title>

<p>The following list classifies threats according to the most common reasons

for security breaches, in descending order of frequency:</p>

<ul>

<li><p>Intentional hostile action, where an attacker is deliberately

trying to harm the system</p></li>

<li><p>Administrative flaws in the management of a device (for example,

in a security area)</p></li>

<li><p>User mistakes, such as deletion of critical information or

typing errors</p></li>

<li><p>Technical failures that cause data corruption, deletion,

or inaccessibility</p></li>

<li><p>Other unpredictable or unavoidable failures and incidents

that cannot be prevented (usually system wide)</p></li>

</ul>

</section>

<section id="GUID-2FE0C29F-FC65-49A7-9F51-79847232C991"><title>Types of malicious

software </title>

<p>There are different types of malicious software that you need to be

aware of when designing new applications. The following common classification

is based on the way these programs spread.</p>

<p/>

<p>Software that needs a host to spread:</p>

<ul>

<li><p><i>Backdoors and trapdoors</i> are debug-type entrances to

programs, for example, via hard-coded password access.</p></li>

<li><p><i>Logical bomb</i> "explodes" under certain conditions,

that is, it stops working or corrupts data. Like backdoors, the logical bombs

can be unintentional, there may be a bug in the application that the developer

did not discover in the testing phase.</p></li>

<li><p><i>Trojan horse</i> is a useful-looking software that acts

maliciously without notifying the user.</p></li>

<li><p><i>Virus</i> modifies other software to reproduce new viruses.</p>

</li>

</ul>

<p/>

<p>Software that spreads independently:</p>

<ul>

<li><p><i>Bacteria</i> (also known as <i> rabbits</i>) reproduce

themselves as quickly as possible to jam the system and its services. A single

unit of bacteria is not usually dangerous, the strength comes from a large

quantity.</p></li>

<li><p><i>Worm</i> spreads through networks and can act in a system

like bacteria or a virus.</p></li>

</ul>

<p>These classifications are not strict or self-contained. For example,

a worm can be used to install a Trojan horse into a system. The Trojan horse

can then be used to activate a backdoor or logical bomb.</p>

<p>Controlling and restricting the access rights to your soft ware is an

effective precaution to protect the system against these malicious programs.

From Symbian OS v9.1, onwards, control and authentication of access rights

is performed by the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/guide/platsecsdk/index.html" format="application/java-archive">platform security</xref> mechanisms.</p>

</section>

</conbody></concept>