Week 32 contribution of PDK documentation content. See release notes for details. Fixes bug Bug 3582
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-98F104F6-8850-4417-907E-113F2166EBD9" xml:lang="en"><title>Threats</title><prolog><metadata><keywords/></metadata></prolog><conbody>
<p>Increasingly sophisticated mobile software has improved features and
intelligence in mobile devices. At the same time, the increasing volume of
high-end mobile devices has shaped the profile of an average user from an
IT professional to an average-skilled end user.</p>
<p>This shift has created new opportunities for malicious parties who usually
want to gain access to the valuable information stored in mobile devices.</p>
<section id="GUID-1F289359-8538-4352-AD30-DB83C0779E9C"><title>Types of threats</title>
<p>The following list classifies threats according to the most common reasons
for security breaches, in descending order of frequency:</p>
<ul>
<li><p>Intentional hostile action, where an attacker is deliberately
trying to harm the system</p></li>
<li><p>Administrative flaws in the management of a device (for example,
in a security area)</p></li>
<li><p>User mistakes, such as deletion of critical information or
typing errors</p></li>
<li><p>Technical failures that cause data corruption, deletion,
or inaccessibility</p></li>
<li><p>Other unpredictable or unavoidable failures and incidents
that cannot be prevented (usually system wide)</p></li>
</ul>
</section>
<section id="GUID-2FE0C29F-FC65-49A7-9F51-79847232C991"><title>Types of malicious
software </title>
<p>There are different types of malicious software that you need to be
aware of when designing new applications. The following common classification
is based on the way these programs spread.</p>
<p/>
<p>Software that needs a host to spread:</p>
<ul>
<li><p><i>Backdoors and trapdoors</i> are debug-type entrances to
programs, for example, via hard-coded password access.</p></li>
<li><p><i>Logical bomb</i> "explodes" under certain conditions,
that is, it stops working or corrupts data. Like backdoors, the logical bombs
can be unintentional, there may be a bug in the application that the developer
did not discover in the testing phase.</p></li>
<li><p><i>Trojan horse</i> is a useful-looking software that acts
maliciously without notifying the user.</p></li>
<li><p><i>Virus</i> modifies other software to reproduce new viruses.</p>
</li>
</ul>
<p/>
<p>Software that spreads independently:</p>
<ul>
<li><p><i>Bacteria</i> (also known as <i> rabbits</i>) reproduce
themselves as quickly as possible to jam the system and its services. A single
unit of bacteria is not usually dangerous, the strength comes from a large
quantity.</p></li>
<li><p><i>Worm</i> spreads through networks and can act in a system
like bacteria or a virus.</p></li>
</ul>
<p>These classifications are not strict or self-contained. For example,
a worm can be used to install a Trojan horse into a system. The Trojan horse
can then be used to activate a backdoor or logical bomb.</p>
<p>Controlling and restricting the access rights to your soft ware is an
effective precaution to protect the system against these malicious programs.
From Symbian OS v9.1, onwards, control and authentication of access rights
is performed by the <xref href="GUID-4BFEDD79-9502-526A-BA7B-97550A6F0601.dita">platform
security</xref> mechanisms.</p>
</section>
</conbody></concept>