Suggestion for a CCleaner Mobile (ipod, smartphones, etc). I was thinking about this when i was searching for a mobile antivirus for my ipod touch.. I believe it would make a great app to help things running in tip top condition..
Im not sure if this is possible or already been talked about, but just a thought! (links to articles etc appreciated)
Couple things
One there is .000000000000000000000000000000000000000000000001 chance of there EVER being a iOS (ipods, Iphones, IPads) virus. The OS is built so as to never have that (everything in it's own sandbox). This does not take into consideration jailbreaking, but no reputible software vendor is going to build an antivirus for a "broken" device.
As far as ccleaner for a mobile goes. This is unlikly. CCleaner uses a Detect and remove method of cleaning. This is much easier for devices (such as Windows, Mac and Linux) which expose the locations of their temporary files.
Most mobile Operating Systems (save for perhaps(?) symbian) keep files such as Internet history, Cache and Cookies in "un-exposed" locations.
Palm/HP's (whoever buys it next) for instance stores them in database files that are not available to users not using Advanced Homebrew solutions, and even then that's just the files to read them (i.e. view the cookies that the browser holds) require very speciallzed software (on-board) or on a pc with a sqllite DB reader. even then editing those has proven not to be enough.
That's the most open of the non-symbian Operating Systems.
So, sorry to bear bad news, but, it is Highly doubtful that piriform has the time or want to tackle any of these Operating Systems (at least in the next 0-5 years).
One there is .000000000000000000000000000000000000000000000001 chance of there EVER being a iOS (ipods, Iphones, IPads) virus.
[citation needed]
Mobile phones don't need cleaning because there's nothing to really clean apart from maybe your internet files.
Besides built-in browsers are perfectly capable of emptying their own cache/history without using 3rd party tools.
Richard S.
[citation needed]
Source
citation is the sandboxes enviroment of (non-jailbroken) iOS devices
Couple things
One there is .000000000000000000000000000000000000000000000001 chance of there EVER being a iOS (ipods, Iphones, IPads) virus.
Do you mean like this? -> http://www.securitynewsdaily.com/era-mac-malware-immunity-over-0791/
Macs were only mostly never bothered with because of the low market share. Now that they recently reached a tipping point of about 15 or 16% market share, it appears that new malware can & does target Mac machines.
They may not have a lot right now, but u can be sure they are working on it!
not in the least what I meant. MACOS is not the same as iOS. IPhones, iPod touches & iPads run iOS, a mobile (thus the initial question ) operating system. Within ios apps do not interact. They are sandboxed from one another. On top of that the ONLY way to install an application onto a iOS device is either via itunes appstore or the builtin one (unlike android & webOS which allow "side loading")
Secondly the set of tools developers can use (the API) is limited
with these factors it makes it nigh impossible for mobile malware (info stealers, outgoing dialer or SMS programs) to survive in the ecosystem. Most "malware" for these devices must be knowingly installed (such as http://www.malwarecity.com/community/index.php?app=blog&module=display§ion=blog&blogid=23&showentry=6661) by either the owner of the phone or the I.T. Department of the enterprise which controls the device ( http://www.esecurityplanet.com/news/article.php/3938231/Apple-iOS-Gets-Black-Hat-Treatment.htm ).
In the future it may happen but PalmOS (which is very simular to iOS) obtained only ~ 7 viruses total in it's entire 15 year run on both handhelds & smartphones.
now that said, ios is not as safe as this makes it sound. Its browser technology is usually 2-3 versions of WebKit behind. Its PDF reader is exploitable. However these are not malware. a specially crafted website or pdf can get information on you/your browsing habits, but that can't be stopped by a Antivirus which is what I told the OP not to bother with.
with these factors it makes it nigh impossible for mobile malware (info stealers, outgoing dialer or SMS programs) to survive in the ecosystem.
Sounds really secure! But a lot of attacks I heard about, are staged into multi-pronged attacks.
For instance: A crafted malware may repeatedly attack a region of a pc, exploiting some buffer over-run problem, then attack the memory that gets flooded, & insert the code into high mem/sys mem/other mem, then run the attack!
I wonder how secure modern platforms are at resisting these kinds of attacks?
I have not had time to research buffer overflow attacks lately, so it could be that I am wrong on this?
Very interesting, nonetheless!
Thirty years ago I created in Assembler a small real-time multi-tasking multi-threading O.S. for intruder/fire alarms.
They communicated with messages in RAM between tasks in one 8 bit processor,
and messages between computers via 300+ Baud modems.
Never a buffer overflow.
The message always started with how long it was,
and a ACK/NAK protocol would pause the transfer whilst the receiver dealt with what it had already got.
When the first buffer over-run malware made its debut I thought that Micro-soft should have known better.
It is absolutely disgusting that all that was wrong with DOS has continued into Windows whatever.
I am able to believe that a mobile should be free of the constraints of DOS and not have any buffer overflow vulnerability.
There are some cleaners for the Android platform, none is perfect but in my opinion this is pretty good: https://market.android.com/details?id=com.a0soft.gphone.acc.free
Thirty years ago I created in Assembler a small real-time multi-tasking multi-threading O.S. for intruder/fire alarms.
They communicated with messages in RAM between tasks in one 8 bit processor,
and messages between computers via 300+ Baud modems.
Never a buffer overflow.
The message always started with how long it was,
and a ACK/NAK protocol would pause the transfer whilst the receiver dealt with what it had already got.
When the first buffer over-run malware made its debut I thought that Micro-soft should have known better.
It is absolutely disgusting that all that was wrong with DOS has continued into Windows whatever.
I am able to believe that a mobile should be free of the constraints of DOS and not have any buffer overflow vulnerability.
Alan, what is concerning is that you actually believe in your imagined greatness. Forty years ago, I did much the same work. When you work on a small, specific, piece of code, such as you did, it is relatively easy to avoid problem, and perform an extremely detailed code-review. Dare I say that, 30 years ago, you never knew about ?buffer overflow?? I did much the same work on security and fire systems for nuclear plants. Very isolated systems, very well controlled environment, not a lot of bells-and-whistles.
When one begins to consider that the complexity of software has evolved greatly, from back in the early DEC and Data General days, and mainframes, and early PCs, one understands this problem (buffer overflow). Yes, there are ways (and should be more ways) to mitigate the problem. It is not just a Windows/Microsoft problem.
It affects every OS and environment:
Windows
Apache
Linux
Unix
OS X
Novel
OpenBSD
Blackberry
MS-DOS
PC-DOS
DR-DOS
IBM DOS
VMware
Etc., etc., etc.
It affects every browser.
It does not matter which programming language is used. It does not matter which DB product is used.
I ran a quick search on the articles from the SANS NewsBItes, for the last five years, on ?buffer overflow?. You will see that every product is affected. And, these were just the ones that were reported. Now, Alan, these are listed merely to show you how widespread the problem is, and that it is not a Windows-only issue.
SANS NewsBites Vol. 13 Num. 7 (January 19, 2011) RIM Warns of Blackberry PDF Distiller Flaw
SANS NewsBites Vol. 12 Num. 3 (January 8 & 12, 2010) MAC OS X, versions 10.5 and 10.6
SANS NewsBites Vol. 12 Num. 19 (March 5 & 8, 2010) Critical Flaw in Opera
SANS NewsBites Vol. 12 Num. 65 (August 13, 2010) Fixes for Opera and QuickTime
SANS NewsBites Vol. 12 Num. 84 (October 19 & 20, 2010) Mozilla Releases Firefox Update
SANS NewsBites Vol. 11 Num. 9 (January 30 & February 2, 2009) Novell GroupWise Security Updates
SANS NewsBites Vol. 11 Num. 10 (February 5, 2009) Multiple Flaws in Areva's e-terrahabitat SCADA Software
SANS NewsBites Vol. 11 Num. 15 (February 19 & 20, 2009) Targeted Attacks Exploit Unpatched Adobe Flaw
SANS NewsBites Vol. 11 Num. 22 (March 18, 2009) Critical Buffer Overflow Flaw in WordPerfect Library
SANS NewsBites Vol. 11 Num. 24 (March 26, 2009) Overflow Flaws in Sun Java Runtime Environment Unpacking Utility
SANS NewsBites Vol. 11 Num. 38 (May 12 & 13, 2009) Apple Issues Security, OS X Update
SANS NewsBites Vol. 11 Num. 50 (June 25, 2009) Green Dam Exploit Posted to Internet
SANS NewsBites Vol. 11 Num. 57 (July 16 & 17, 2009) Google Chrome 2 Update Addresses Two Flaws
SANS NewsBites Vol. 11 Num. 76 (September 23 & 24, 2009) Apple Releases iTunes Update
SANS NewsBites Vol. 11 Num. 93 (November 23, 2009) New Version of Opera Browser Addresses Serious Security Issue (November 23, 2009)
SANS NewsBites Vol. 10 Num. 3 (January 10, 2008) Proof-of-Concept Code for Zero Day QuickTime Flaw
SANS NewsBites Vol. 10 Num. 6 (January 15 & 18, 2008) Citrix Issues Fixes for Code Execution Flaw in Several Products
SANS NewsBites Vol. 10 Num. 12 (February 11, 2008) Apple Issues Mac OS X Update
SANS NewsBites Vol. 10 Num. 17 (February 27, 2008) Mozilla Releases Thunderbird Update
SANS NewsBites Vol. 10 Num. 21 (March 11 & 12, 2008) US-CERT Warns of Critical Flaws in Adobe Form Designer and Form Client
SANS NewsBites Vol. 10 Num. 59 (July 25, 2008) RealPlayer Update Fixes Four Flaws
SANS NewsBites Vol. 10 Num. 60 (July 29 & 30, 2008) Oracle Issues Out-of-Cycle Alert, Says it Will Issue Patch
SANS NewsBites Vol. 10 Num. 71 (September 8, 2008) Google Releases Chrome Update
SANS NewsBites Vol. 10 Num. 75 (September 19 & 22, 2008) VMware Issues Fixes for Critical Buffer Overflow Flaws
SANS NewsBites Vol. 9 Num. 3 (5 & 4 January 2007) Fix Available for OpenOffice Flaw
SANS NewsBites Vol. 9 Num. 8 (24 January 2007) Apple Fixes QuickTime Flaw
SANS NewsBites Vol. 9 Num. 12 (8 February 2007) Trend Micro Patches Flaw in Anti-Virus Scanning Engine
SANS NewsBites Vol. 9 Num. 15 (16 February 2007) Apple Releases Second Security Update of 2007
SANS NewsBites Vol. 9 Num. 16 (22 & 19 February 2007) Buffer Overflow Flaw in Snort
SANS NewsBites Vol. 9 Num. 22 (March 15, 2007) Patches Available for Critical Flaw in OpenBSD Kernel
SANS NewsBites Vol. 9 Num. 49 (June 21, 2007) Apple Patches IPv6, Apple TV Flaws
SANS NewsBites Vol. 9 Num. 51 (June 27 & 28, 2007) RealPlayer Flaw Fixed
SANS NewsBites Vol. 9 Num. 54 (July 9, 2007) Buffer Overflow Flaws in SAP Products
SANS NewsBites Vol. 9 Num. 55 (July 10 & 11, 2007) Lack of Update Coordination at Sun Poses Security Concerns
SANS NewsBites Vol. 9 Num. 57 (July 17, 2007) Vulnerabilities in Trillian And Yahoo! Messenger
SANS NewsBites Vol. 9 Num. 76 (September 18, 2007) Overflow Flaw in OpenOffice Could Allow Remote Code Execution
SANS NewsBites Vol. 9 Num. 97 (December 6 & 10, 2007) November Skype Update Fixes Remote Code Execution Flaw
SANS NewsBites Vol. 9 Num. 99 (December 18, 2007) Apple Releases QuickTime and Java Fixes
The top 25 programming errors provide some light on the subject: http://www.theregister.co.uk/2010/02/17/top_25_programming_errors/
And, the reason ?buffer overflow? is so prevalent is that it is the low-hanging fruit. As code gets corrected, and programmers become more aware, and because of better tools, the number of buffer overflow problems should be going down [as they appear to be doing so].
There is also the issue of manufacturers reporting the problems. This was the case with Apple and Unix/Linux, especially Apple, for a very long time ? that their product(s) was invulnerable to such problems. Well, surprise, surprise. They have as many, if not more problems with their code, as anyone else.
Windows, OS X, Linux/Unix, and the browsers that run on these platforms are (hopefully) becoming more secure. A result of that is that more hackers and malware writers will move to other low-hanging fruit. This means PDAs, smart phones, and the like. These are the targets today. And, with the ?social? environment, many users will fall well short of securing their devices. All that remains is the integrity of the manufacturer to report the problem(s).
Geoff
Geoffrey
My systems were set up and running at a London exhibition centre hosting IFSEC - International Fire & Security.
They started up at the weekend they were delivered before the exhibition week - with no trouble.
Everything was powered down each night - safety rules by organisers.
Each morning my systems powered up and within a minute were running automatically.
Competitors were still struggling to launch their products each morning after the doors opened to visitors.
You dared I say that, 30 years ago, I never knew about ?buffer overflow?.
So what ! !
There were no such exploits at the time when I designed FUTURE PROOF software in modules.
Therefore I developed protocols that used a byte count at the START and used ACK/NAK from the receiver before filling the buffer.
This allowed new requirements to evolve and use longer messages without any need to re-write existing code.
You have given a massive list if SANS articles.
That only proves that Apple and others used null terminators which are vulnerable to malware which was not originally prevalent.
I too did not consider malware - I was just dealing with anticipation of the general principle "If it can go Wrong It Will - at the worst possible time"
How is my "greatness" imagined.
I merely claim competence.
You previously insulted me by saying I was not worth arguing with.
Why are you here again with more insults ?
Question - you refer to VMWare, why ?
Surely that is a simple "wrapper" which contains whatever the user installs inside,
and it seems to me that criticising VMware for the vulnerabilities of user choice is grossly unfair - but not out of character !
Alan, it is pity that you never worked for Microsoft in their early days. All of their archtecture would have been blessed by you and error free.
There would be no such thing as bloat, except for your ego.
Let's see you write a modern day app, with all of the web interfaces, all of the bells and whistles.
Your comments on this forum are insulting to those who work long, hard hours, in an extermely competitive environment, to earn a living.
Why did I respond this morning? I was bored, and your posts always make me laugh.
Geoff
Alan, it is pity that you never worked for Microsoft in their early days. All of their archtecture would have been blessed by you and error free.
There would be no such thing as bloat, except for your ego.
Let's see you write a modern day app, with all of the web interfaces, all of the bells and whistles.
Your comments on this forum are insulting to those who work long, hard hours, in an extermely competitive environment, to earn a living.
Why did I respond this morning? I was bored, and your posts always make me laugh.
Geoff
If my posts make you laugh, why are you compelled to pour scorn on myself and unjustified criticism of VMware ?
Yes, I can see a big ego, but it is not mine.
Incidentally you claim to have been doing 40 years ago the same work as I did 30 years later, protecting Nuclear sites.
That is difficult to swallow since the Intel 8008 came one year after 1971.
Are you claiming that our Nuclear assets were protected my mainframe computers such as the IBM 360,
and that you played a key role in their deployment ?
I remember in the 1980's that Fire Alarm Annunciators could not be part of an approved system unless all light bulbs OR Light Emitting Diodes were duplicated.
It seems unlikely that an IBM360 would be depended upon for real-time protection of nuclear submarine sites and nuclear power stations.
I do not see how my views are insulting.
Software should be designed right, not thrown together and requiring a never ending stream of security patches.
I accept that they work long hard hours, I do not insult them for that.
I do not insult them for a lack of competence.
I merely regret that there was no decision for redesign and avoid the fundamental design error,
and instead every new symptom is met with a new work-around patch.
If you search the Internet you will find that what I independently designed for FUTURE PROOF systems to suit future requirements,
was also independently designed by others as a known technology.
I believe even the Internet message protocol places a message length at the start of the message,
and the message may contain nulls without causing termination.
If my posts make you laugh, why are you compelled to pour scorn on myself and unjustified criticism of VMware ?
Yes, I can see a big ego, but it is not mine.
Incidentally you claim to have been doing 40 years ago the same work as I did 30 years later, protecting Nuclear sites.
That is difficult to swallow since the Intel 8008 came one year after 1971.
Are you claiming that our Nuclear assets were protected my mainframe computers such as the IBM 360,
and that you played a key role in their deployment ?
I remember in the 1980's that Fire Alarm Annunciators could not be part of an approved system unless all light bulbs OR Light Emitting Diodes were duplicated.
It seems unlikely that an IBM360 would be depended upon for real-time protection of nuclear submarine sites and nuclear power stations.
I do not see how my views are insulting.
Software should be designed right, not thrown together and requiring a never ending stream of security patches.
I accept that they work long hard hours, I do not insult them for that.
I do not insult them for a lack of competence.
I merely regret that there was no decision for redesign and avoid the fundamental design error,
and instead every new symptom is met with a new work-around patch.
If you search the Internet you will find that what I independently designed for FUTURE PROOF systems to suit future requirements,
was also independently designed by others as a known technology.
I believe even the Internet message protocol places a message length at the start of the message,
and the message may contain nulls without causing termination.
Alan, if you would learn to read, and control your urge to argue, the answer is in my post. Clue: I did mention DEC and DG.
If you would like personal instruction on coding for such applications, from 40 years ago, just PM me. I'll see if I can fit you in my schedule. First consultation is free.
Geoff
The topic subject was ccleaner mobile.
This has wandered far off target now guys.
I will close this thread and leave you guys to continue 'discussing' things via pm.