Sunday, November 27, 2005

Needs a dash of clue

While we're on the clueless security rant, here's one that I heard on the radio tonight. A syndicated personality, known as "Troubleshooter Tom Martino", has a consumer-centered talk show. As I was driving back from the grocery store this evening, Mr. Martino was ranting that iPods are susceptible to viruses via podcasting and stating that "we need anti-virus software for our iPods".

Would someone in Denver please ring up Tom and tell him the problems with his logic? Stuff like:

  • iPods are not x86 or Windows-based. Ask him to name one ARM or MIPS based virus that's capable of self-replication.
  • Podcasts are normally delivered from static, one-way sources. For a podcast to become infected, it (theoretically) would require malicious action on the part of the podcast author. There's no two-way data feeds involved.
  • RSS feeds are not like e-mail. They don't mysteriously show up on your iTunes list. You have to subscribe to them. In other words, there's a certain amount of reputation and trust involved with podcast sources.

In short, there are too many things missing from the environment that would support malicious code. "In ain't gonna happen." Instead, Mr. Martino should be ranting about virus scanners for our cars. There are models out there that run versions of MS Windows.