Linked by Thom Holwerda on Mon 11th Oct 2010 16:18 UTC

Thread beginning with comment 444876
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
No, that's incorrect. Sure, your "average" assembly code won't run on the platform directly, but assembly is anything but average and my opinion would be that less then %5, maybe even %1, of malware would have any assembly code in it.
Assembly code has nothing to do with it. WP7 can not execute a standard Win32 exe. Windows malware makes Win32 specific calls in order to keep itself alive. Not only is WP7 unable to process a Win32 executable but even if it could the exchange would look like this:
Malware: Requesting standard access to the registry.
WP7: What the hell are you talking about?
However, MS did port the .NET stack and hence pretty much anything written in VS will run just fine. Sure, I'm guessing some file locations have moved, etc..., but the code itself will run just fine.
In short, Win7 mobile probably has plenty of the same holes as regular Win7, especially the .NET related ones.
First of all the vast majority of malware that is not installed voluntarily take advantage of buffer overruns. Both Java and C#/.NET are interpreted languages that require bounds checking to prevent them from happening.
If what you are really saying is that trojans written in .net can be ported to WP7 well that means nothing since trojans can be placed inside Android apps as well. Since WP7 doesn't allow outside apps Android is actually more vulnerable to this type of attack.
Saying that WP7 will be a security risk because of .NET makes about as much sense as saying that Xbox is a security risk because of .NET or that Linux distros are at risk because of Mono.
Edited 2010-10-13 07:31 UTC
Member since:
2006-05-12
WP7 is all ARM, I don't think they even plan on having it ported for Atoms.
No, that's incorrect. Sure, your "average" assembly code won't run on the platform directly, but assembly is anything but average and my opinion would be that less then %5, maybe even %1, of malware would have any assembly code in it.
However, MS did port the .NET stack and hence pretty much anything written in VS will run just fine. Sure, I'm guessing some file locations have moved, etc..., but the code itself will run just fine.
In short, Win7 mobile probably has plenty of the same holes as regular Win7, especially the .NET related ones.