Installation guide
BlackBerry Enterprise Solution 59
How the BlackBerry device protects its operating system and the BlackBerry Device
Software
Each time a user turns on the BlackBerry device specific components on the BlackBerry device automatically
check the authenticity of the operating system and the integrity of the BlackBerry Device Software. The
BlackBerry Device Software must pass these security tests before users can run the software on the BlackBerry
device and wireless software upgrades can update the software successfully.
Protecting the BlackBerry device against malware
Java based BlackBerry devices are designed to provide an open platform for third-party wireless enterprise
application development. Using BlackBerry MDS Studio and the BlackBerry® Java® Development Environment
(BlackBerry JDE), the BlackBerry Enterprise Solution lets software developers create third-party applications for
BlackBerry devices. BlackBerry JDE developers can create more powerful, sophisticated applications than are
possible with the standard Java 2 Platform, Micro Edition (J2ME™). A third-party BlackBerry application can
perform the following tasks on the BlackBerry device:
• communicate and share persistent storage with other third-party BlackBerry applications
• interact with native BlackBerry applications
• access user data such as calendar entries, email messages, and contacts
Third-party applications that are designed with malicious intent to cause harm to computer systems (for
example, viruses, trojans, worms and spyware) are commonly known, collectively, as malware. Some malware
attacks could target BlackBerry devices. Attackers could use malware to perform attacks that are designed to
• steal your personal data and your organization’s data
• create a DoS to make your network unusable
• access your organization’s network using your organization’s BlackBerry devices
By default, Java based BlackBerry devices can download any third-party application over the wireless network
using the BlackBerry Browser. The BlackBerry Enterprise Server administrator can also send third-party
applications to BlackBerry devices over the wireless network, and install them on BlackBerry devices
automatically. The BlackBerry Enterprise Solution includes tools designed to enable the BlackBerry Enterprise
Server administrator to control the manual or automatic installation of third-party applications and limit the
access of untrusted applications to the BlackBerry device and its resources to help contain malware attacks on
the BlackBerry device.
On computers, malware prevention requires processes that both detect and contain malware attacks. Detection
is the process of determining whether or not an application is malware. Effective malware detection requires a
comprehensive and frequently-updated local database or a constant connection to a similarly qualified online
database. While computers might have access to these databases, current mobile devices do not have enough
storage space for a malware database and cannot guarantee a constant connection to the Internet.
The BlackBerry Enterprise Solution is designed to use IT policies, application control policies, and code signing to
contain malware by controlling third-party application access to the BlackBerry device resources and
applications. These containment methods are designed to prevent malware that might gain access to the
BlackBerry device from causing damage to the BlackBerry device, its applications and its data, or your
organization’s network.
For more information, see Protecting the BlackBerry device platform against malware.
Using IT policy rules to contain malware on the BlackBerry device
The BlackBerry Enterprise Server Version 4.1 SP2 or later includes IT policy rules that are designed to enable the
BlackBerry Enterprise Server administrator to
• prevent BlackBerry devices from downloading third-party applications over the wireless network
www.blackberry.com