Thursday, April 27, 2006

Virus onslaught sickens smartphones

SearchMobileComputing paints another doom and gloom scenario about the potential havocmobile viruses might cause. According to one anti-virus vendor, the 200th mobile virus in the wild is just around the corner, and might be out there already. The company compares "the mobile virus arena today to that of viruses in the PC world in the 1980s." To put things in perspective, "there are now roughly 165,000 identified PC-based viruses," and hundreds more are created every month.

Jack Gold at J.Gold Associates noted "the threat of mobile viruses isn't necessarily based on the number of them in the wild. Like a bad strain of the flu, the severity of a mobile virus depends on how vicious it is and how fast it can spread." He said, "The issue, though, is not how many, it's how mobile are they. To date, it's been very difficult to spread viruses to mobile devices."

As smartphones become more prevalent then things might change, at least that's what the anti-virus companies would want you to believe. Gold added, "All of this starts to look more like a PC environment."

Craig Mathias at Farpoint Group said, "We can assume this is going to become a bigger problem over time. It's unfortunate, but true. And the more intelligence you put into the local device, the greater the risk for someone to get malicious code onto it."

The article looks at some of the challenges enterprises face securing their devices and one big issue is that individuals are still driving the acquisition process. Daniel Taylor at the Mobile Enterprise Alliance said, "One of the big issues is that for mobile devices, especially user-provisioned mobile devices, security is one of the last things users worry about."

Taylor recommended that "enterprises start setting device policies and roll out a form of network access control that looks into devices and denies them network access if they are not up to date with the latest antivirus software. Such a solution can quarantine devices and push out the latest antivirus updates or move them to a DMZ where they can't infect the network." He said, "Many companies do not have these policies in place for smartphones. The mobile antivirus policy has to be the same as that of a laptop or a PC."

Taylor streesed the importance that "a clear policy is essential," because "enforcing mobile policies can eliminate most of the risk involved when employees start using purchased devices on the network." He added, "The choice for the enterprises is either to say, 'We don't support this device,' or to deploy a mobile management platform that can handle most devices. If you're an IT manager, do you want to be the one telling the employee who just went out and spent $500 on a device that you don't support it?"

Avi Greengart at Current Analysis thought that "some of the talk of smartphone viruses is "fear mongering" by PC antivirus software makers looking to expand their market into mobile." He advised that "what was of most concern about IT having little or no knowledge of users' devices is the threat of loss or theft of data. Worrying about viruses should be secondary." He said, "Far more dangerous -- at least in the short term -- are more basic security problems with mobile devices. A smartphone is easily lost or stolen and often contains proprietary e-mail and contact information. Data loss of this kind is publicized mostly when it happens to Paris Hilton, but it can be just as damaging to a corporation."

Greengart continued, "Since many mobile devices are purchased by individual users, not the IT department, most corporations don't even know how big their problem is and have no way of limiting the damage. Longer term, as mobile devices are built on more robust operating systems and enjoy constant connectivity, they can become attractive targets for virus writers."