mobile security

news, reviews and going's on in the world of mobile security

Analysis: Symantec - operating systems on phones lag those on PCs by six years

Filed under: Mobile Device Security, Vendor Specific — webmaster at 4:44 pm on Wednesday, November 22, 2006

An article posted in the The Register last week just caught my attention. It was quoting Paul Miller, head of Symantec’s Mobile and Wireless Security Group. In this article were a lot of statements which I disgree with. On this blog I try as best as I can to remain impartial and not promote or bash any one vendor more or less than any other, but in this case I can’t help but feel that what I read amounts to little more than a modifed version of what I read one year ago in a Gartner Report.

This same Gartner report is quoting the same threats will increase which is exactly the same thing that it said last year. Whilst I don’t want to quote Paul Miller out of context, I find statements such as this highly controversial:

“Plus, operating systems on mobile phones lag those on PCs by six years - and hackers attack the weakest link. “

Six years? Weakest link? What mobile device does he use? And from which vendor? I don’t think he could be further from the truth. For example, I would say that Microsoft could learn a lot from Nokia with regards the security features in the new S60 3rd Edition operating system. Where are the patch Tuesdays and Zero Day Wednesday’s for Symbian? After all, the article went on to say:

Mobile phones will out-ship PCs by five to one this year, and are far more likely to be lost or stolen, according to statistics quoted by Symantec.

Miller continues:

But any computer attached to a network needs AV, and a smartphone is a computer and that IT staff need to target perhaps the top 5% of their users for additional defensive software such as firewalls and encryption, because they will be the senior execs and salespeople who keep critical business data on their phones.

This statement on the other hand is absolutely justified, and 5% might even be a little conservative. The threat of Flexispy as a tool for industrial espionage is very real, but statistically, you have a higher chance of misplacing or even loosing your phone so I would put mobile encryption higher in the ‘must have’ list.

So is the picture as bad as mobile AV and PF vendors would have you believe? I don’t think so. They love to focus on Flexispy as it is perhaps the best example of any application that has emerged this year that can justify why a mobile AV&PF should be installed onto your smartphone. However, one critical factor has been overlooked in all of this: User education. With smart phones the only way to get infected is if the user clicks ‘yes’ to install something e.g. over bluetooth (yes, there are other ways to install software), but in general it’s down to the user. And we are starting to see implementation of content signed software. When this becomes more mainstream, how far will bluetooth propagating crimeware really get people if the application is unable to talk to the network?

So lets see where we are at the end of 2007 with regards mobile security trends. More of the same? I know where I’ll put my money…

No Tags
Powered by Gregarious (41) Google Reader or Homepage Subscribe Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online Subscribe in Rojo gritwire Add to Technorati Favorites!

1 Comment »

2

Pingback by 2 Blocks away: where *nix, security and Mac meet the general public » Anti-Virus, Anti-everything, the solution to your security problems?

22 November, 2006 @ 9:41 pm

[...] First off: I am sorry to admit but I am riding this post on the inspiration and wave of the article about Mobile Anti-Virus over at MobSec. [...]

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
Socialized through Gregarious 41