Symantec's Mobile Security Suite Misses Mark

Review: Symantec's Windows Mobile 5.0 platform is too narrowly focused.

Symantec's Mobile Security Suite 5.0 provides a good mix of security features for devices based on Microsoft's Windows Mobile 5.0, but the product ultimately misses the mark due to clumsy management tools and a complete lack of integrated cross-platform support that would certainly be compelling in an increasingly crowded but compartmentalized marketplace.

Mobile Security Suite 5.0 for Windows Mobile builds atop Symantec's core of device-based anti-virus and firewall features with new on-device folder encryption, device lock, tamper protection and network access control capabilities.

With both mobile operating system makers and mobile device manufacturers pushing new security platforms onto the market, the door is open for an ISV such as Symantec to make some hay with a powerful cross-platform solution that would help mobile administrators effectively secure their myriad devices with a single solution.

However, while Symantec does offer separate security products for the common open mobile platforms Windows Mobile and Symbian, I'm simply not seeing any real signs of integration between the two products. Both platforms have different management tools for policy creation, assignment and enforcement.


Microsoft wants to build a mobile device application platform as ubiquitous as Windows is on desktop PCs. Click here to read more.

Symantec has started down the road toward integrating its Windows Mobile solution with its familiar anti-virus management console, the Symantec System Center, or SSC. In my tests, I was able to monitor the security posture of my Windows Mobile clients, getting familiar at-a-glance visibility into virus activity and signature downloads. However, I needed to make sure I was running the most recent version of the SSC to get there.

Policy creation and assignment, meanwhile, is performed using a separate application—MSM (Mobile Security Manager). From this Windows-based application, I could create packages that tie together seven distinct policies: four firewall policies for different network types, a security policy that allows the administrator to disable device features such as the camera or Bluetooth, an intrusion prevention policy, and an integrity manager policy that monitors the health and uptime of the security software's components and processes.


Policy management is truly a clumsy affair in MSM, however. I found the various creation and assignation tools confusing. While I found it fairly straightforward to create and apply a new policy, policy controls were confusing thereafter. Because policies can be applied to individual users and devices or to groups of users, I found myself losing track of where the policy was initially applied, as the MSM tools do not adequately depict policy inheritance. This could be solved by an additional reporting interface that shows the relevant objects to which a policy has been assigned.

The software packages themselves are meant to be distributed using a third-party MDM (Mobile Device Management) solution such as Nokia's Intellisync or Sybase iAnywhere's Afaria. However, distribution can be done on a device-by-device basis using Microsoft's ActiveSync in a pinch.

Once the software packages—which include a Symantec Mobile Agent configured to phone home periodically to the MSM via an SSL (Secure Sockets Layer)-encrypted connection—are distributed, the client can download new policy packages and signature updates without the MDM.


Symantec bolsters its managed security portfolio. Click here to read more.

The MSM also has limited reporting capabilities: For example, I could pull up some vanilla reports on all events, firewall activity or quarantine events.

There are two versions of Mobile Security for Windows Mobile: a standard edition that includes anti-virus capabilities, a firewall and SMS (Short Message Service) anti-spam capabilities, priced starting at $40 per device, and a $70 premium edition that builds atop the services included in the standard edition with added capabilities for on-device encryption, device lock, loss mitigation, network access control and tamper protection. Both versions work only with Microsoft's Windows Mobile 5.0, which will be a significant drawback as Windows Mobile 6.0 gains traction in the market.

Separately, Symantec sells the Symantec Mobile VPN client for $80 per device. The client works with Cisco Systems and Nortel Networks VPN concentrators. With the Mobile VPN client installed, I could enforce a Symantec-proprietary version of NAC (network access control) that automatically ensured security services were working and up-to-date before allowing a device onto the network.

Symantec officials acknowledge that the NAC feature is not currently compatible with the commonly known NAC frameworks (Cisco's Network Admission Control, Microsoft's Network Access Protection and Trusted Computing Group's Trusted Network Control). However, the company is working toward getting its solution to leverage the fruits of its 2006 Sygate acquisition.

Page 2: Mobile Security Misses Mark

Microsoft's Windows Mobile remains pretty quiet on the virus front. During the month and a half that we tested the product, not a single new virus definition file was released. (The last release was in mid-July.) Indeed, when examining the protection features on the device, we discovered signatures for only six malware variants, and one of those was the Eicar test virus.

In tests using Eicar virus samples, Symantec's product was able to detect and quarantine the samples—but not necessarily in the way I expected. If I downloaded the virus directly to the device, I received a nonintuitive error message saying the device had no storage space remaining, but the virus was blocked before it could be saved to storage. However, if the virus was in a .zip file, I could then download it (meaning that the Symantec product failed a test that desktop anti-virus solutions have been able to solve for years). Only when I extracted the virus from the .zip file could Symantec's active protections sweep it into quarantine—after a few seconds.

Mobile Security Suite 5.0 also lets administrators require a device lock (either a PIN or an alphanumeric password) for accessing the device interface. Then, when a device boots or wakes from a period of inactivity, the user must enter the password or PIN within a predefined number of attempts.

My policy was set to lock down the device after 10 incorrect log-ins. After the 10th failed attempt, the device automatically erased its data and then conducted a hard reset that removed all installed applications. Once the device completed the reset, it was in its pristine state—devoid of data and applications.

Device encryption also worked well. Administrators can centrally allow encryption for smart cards via policy, while users can point the software to folders they want encrypted. (The folders are protected with a password.) I could also set the encryption to encompass contacts, e-mail and other information when a device was powered down, but this will add to the device's boot and shutdown times because encryption has to be done on the fly.


Check out's Mobile & Wireless Center for the latest news, reviews and analysis on mobile and wireless computing.