Analysts Speak Out on the Wireless Security Hype

News Analysis: Some industry watchers contend that the threat of malware aimed at mobile handsets is over-hyped; others say enterprises preparing for such threats will be better off when attacks arrive.

Security software vendor Kaspersky Labs joined the ranks of anti-malware specialists introducing applications designed for use on mobile devices with the launch of its new beta technology for smart phones running the Symbian operating system. Whether such tools should be in demand by enterprises remains a topic of debate among industry watchers.

Kasperskys introduction of its Anti-Virus Mobile beta is particularly interesting because an overwhelming majority of the mobile handset threats identified to this point have been aimed squarely at Symbian devices. And as recently as the third quarter of 2005, researchers at Gartner reported that Symbian accounted for two-thirds of the worlds shipments of smart phones, powerful handheld devices with larger memories and more PC-like capabilities than todays popular handsets.

While most experts concede that smart phones could be one of the technologies that drive a new wave of adoption of enterprise mobility tools, Gartner said the cutting-edge devices represented only 6.1 percent of all the handsets shipped worldwide during 2005.

Those relatively small numbers, combined with the comparatively benign nature of todays mobile threats, leaves some industry analysts with the impression that software vendors are inflating the issue.

"The mobile security threat is getting a bit too much hype, eventually there could be real attacks, but a lot has to happen before it becomes an issue people really need to worry about," said Sandra Palumbo, analyst with Boston-based Yankee Group.

"The fact is that the things weve seen so far have had such a limited scope that its not really worth focusing a great deal of attention on it; the vendors are guilty of aggressive marketing."

Among the fundamental issues separating the nature of todays mobile threats from desktop viruses is the sheer diversity of devices and operating systems on the market, compared to Microsoft Windows utter dominance of the PC world for almost two decades. Palumbo said that as smart phones and mobile business applications become more widely adopted, the most popular platforms will likely fall prey to malware code writers. But the analyst doesnt believe such a stage will be set until at least several years from now.

Along with Kasperskys new product beta, high-profile vendors including F-Secure, McAfee and Symantec have all introduced similar mobile anti-malware applications.

F-Secure in particular has been outspoken in exhorting enterprises to begin more actively defending wireless devices.

/zimages/1/28571.gifTo read more about rootkits and increasing security threats, click here.

Some people may think the company is trying to cash in on the fear of mobile security emerging the next big sore sport for IT administrators, but someday those individuals will wish they had been more prudent in preparing for tomorrows attacks, said Antti Vihavainen, vice president of mobile security at Helsinki-based F-Secure.

"People in enterprise IT departments think that preparing in advance for something that might not happen is lame, but the fact is that its very hard to recover after a problem begins; its damage control," said Vihavainen.

"People have the option to be prepared; some will take it, some wont, and what weve been trying to say is that things will get worse before they get better with mobile threats, unless there is decisive action taken by business users."

Next Page: Keeping up with the attacks.