Symantec Intros Anti-virus Software for Windows Mobile

The company launches its latest security package for Microsoft smart phones, betting that companies are going to take an aggressive stance on defending the devices as they become more widely adopted.

Security software market leader Symantec rolled out its latest package of anti-virus applications for Windows-based mobile devices on Nov. 1.

Dubbed Mobile AntiVirus 4.0 for Windows Mobile, the product promises to help protect data stored on smart phones running the Microsoft operating system, including offering the ability to wipe out data present on lost or stolen devices.

While viruses attacking mobile devices remain rare, an increasing number of enterprises are handing out smart phones that store larger amounts of data, such as in mobile e-mail programs, driving the need for companies to adopt tools to protect sensitive corporate information traveling on the machines, according to Symantec.

In a recent survey completed by the Cupertino, Calif.-based company, some 80 percent of enterprises indicated that they have begun distributing smart phones, with 75 percent of those companies admitting they have yet to employ any form of mobile security software. Despite the disparity, enterprises are beginning to shop for handheld anti-virus and security tools to avoid future security issues related to viruses and handhelds that go missing, said Paul Miller, managing director of mobile security at Symantec.

With Windows Mobile device adoption predicted to rise significantly over the next several years as smart phones become cheaper and more useful, the number of threats targeting the handhelds will likely increase as well, the executive said. At this point, Symantec estimates that there is still only one virus aimed at attacking wireless devices for every 650 malware threats targeting PCs.

"If enterprises are handing out these devices without properly securing them, mobiles will become the path of least resistance for hackers and we will see more attacks," Miller said. "The era when companies were banning smart phones based on fear of unknown security risks are over, as the value of mobility and e-mail on the device has already proven its worth; in companies that are rolling them out, CEOs are increasingly mandating mobile security policies for all employees."

Despite the shortage of existing mobile threats, Symantec has reported the emergence of several new types of attacks over the last year, including so-called snoopware, which allows outsiders to tap a smart phones microphone to eavesdrop on users conversations, and programs that secretly subscribe peoples devices to for-pay SMS (Short Message Service) offerings in the name of committing fraud.

Another form of SMS-based attack, known as smishing, attempts to trick users into visiting virus-laden Web sites with their devices in order to opt-out of expensive messaging services for which they have not signed up.

/zimages/4/28571.gifBy failing to encrypt data stored on Windows Mobile devices, Microsoft is leaving users open to potential data leakage, wireless researchers say. Click here to read more.

Along with the remote wipe-and-kill feature for what Miller refers to as "loss mitigation" in Mobile AntiVirus 4.0 for Windows Mobile, which allows users to delete information when they lose their device, the package boasts Symantecs LiveUpdate Wireless service, which automatically updates phones threat protection signatures to combat emerging threats. The product also promises a centralized management feature that allows administrators to configure, lock, and enforce security policies on handsets from a single console interface.

Other new features include the ability for administrators to schedule device security scans, a tool that enterprise are increasingly demanding, Miller said.

The move by enterprises to adopt more organizationwide security policies should encourage firms to invest in tools used to defend mobile devices and drive significant growth of the handheld anti-virus market, according to the executive.

"Were encouraged by trends that we see, as ad hoc security measures are giving way to centralized IT policies that encourages security on all endpoints," Miller said. "Companies are also being driven to adopt by disclosure of data losses; as more information makes its way onto the handheld, were likely to see more headlines about missing smart phones, along with the stories about stolen laptops."

At least one analyst agreed that more enterprises will begin considering protection for smart phones as they distribute larger numbers of the devices.

"[Chief information security officers] and IT groups are now considering how the business needs of mobility impact their security policies," Jon Oltsik, an analyst with Milford, Mass.-based Enterprise Strategy Group, said in a report. "Many shops that considered themselves PC-only environments are now grappling with multi-environments like Windows and Symbian on mobile phones for the very first time."

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.