Be worried, be very worried. The truth about the Symbian OS virus scene.

Published by at

Steve Litchfield is a lot more worried about the growing problem of hype than about the viruses themselves...

Worried? You should be...

Yes, I'll admit it. In all the hoo-hah from anti-virus software vendors, there is a very real danger. You're right to be worried.

You're in danger of being misled. You're in danger of being panicked unnecessarily. And you're in danger of being ripped off. Let's look at the facts behind the Symbian OS virus scare stories and then name and shame the companies behind the press releases. Note that I'm not denying that malicious software ('malware') exists - after all, writing a little program that does bad things is trivial on any computer platform under the sun - but the existence of a little malware here and there (mainly where people are trying to get 'warez' versions of commercial software) doesn't mean that we've all got to start panicking that Symbian OS is vulnerable to the sort of virus and worm attacks so familiar on the desktop. And I'm less than impressed with a number of companies that are trying to convince people that it is.

Some simple facts

Fact: no-one can pass a virus to your Symbian smartphone over Bluetooth without your knowledge. See a plea for sanity over on 3-Lib for much more on this.

Fact: it's impossible for any piece of malicious software to make your smartphone unusable. Even if you allow a piece of 'malware' (i.e. a malicious program) onto your unit, it can't touch the OS and applications in ROM, which means you can always do a hard reset to get back to a working system.

Fact: the Symbian 'viruses' you read about aren't really in the wild, in the same way that Windows viruses are. Because it's realistically impossible for these apps to spread, you simply will not come across them in any significant number in the real world.

Fact: you're not going to pick up a worm through being online either, as Symbian OS's TCP/IP stack and port handling is far, far tighter than that (that used to be) used in Windows.

Fact: the biggest hazard in the Symbian world is the 'warez' scene, where unscrupulous people 'crack' commercial software and then put it up for free download or try to get friends to beam it around. Quite apart from the ethical considerations about putting genuine Symbian authors out of business, these cracked versions are the perfect opportunity for a malicious cracker to insert routines designed to cripple your phone or scramble your data. You can stay clear of such malware by downloading your Symbian OS third party software from trusted sources and staying clear of warez.

There really is no danger whatsoever of your Symbian OS smartphone becoming 'infected' with something without your knowledge. So sleep easy.


Here are some of the scaremongering companies that have caught my eye recently. In each case, the company issuing the statement has a huge vested interest in the 'problem', by effectively scaring people into buying their product.

FB-4 Inc claim new trojans are "wreaking havoc on Series 60 phones". Their product is VirusGuard and there are even versions for UIQ and Series 80, despite there not actually being any known viruses for these. It beggars belief, really.

Jamanda promises a "holistic" solition and claims their Mobile AntiVirus for Series 60 will be of "immense benefit". To their (slight) credit, they have issued a remover for the Cabir 'trojan' as freeware until their full suite is available.

Fonoinfo talk about "the severity of the mobile virus problem", going on to say that some countries have been "badly hit with Cabir and its mutations and the virus spread is very rapid". Their product is Commander Mobile Anti-Virus.

SimWorks come out with "With more and more smart phones shipped every year, your phone is becoming a lot more attractive to virus writers and, unlike traditional PC viruses, there's a much higher chance that a virus on your phone will hit you in the pocket." [pause while that sinks in] "Purchase our...." etc. Ah, the punchline link to buy their products, Anti-Virus UIQ and, err... Anti-Virus S60.

TSG Pacific are suitably overboard with claiming to "protect millions of Australian mobiles from the potentially disastrous new bug" and that "the Carib virus has the potential to wreak havoc." Their product is Phone Safe, for Series 60 only.

exoSyphen Studios are fairly free from hype but then say "After installing any new software, always scan your phone with exoVirusStop prior to running it for the first time!" Oh, come on, guys. If you download from trusted sites, there's no need whatsoever to be this paranoid about malware.

F-Secure, who really should know better, were the first to jump on this bandwagon, of course, with their Anti-Virus for the Nokia 9210. For the 9210, for goodness sake. My toaster's got more chance of catching something than the original Communicator. They now have a Series 60 version, hyped up with paragraphs like "As soon as a suitable target phone is seen, the worm sends itself there as a Bluetooth file transmission and keeps sending itself to that phone while it is still in range. Once the target phone leaves the area, Cabir.H will find a new target and continue spreading. This means that in conditions where people move around and new phones come in conctact with each other, the Cabir.H and Cabir.I can spread quite rapidly." No mention whatsoever of the chain of explicit acknowledgments needed for every single 'spreading' incident.

The various Internet news sites really haven't helped, either, seizing on what they see as a juicy story and panicking the general smartphone-owning public half to death.

A new challenge

The problem is not so much the tools offered, nor the existence of the malware itself, but the incendiary language being used to promote them. And the fact that these companies are trying to get rich on the back of the perceived dangers of cyber-terrorism.

Malware in the Symbian OS world is just that, malicious software. It doesn't fit the usual desktop model of invisible and continuous infection. Any 'infecting' only happens with your explicit consent in triplicate and the malware only goes as far as the next gullible warez-seeking user.

Over on 3-Lib, I issued a challenge for any anti-virus vendor to try and infect any of my Symbian OS devices (all set to 'Bluetooth discoverable', no time limit, cash prize). Not one single taker. What a surprise.

I now issue a new challenge, to all current and wanna-be anti-virus software vendors: Throttle back your hype and emphasise safe computing over and above your own sales agenda. Be a responsible member of the Symbian OS community and you'll find you gain respect rather than ridicule.