Ultimately, security software, just like any other software, exists to make money for its developer. And the most hype and scare stories exist about mobile 'viruses', the more chance they've got to peddle their wares. Or should that be 'warez', because the only way you're going to even see a piece of mobile malware is if you hang around with the cracked apps/warez teenage crowd.....
First up, in the last week, was a senior Symantec executive, talking to The Register, claiming "Security attacks on smartphones have taken off this year" and talking about "spyware that sends premium SMS messages, and 'snoopware' - software such as Flexspy which can remotely activates the handset's microphone or camera to spy on its owner". He claimed that "any computer attached to a network needs anti-virus, and a smartphone is a computer".
You can't just compare Symbian OS to the exploit-ridden mess that is Microsoft Windows. Just because a smartphone is a proper computer doesn't mean it's as vulnerable. Now, the folks at Symbian aren't miracle-workers and no OS is 100% perfect, but I've yet to hear of a SINGLE vulnerability that will let a virus or worm infect a smartphone without implicit acceptance by the user. As for attacks taking off this year, I've only ever met ONE person who's ever been affected by mobile malware and that was only because he was a)clueless and b)silly enough to install a game he thought a colleague might be trying to send him. And even then, when he found out that he was infected with something, it only took 5 minutes to hard reset the phone and restore from his backup.
Second in the hall of shame is the ever-persistent F-Secure. Despite admitting to me at the Smartphone Show that Symbian had effectively told them to 'cool it' because they were scaring people away unnecessarily from Symbian OS, F-Secure are back with a vengeance, on the back of trying to promote their latest product, Mobile Security, which now includes a 'firewall'. Hang on - Symbian OS doesn't NEED a third party firewall (neither should any decently written OS), as I proved a while back.
F-Secure's president said "The added firewall feature is important as most new smartphones have access to wireless public networks available for example at airports and other public places. People should realize that smartphones too can also be attacked through a Wi-Fi connection and not only by mobile viruses." Err.... what's different about being connected through Wi-Fi compared to through GPRS/3G? Why should your firewall suddenly become 'important'? I simply don't believe that any Symbian OS smartphone owner needs worry about security or slow down their device with resource-grabbing security utilities.
But the icing on the cake was F-Secure (again), with the normally reliable Dave Winder, writing in PC Pro magazine, recounting his tour round F-Secure's facilities in Helsinki. The highlight of this tour was apparently being allowed into "the newly built (metal-walled, RF-isolated) mobile phone virus chamber deep inside the labs". Dave says "Making sure I left all my own mobile devices outside - F-Secure assured me that they'd be at risk inside - I ventured in....".
What madness is this? Look. FOR THE UMPTEENTH TIME, I'LL TAKE ANY CURRENT SYMBIAN OS DEVICE INTO F-SECURE'S CHAMBER, ALL WITH BLUETOOTH TURNED ON AND FULLY DISCOVERABLE, AND I'LL STAY THERE FOR AS LONG AS THEY LIKE. And I'll walk out with all devices fully secure still, with no infections. The only hassle is that if bombarded with too many bogus requests, the devices might not be very usable as smartphones, but then as I was in a RF-secure chamber I probably wasn't going to get much done anyway....
Am I a lone 'voice in the wilderness' here? Is it just me shouting 'look, the emperor's got no clothes on'?
To quote F-Secure's spokesperson at the Smartphone Show, "Be a good boy scout and stay safe", referring to not going looking for cracked applications/games and to being wary about incoming connections. Good advice. Follow it and you won't need any of their software. Really.
Steve Litchfield, 21st November 2006