This was all started by some of the 'concept' viruses written for S60 2nd Edition phones such as the Nokia 6630 and N70. These had to be manually accepted, with several confirmations, on each and every phone that could be infected, but in some warez and youth cirlces a few very minor outbreaks were recorded. I wrote a well linked-to piece (now revised and stripped down to reflect current thinking, by the way) on the subject at the time, but the summary was that with so many user steps to infection and with no 'silent' infection, a la Windows, there was simply no way a mass infection could ever happen.
And I was right. Storm in a teacup, etc. But it made the anti-virus software companies a few dollars, selling prevention software to users who were worried. The ironic thing is that they very users who were worried were the very users who'd be a lot more paranoid about accepting unsolicited beamed in applications and would therefore be the least likely to 'catch' anything....
Fast forward to 2008. Symbian OS 9, implemented behind S60 3rd Edition and UIQ 3, has now been in place in real world handsets in their many tens of millions, for at least 2 years. And there's not one, repeat not even one virus for either platform. Symbian OS 9 brought in Platform Security, meaning that any functions that could be used to spread malware or damage the device were restricted to Symbian Signed (i.e. checked) applications. A system that's caused headaches for some developers trying to use low level functions for legitimate purposes but one that's also kept malware utterly at bay.
And yet, as kflyer noticed, there are high profile adverts across the mobile world for F-Secure's 'Mobile Anti-Virus' and 'Mobile Security' products. And F-Secure Mobile Anti-Virus also appears in Nokia's own Download! application on all devices, implying a healthy degree of endorsement. Even a few days ago, F-Secure launched their official anti-virus solution for UIQ 3, in 'partnership' with Sony Ericsson. Eh?
There's an old saying that 'there's no smoke without fire'. Except in this case, the smoke is being pumped upwards from an artificial smoke machine behind some rocks by the anti-virus vendors. Folks, there's no fire.
The antivirus software industry...
You may remember my original piece on AAS, pouring scorn on the outrageous claims being made in 2005 by the mobile antivirus software developers? Let's examine the same scene today.
FB-4 Inc seem to have faded away. Ditto Jamanda. Ditto Fonoinfo, who seem stuck in 2005. SimWorks are still plugging away, advertising that they protect users of (wait for it) the Sony Ericsson P800/P900 and Nokia 6600. Wow. Quote: "With more and more smart phones shipped every year your phone is becoming a lot more attractive to virus writers". Err.... No..... More and more smartphones ARE shipped every year, but they're virtually ALL immune to ANY virus risk (which, if you remember from above was tiny in the first place).
On with the roll call from the original article. TSG Pacific have also faded into obscurity. Are you noticing a pattern here? exoSyphen Studios are still around, seemingly concentrating on writing games (themed around hackers) now. Their exoVirusStop product is still available (advertised as compatible with '3rd Edition'), though the way "Series 60" is used instead of "S60" again confirms that they're stuck in 2004/2005. Their claim for their product is "You will be amazed by the small amount of memory it requires, and its lightning fast scanning engine." Indeed. I'm going to write an app that's smaller and faster though. How many lines of code will it take me to knock up an app that simply prints, on-screen, "Your phone is clean. No virus found!"?
All of which leaves only one of the original companies, F-Secure, of course, doggedly persisting with their (Symbian) mobile security business. From their web page: "Mobile malware such as viruses, worms and trojans have become a
nuisance that more and more smartphone users have to deal with.
Malware can cause unwanted billing, delete valuable information on
the device or make the phone unusable." Well, I guess it could - if it existed and if it was able to spread from device to device. That'll be two 'No's then.
Also from their page: "An integrated firewall combined with virus protection is the
next step in content security for mobile devices. Pure antivirus
solutions are not sufficient in devices that access open public
networks such as Wi-Fi. The new generation of mobile devices are in
many ways like portable PC'c and should be protected with a
firewall." Just because a modern S60 or UIQ 3 smartphone is as powerful as a PC was 5 years ago doesn't mean it's saddled with the same vulnerabilities! In my testing, I couldn't find a single open TCP/IP port in ANY version of Symbian OS. There's is no need WHATSOEVER for an extra 'firewall' utility.
In the face of complete failure by all other entrants to this market, I can only conclude that there are politics and money at work here. F-Secure is a Finnish company, of course, Nokia is Finnish. And with UIQ being based in Sweden, there's a definite local connection here. So the presence of F-Secure in Nokia's Download! app and their partnership with Sony Ericsson for inclusion on the latter's UIQ 3 smartphones isn't necessarily anything whatsoever to do with their being a need for such software.
In fact, I've (literally) lost count of the number of users who've come to me complaining of a slow smartphone and for whom the solution has been to uninstall the anti-virus solution they helpfully installed. F-Secure's software does seem well written, I'll grant them that - if there actually was a threat then I'd be recommending them - but why install any software utility that's going to sit in RAM, wasting any memory at all and using any processor time at all? Don't we want our phones to be more responsive?
New 'solutions'?
Since the original article, new anti-virus vendors have appeared, eager to expand their desktop offerings. Symantec has brought out Norton Smartphone Security, unbelievably only targetting S60 3rd Edition and UIQ 3 (i.e. the secure platforms) and not supporting older vulnerable phones at all. Hey, there's even a flash video showing a geek businessman who 'doesn't want to take chances' with his smartphone - that's why he chooses Norton, etc. But if your smartphone runs any UI on top of Symbian OS 9 then you're not taking chances. So the usual FUD (Fear, Uncertainty and Doubt) syndrome from Symantec then.
McAfee is the other big entrant, although they've toned down their mobile security pitch since they first launched, presenting a more realistic product that's only advertised for 'large enterprise', i.e. it's part of a big company IT strategy and presumably they're eyeing up Windows Mobile as the main vulnerability here - the only reference to anything Symbian is a 'lose 100 pts for credibility' mention of CommWarrior, one of the oldest trojans for old Series 60 devices.
Speak up!
I wish Symbian would speak up more on this. They go to extreme lengths to break application compatibility in the cause of a new OS that's impregnable and then sit back and watch licensees actively promote unnecessary utility software that claims to defend against a threat that doesn't exist and merely damages performance.
Steve Litchfield, 5th Feb 2008
Addendums
PS. I should sound a small note of caution as a rider to the above dismissal of malware: there's a current craze in the uber-geek world (you know who you are) for 'unsigned' utilities, powerful little brutes of applications that you have to digitally sign yourself. The process isn't trivial (although we do like to help) and the signing process has to be done explicitly for every individual handset (different IMEI), but - and it's a very little but - it's possible that a future unsigned 'power utility' could in reality be a 'trojan', a malicious app that does nasty things to your data. Essentially, you'd be saying yes, I'm going through lots of effort to install this on this particular device and grant it full access to anything it wants, knowing that the application might do harm instead of good. Partly as a result of this, and because of the barriers to installation, AllAboutSymbian's policy is to give this unsigned scene a cautious berth. If you're a know-it-all-bleeding-edge geek then go right ahead, but lesser mortals should wait for applications to be properly checked and signed.
PPS. Note that I haven't dignified any of the anti-virus companies with hyperlinks - I'd hate for them to derive extra Google rank and prominence from this AAS article decrying their products.