A look at mobile malware shows it may prove less of an immediate threat than many fear.
As the process cannot be automated from end-to-end, social engineering is still an essential component of the mobile virus, and it is this factor preventing an explosion in the spread of mobile malware.
The arms race seen in recent years between virus creators and security providers is largely due to the fact that common ground exists across much of IT. For example, in the past, older versions of Microsoft Windows provided many opportunities for exploitation, so an exploit would target an enormous number of potential users. In the computing world this is changing as vendors across the board gradually learn from their mistakes and raise their game.
This common ground simply does not exist in the mobile arena, making it much more difficult to imagine the rapid spread of a genuinely dangerous virus. Although specific systems can be attacked and brought down, as proven by Commwarrior’s manipulation of Symbian functionality, this is far from being the automated, zero-day onslaught feared in the wider IT world.
Does all of this mean that we should dismiss the potential risk of mobile viruses? Of course not. But, by the same token, the level of threat is so much lower than that we are accustomed to that we need to behave with a modicum of common sense. At this stage, the best defense in the world is an educated and moderately suspicious user who refuses to cooperate with social engineering – and that need not commit the organization to the deployment of expensive new security options that are simply not needed yet.
There is a strong argument to be made that we all dropped the ball with regard to security over the last few years, and that we are paying the price for this now. However, it would be just as great a mistake to overcompensate for this by going in the opposite direction with mobile security and trying to deploy it before it is needed.
Source: OpinionWire by Butler Group (www.butlergroup.com)