Mobile Malware Will Come, But When?

Mobile phone malware may be farther off than antivirus software makers say, and how far off is up for debate among analysts.

A Gartner report by security analysts John Pescatore and John Girard released yesterday says that despite the warning signals being sent by antivirus companies, mobile phone users don’t really have anything to worry about for two years.

Pescatore and Girard say that’s because three things must happen before the viruses could spread quickly and efficiently enough: widespread adoption of smart phones; wireless messaging to exchange executable files; and the emergence of a dominant mobile phone operating system.

Another Opinion

But not all analysts agree with that outlook.

“I don’t think anybody can look at the data and disagree with Gartner about the current state of phone-borne malware,” Ed Moyle, president, SecurityCurve, told TechNewsWorld. “In terms of the specifics, however, I think Gartner is being overly cautious. I think their general direction is on target, but I think their timeline and current impediments to malware on the phone are unnecessarily pessimistic.”

Moyle said he believes only a dominant OS is necessary for cell phone malware to take hold.

“Gartner’s other two impediments for phone-borne malware, slow smart phone adoption and inability to exchange executable files are not significant impediments to malware authors, in my opinion,” he said.

Longer To Mobilize

But he also believes that it will be about five years before a single mobile phone OS gains at least 50 percent of the market.

“Most malware authors want their software to run on the largest number of machines possible and they factor platform choice into that equation. In the phone world, the best a malware author can hope to target is less than 10 percent of the total phone population, which is not a very appealing target,” he said.

Pescatore and Girard also say that antivirus protection must be built into the network, as client-based software is unlikely to prevent attack. Moyle agrees.

“I think traditional antivirus firms have some challenges to overcome — signature-based scanning is difficult on the mobile platform because of smaller amounts of memory on the platform, less processing ability and difficulty moving large amounts of data required by signature updates,” he said.

While the threat may not be immediate, users should still guard against suspicious messages and investigate new antivirus options as they are released, the analysts said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels