Hanging Up on Mobile AV

It's good to see security vendors getting out in front of a problem. At this point, however, Symantec and McAfee are too far ahead. Of the several hundred known mobile malware threats in the wild, most target the Symbian operating system, which isn't in wide use here in the U.S. That fact alone means the great majority of mobile phone users in North America don't need to shell out yet another $30 to an AV vendor.

That said, mobile devices are becoming an increasingly popular platform for Web browsing and mobile banking. Such activities will inevitably attract the attention of criminals looking to hijack phones through downloaded exploits and skim money from bank accounts. And once profit-minded criminals begin attacking Windows Mobile and other OSs popular in North America, AV and anti-spam software will be about as effective on mobile phones as they've been on consumer PCs.

AV software has always been a step behind the exploit du jour. There's no reason it will be any different on mobile platforms. So what to do? Enterprises that issue mobile phones to their employees will have to include security software, regardless of its efficacy, because it's a best practice, and will probably be a compliance mandate. So Symantec and McAfee will get their pound of flesh. Consumers would be better advised to save their money and use common sense: don't accept Bluetooth connections from unknown devices, don't enter sensitive data on unknown or untrusted sites, and be careful what you download.

If mobile malware and crimeware really begin to plauge the U.S., the carriers will likely step in and make security features such as Web site filtering and mobile phone malware scanning an added service. Given their customer volumes, they should be able to offer competitive pricing against individual software products. And from an end user perspective, I'd rather have the malware sifted out in the cloud than try and block it on the device.In the end, mobile phone users will have to pay someone. The question is whether it will be a criminal or a corporation.