Mobile Phone (Cell Phone) Security Tips

Just as it’s too late to lock the barn if your horse has already run off, it’s too late to think about security if you’re already under attack. Fortunately, it is not too late to secure your mobile data, and protecting your Windows Mobile powered devices is not difficult.

So far, cell phone viruses haven’t been much of a threat. The vast majority of viruses don’t do any damage at all; they simply aim to prove that such threats can exist and spread. The first Windows Mobile virus, Duts, simply asked the device owner for permission to spread. Another, a backdoor named Brador, could give attackers access to the files on the device, though it wasn’t much of a threat in practice. In February, the first crossover virus, aptly named Cxover, appeared. Cxover was designed to leap from infecting a PC to infecting, and then destroying documents, on a Windows Mobile device. While it could do serious damage, it hasn’t really spread.

Gartner, McAfee, F-Secure, Kaspersky Lab, and other security experts predict there will be more—and more serious—attacks over the next year or two. In addition, the newer blended threats—a virus or worm riding on spyware—and browser-based attacks make it more difficult to mount a defense. There are several ways mobile viruses can spread. They could be transmitted via Bluetooth, IR beaming, SMS text messaging, malicious Web sites, and e-mail attachments. According to Gartner research, 30% of cell phone users in the U.S. receive e-mail attachments. As this percentage increases, it will become a more attractive target for writers of malware.

Who should build the defenses?

We don’t need to panic, but we do need to be prepared. Theoretically, defenses built into the network layer are the most effective system of protection. Ideally, sophisticated network tools could detect anomalies in traffic and take action even before antivirus vendors can react to a new threat. We’ve learned that lesson in the evolution of improving desktop security. However, according to a Forrester survey, only 9% of the North American organizations surveyed actively track or manage PDAs in their organization. In addition, wireless providers disagree as to whether or not they should invest in antivirus protection at their cell network level.

It’s interesting to note that in Japan, which has approximately five times the devices in play per capita as in the U.S., McAfee's security software comes preloaded on some cell phones. Until network defenses are up to the task, it’s up to us to use antivirus software and take other steps to protect our devices and our data. Whether you are ready for antivirus software depends on your organizations' policies and protection-in-place, your usage patterns, and your willingness to take a few extra steps to improve security. (You should always check with your IT department before you install software on your own, however.)

What features should you look for?

Most of the features to look for in selecting a mobile antivirus solution are the same ones you're familiar with in choosing one for your PC:

Support for your deviceYou have to check that any software supports the operating system and device you want to protect. For instance, most antivirus vendors are updating their products to cover Windows Mobile 5.0—but, be sure to verify before you buy.

Easy-to-useIf it isn't easy, let's be honest, you're not going to do it. Not only must the installation be easy and foolproof; but the interface I use day-to-day needs to be clear and useful.

Automatic, over-the-air (OTA) updates
Antivirus vendors constantly update their products to recognize new threats, and over-the-air is the best way to deliver those updates. If you have to wait until you synchronize to receive updates, you could be going outside wearing yesterday's virus protection.

Real-time virus scanning
This may slow your device a little, but this is the best form of protection. Antivirus software should examine all attachments for viruses.

Intrusion detection
When you set up a Windows Mobile 5.0 device, you'll find that Bluetooth and Wi-Fi are "OFF" by default. If you have an earlier version of Windows Mobile operating system, check the Help files on your device or contact your device provider for instructions on how to turn off these services. In either case, read about how to activate them safely. Then, it isn't as crucial to have intrusion detection.


Post a Comment