Increased standardisation across mobile devices will make it easier for miscreants to write malicious code, a Gartner analyst has warned - but the familiar prediction overlooks a bigger threat. The warning makes for a repeat of a long-standing anti-virus industry prediction that has yet to come to fruition. Meanwhile, the risks …
well it is always true isn't it.
If you standardise you increase the security risk potential.
That is why bespoke software has a better chance of remaining secure, not because it has fewer flaws, but more because it is less understood.
Don't see too many viruses for plan9 or the Sinclair QL now do you :)
actually any AV software out there for Windows Mobile Phones??????
when can we expect the first ebook reader virus warning?
@ Anon John
Man, screw the ebooks, the real market is infecting OLED devices with organic viruses. Would you like some HIV with your OLED? Oh, yes please.
Cue the end of the world!
... the smartphone software manufacturers are, of course, ensuring that their code is robust and doesn't contain blatant vulnerabilities like, say, the stack-overflow error which any competent programmer would have ensured wasn't possible in the first place...?
Jaded years ago
"Perhaps we've got a bit jaded from listening to at least ten years of predictions that mobile malware was going to be a multi-million pound problem next year or the year after."
We got jaded years ago, thanks to wolf-criers like yourself, Dan Goodin and Kelly Martin. Martin at least grew a clue since 2006, and you've toned down considerably, writing more thoughtful commentary such as this. You'll be hard-pressed to undo the damage, though.
"If you standardise you increase the security risk potential."
Martin claimed that, "Mobile phones are becoming a vector of attack," in 2005. Java was ten years old by 2005, and it was present in many mobile devices. Yet we haven't seen a Java virus. We haven't even seen an exploit in Open Wave's Mobile Browser, which inhabited more handsets than Java did.
Standardization itself hasn't increased the risk. The only thing standardization seems to have done is allowed Symantec to release an anti-virus product for mobile devices. Great. Nothing like wasting paid G / 3G bandwidth on anti-virus updates. Talk about a solution in search of a problem, and talk about being jaded against standards.
Why do Gartner publish this stuff?
Their business, as I understand it, is to take vast sums of money in exchange for expert analysis. Presumably they do these "free" reports as some form of advertising, but over the last decade I can't think of a single freebie report published by these guys that didn't make me think it was the product of a technically illiterate moron. I now take it as read that anything coming from Gartner is probably wrong (*) and companies that commission work from them clearly have clueless management.
(* Sometimes they get stuff right, like "Windows sells well" or "CPUs will be faster next year". You'd need *real* talent to be wrong all the time.)
Where's the payback for the hacker? PCs on broadband can be useful to send spam or participate in DDOS attacks - mobile devices don't have the storage or bandwidth for this.
It would be quite easy to have a phone contact premium rate lines but then it would be easy to track the money.
One area of interest is that of corporate VPNs - not many people have been doing this from mobiles so far but Blackberry's offer some possibilities.
only one virus worth writting for the mobile device
an auto dial for premium rate numbers,
trouble is that the paper trail is to prevalent for it to get off very well.
Maybe there is a raisin
You could hack a phone and use it to store something for later. Why is the question, though. Maybe you want to spread your malware without tripping its real function - I suppose you could keep that on some schmuck's phone to erase the trail. A useful vector if your virus gets into the provider's network. However, there's a high risk of the phone being replaced.