NEWS ANALYSIS: Do we need mobile security software?

AVG has released security software for mobile phones. Patrick Gray analyses if this class of software is a gimmick or a useful tool!

AVG Internet and security software has published a mobile security suite Beta, for the Symbian operating system, which is freely available from its website.

We've heard a lot of talk about mobile security in recent months.

Indeed, Microsoft's General Manager of Product Security, George Stathakopoulos, told the state of mobile security now is similar to that of Internet Explorer in the late 90s -- the avalange of bugs and attacks is coming. (Story here, podcast here.)

However, Stathakopoulos rightly pointed out that improving the security of mobile devices should be easier than locking down IE in 1999; security is an established discipline these days, not a dark art.

But where are these attacks? What are these new threats?

In a time where banks are moving to two-factor authentication solutions to stem the flood of phishing and Trojan-based attacks designed to steal login credentials, the assumption these days is that the client is always compromised. The same logic will surely apply to mobile solutions like Symbian and Windows Mobile. So why do we need these new wares?

Here's a story for you to explain why. About two or three years ago I was engaged to consult to a small start up company which was developing a firewall and security suite for Symbian. Their approach was a sensible one - if any piece of software wanted to access a function on the phone - to call out or access the Internet, for example, it would seek the user's permission.

That's not a bad idea, considering some games available for Symbian would immediately start texting premium numbers in the background while the user played. That 'badware' wasn't technically illegal, because the game software EULA told the user they'd be billed several dollars every time they loaded the code.

But a warning popping up saying "your space invaders game is trying to send a text message to a premium number" would surely have rattled the end user, as would a warning that said code was trying to access the internet via a 3G or GPRS connection.

Sure, there's obviously an element of marketing behind vendors' rush into the mobile security market. Companies releasing mobile security software are seen as ahead of the times, ahead of the threats. But that's not necessarily a bad thing - it means that when the threats do materialise, we'll have the tools to deal with it.

Check out the beta here.

Read more on Endpoint security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.