As workforces grow increasingly dependent on smartphones, mobile threats warrant serious consideration. As discussed last month, mobile malware barriers are falling fast, at precisely the time
Mobilizing your malware defenses
Conventional Win32 malware defenses are commonly deployed on the assets they protect: PCs. Antivirus scanners, host intrusion detection programs, personal firewalls, and email spam filters are all designed to stop viruses, worms, trojans and spyware that prey upon desktops and laptops. These "on device" defenses are generally accepted security best practices, widely used by both businesses and individuals.
Early mobile malware defenses started down this familiar path. Antivirus scanners emerged for PDAs well before Symbian Cabir grabbed headlines back in 2004. But some of those products were just too early and were discontinued before mobiles were widely used, when "proof of concept" malware lacked the teeth to pose real risk.
Today, mobile antivirus scanners are experiencing a market rebound, stimulated by smartphone sales -- especially to businesses. Mobile antivirus products are now available from popular Win32 antivirus vendors (e.g., F-Secure, McAfee, Symantec, Trend Micro, Sophos) and "mobile specialists" like SMobile and Airscanner. Mobile antivirus scanners are even available for iPhone and BlackBerry handhelds.
Mobile antivirus scanners are not just Win32 programs, ported to mobile operating systems, however. Mobile scanners must employ different signatures and behavioral analysis rules to detect malware written for each mobile OS and (sometimes) device model -- Symbian Series 60 second edition, for example. They must also understand the vulnerabilities inherent in each operating and file system, and adapt to mobile platform limitations.
For example, periodic background scans (as opposed to real-time virus detection) may be used to conserve battery life. Or files may be scanned only upon arrival over Bluetooth, Wi-Fi or 3G wireless. Signature updates must be performed over the different kinds of interfaces available on smartphones, such as SMS, MMS, ActiveSync or OMA DM. These are just a few attributes to consider when choosing a mobile antivirus scanner.
Most desktop antivirus products have now morphed into multi-function endpoint security suites. A similar evolution is under way in the mobile malware world.
For example, the most popular mobile applications are messaging (email, SMS, MMS), and most malware is conveyed by unsolicited messages. Anti-spam and SMS/MMS blocking utilities can therefore go a long way toward thwarting mobile malware.
Similarly, many contemporary mobile malware programs are trojans, downloaded and/or activated by (naïve) users. Application blacklist/whitelist policy enforcement programs can help prevent users from making such mistakes, while checking digital signatures issued to legitimate software vendors by certification programs like Symbian Signed, Microsoft's Mobile2Market, or RIM's Controlled APIs for BlackBerry.
Although most desktop operating systems include basic personal firewall capabilities, mobile operating systems still do not. But many smartphones are now connected full-time to the Internet over high-speed wireless connections like EV-DO and HSDPA. Mobile firewalls can help block malicious traffic -- inbound and outbound -- to prevent mobile worm propagation (e.g., Beselo) and spyware back-channels (e.g., Flexispy).
Security suites that combine most or all of these defenses are now available for just about every mobile operating system. Examples include SMobile Security Shield, McAfee Mobile Security, Symantec Mobile Security, F-Secure Mobile Security, and Airscanner Mobile Security Bundle (spotting a trend yet?).
Managing mobile security
Individuals and small businesses can deploy mobile malware defenses directly onto their own smartphones and PDAs. Many on-device mobile security products are sold as shrink-wrapped software or downloadable installers that require little or no configuration. They are also supplied by carriers as downloads and along with new smartphones.
Larger enterprises may want to provision and maintain mobile antivirus, anti-spam, intrusion detection, and/or firewall measures as part of a centrally managed mobile security solution. In that case, malware defenses can play a role in a bigger picture that includes mobile device activation, authentication, access control, encryption, activity monitoring, and backup/restore. For example, Sybase iAnywhere includes a security manager that can be used to deploy authentication, encryption, antivirus, and/or firewall defenses to a fleet of corporate mobile devices.
These on-device defenses may be relatively new products, designed for contemporary mobile operating systems, but they really extend traditional desktop security best practices into the mobile workforce. This is not only possible, but absolutely necessary, for certain security measures -- on-device encryption is a perfect example.
Some defenses could also be applied "in the cloud," however, to protect corporate networks, applications and data assets from mobile malware threats. We'll discuss those complementary approaches next month, in Part 3 of this series.
About the author: Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding the use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about a wide range of technologies, from wireless/mobile security and intrusion prevention to virtual private networking and network access control. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
This was first published in August 2008