Malware

Small devices make big security holes

Sun, 25 Feb 2007 19:01:38 -0500

Just because your mobile device uses a different operating system than your database server doesn't mean that malware and attacks can't move from your handheld to your server. As the number of highly mobile devices has grown, the attacks through those devices have kept pace. Software protection suites for smart phones, PDAs and other mobile wireless devices are now available and should be deployed on every corporate device. File encryption (for every file on the device) and user training for safe use and physical security are additional measures that should be a part of the total corporate security plan.

For more on protecting your wireless devices:
- read the article at ComputerWorld

Editor's Corner

Sun, 04 Feb 2007 19:01:39 -0500

Signs of Maturity?
Anyone who has kids (or who has been a kid) knows that growing up can be fun, but it's almost never easy. We get to see both sides of the maturity curve this week. Demo 07, the conference where companies pitch their newest products, had a heavy wireless contingent with a lot of companies eager to bring new products and services to the most portable platforms. That's great news. At the same time, we're beginning to see a market emerging in which customers demand high speed and great services, rather than the simple existence of a capability. That's still great, but makes life harder for you when you have to choose partners. Finally, the malware horde of Trojans, worms and viruses is beginning to invade the wireless world in a more serious way, and the anti-virus companies are noticing. It's a product category that you'd love not to need. Put them all together, though, and the signs are clear that wireless platforms are becoming more important as enterprise tools, and that's ultimately a very good thing for all of us. -Curtis

Protect the mobile platforms

Sun, 04 Feb 2007 19:01:38 -0500

This week at the RSA Conference in San Francisco, Kaspersky Labs will introduce anti-virus protection for Windows Mobile and Symbian platforms. The protection software will include a signature database resident on the mobile device and both whitelist and blacklist capabilities for SMS. While smartphone users have not yet been overrun with malware, Kaspersky Labs CEO Eugene Kaspersky says that it's only a matter of time before lowering costs and rising capabilities meet to dramatically increase the number of smartphone users and their attractiveness to hackers.

For more on Kaspersky's mobile A/V protection:
- read the article at TechWorld.com

The lowdown on impending mobile device malware

Sun, 15 Oct 2006 20:01:36 -0400

It's been heralded as a future risk, but actual malware has begun hitting the mobile user environment, especially in Japan and Europe. There's still plenty of time to put some security in place and learn what you can about the hackers' strategies and current worm or virus approach. This article at CSO takes a good look at current mobile phone malware and the malicious intentions behind the hacking strategy. Article

Editor's Corner

Sun, 20 Aug 2006 20:01:40 -0400

There were several encouraging news items this week about mobile devices and advancement on the open source technology front. Given Linux's stability and tougher security shell, open source could be the perfect panacea for what's plaguing wireless technologies today--inconsistent service and the impending security threat, as malware writers and hackers increasingly start to turn their attention towards mobile devices. As this NetworkWorld article details, Linux is slowly but surely making its way onto a stage that's currently dominated by vendors like Symbian and Microsoft. It's only going to gain a greater presence as more groups like Open Source Development Labs and Linux Phone Standards work together to build common specs for Linux-based mobile devices.

How to make sure wireless devices don't endanger the network

Sun, 16 Apr 2006 20:01:38 -0400

There's no going back when it comes to cell phones. Everyone seems to have one, and they use them at work more and more. The headache for IT leaders is making sure that cell phones don't bog down corporate networking environments, weaken network security or worsen the burgeoning malware problem that's coming to the wireless device environment.

The first step is strong and consistent user education. Mobile device users have to learn why that handy gadget presents a network issue and how it could put valuable corporate data at risk. On the IT side, it's important to establish an inventory of what's on the network today and what's coming on tomorrow. Then it's time to establish a specific mobile and wireless device user policy, detailing what's allowed, what's not and what happens to those who violate policy. In order to give them the mobility and functionality they need, users need to understand today's wireless connectivity risks and how their actions play an important role in protecting critical data. Article | Report

Editor's Corner

Mon, 20 Feb 2006 19:01:40 -0500

There's an interesting article in today's New York Times on how mobile devices have overtaken the corporate enterprise and what some tech leaders have decided to do to get good security in place. The propagation of handhelds and other mobile tools reminds me of the last wave of technology ushered in primarily by users--the introduction of instant messaging (IM). And just like with IM, it's taken increasing coverage and hype of real security issues to prompt many enterprises into taking control of the situation.

The big difference is that securing IM cost hardly anything; it was more about standardization on a platform and pushing out lots of user education on why you can't send files via IM unless it's secured and how dangerous it can be to click through or hit links you aren't absolutely sure are legit. With mobile devices, the security issues are quadrupled thanks to unsecured WiFi access points being used, reams of confidential data being housed and accessed through the devices, and the increasing vulnerabilities of malware coming through the IM channel.

As one IT leader explains, the first step is rolling out company mobile technology and getting rid of the devices users have bought and brought in. Then it's time to make sure everything is battened down while explaining in good training what users can and cannot do. As corporate IT folks note, if done right, the rewards can be tremendous for both the worker and the company. - Judy

Editor's Corner

Sun, 12 Feb 2006 19:01:40 -0500

Over in the world of PC spyware, virus attacks and malware, there's a continuing issue of getting one name tacked to each virus instead of today's typical half dozen. The latest threat had more than five names given by security vendors and experts: Blackmal, Nyxem-D and -E, MyWife.D and VB.NEI Set. It's frustrating and difficult to keep track of what's what, and while there are some good efforts being made to figure out a good solution, the work needs to be stepped up in light of the mobile virus threats that are clearly on the horizon. - Judy

How to prepare for mobile malware

Sun, 18 Dec 2005 19:01:38 -0500

There have been some early headlines about malware (spam, Trojans and viruses) being aimed at the mobile user base, but the problem isn't anywhere near what desktop threat levels are. Thus, technologies to detect and defend mobile devices haven't experienced much growth or excitement. Right now the Symbian OS seems to be the No. 1 malware target, with just a few viruses being thrown at the Windows Mobile OS. But that trend is very likely to change as malware writers and criminal enterprises begin realizing the potential value in attacking mobile device user information. As experts explain, the best time to get a good security effort in place is before threats begin bombarding wireless networks and devices. As one security guru notes, mobile devices are the weakest link when it comes to network security architecture.

Fighting mobile malware requires planning, investigation of early tools coming to market and realizing how great a role the mobile device user plays in keeping data and networks safe. That means developing and enforcing user policies about downloading and network access. If your enterprise mobility use is growing each day, it's time to get a security plan in place before anything bad happens. It's likely one of the few opportunities IT has today to be proactive when it comes to security. Article