Thursday, July 15, 2010

Smartphones: Twice As Infected With Malware As Windows PCs?

Viruses, trojans, spyware - just a PC problem, right? Not according to the SANS Institute.

The cyber-security think-tank and training school discovered in an informal poll an 18% malware infection rate on its members’ devices.

The rate could easily be higher. The 18% figure came from the small percentage of respondents (15%) actually looking for malware. That means 85% of respondents bought into the common belief about smartphones being less vulnerable than PCs and had no malware protection running at all. That’s scary because as SANS readers, they are probably more security-conscious than the average. Meaning that the general population is probably more careless about mobile security than this demographic — and more likely to be infected.

(Note: SANS asked members not to report fairly benign items such as cookies as malware.)

In fact, according to Infoworld, smartphones may be infected at twice the rate of Windows PCs today (7-10%, according to Microsoft).

The figures are probably startling to most of us. My BlackBerries and iPhone 3GS have occasionally crashed or suffered a mysterious malfunction. But I never chalked it up to malware.

On the other hand, consider that smartphones are as powerful in absolute terms as many 6-7 year old laptops. They run fast operating systems, they surf the Web, they run Adobe Flash, they run apps, especially jailbroken ones.

Anecdotal reports of smartphone infections were already trickling in. The SANS figures add some scary statistical meat to them.

Personal users can install one of the many free anti-malware apps that abound. But enterprise IT managers should consider higher-grade tools such as SMobile.

Or deploy SMobile as part of a larger device management and security platform, for easier administration. Sybase’s Afaria has included SMobile’s anti-virus and firewall softwareas part of its overall mobile device management suite for the past two years.

With so much crucial business data residing on these increasingly-powerful devices (superphones, anyone?) it seems like it would be better to be safe than sorry.

No comments: