Get ready for a new breed of virus

John Jerney Special to The Daily Yomiuri

Nearly a hundred years ago, early adopters of a new device called the telephone had more than quick and convenient communication on their mind. As amazing as it sounds, a good number were afraid of catching a cold or acquiring some other type of bug.

Reasonable minds were rightfully concerned about the spread of germs from the early public phone handsets (even the two piece kind). But there was also a sizable scare about the possibility of germs being transmitted over the wires.

Such a thing is impossible of course. But the idea of viruses spreading from phone to phone is back, and so is the paranoia. With the lightning growth in use of smart, and almost smart, cellular phones around the world, the threat of communication viruses has become a real concern.

Why would a clever cracker target smart cell phones? There are three primary reasons. First, smart cellular phones generally contain processors fast and powerful enough to execute complex programs. Second, cellular phones are all about communication, and there's nothing a virus likes more than moving from machine to machine.

Finally, smart cellular phones are becoming popular enough that any virus capable of spreading widely could potentially gain its author incredible notoriety, especially if the virus uses a particularly sneaky way to propagate.

Many smart cellular phones also feature both e-mail and Web access, in addition to being able to send and receive short data messages. This makes them ideal targets for trouble.

And there's more. Smart cellular phones are new enough that they often illicit little more than an afterthought when it comes to integrating them into a secure corporate environment. Smart cellular phones that are brought into the mix through personal ownership are even worse--regular consumers are famous for disabling security mechanisms in exchange for convenience.

Smart cellular phone users need to be on the lookout for three major types of infections: viruses, worms and Trojan horses.

Viruses are programs that propagate between systems. Once on a host, viruses often carry out their mischief, and then look for other programs or data files to infect. The cycle is completed when the infected file gets moved to another system.

Viruses can sometimes be very hard to eradicate as they tend to corrupt important files such as those required to boot your system or perform other basic functions.

Worms, on the other hand, are programs that exist only to replicate. Worms typically do not damage the system on which they reside, except when they malfunction. When this happens, worms can cause serious problems by using up valuable resources such as processing power, memory space or network bandwidth.

Finally, Trojan horses are programs that take the identity of another program, thereby fooling the owner into accepting them into a system and running them. For example, Trojan horses usually masquerade themselves as useful utilities. Once inside the system, however, they are free to complete whatever nefarious task they have been designed to execute.

Trojan horses are perhaps the simplest of the three to guard against, especially since they generally don't replicate themselves. However, since they are trusted, they are also typically capable of the wreaking the most damage.

Part of the challenge of designing security into next generation phones is that many are beginning to incorporate some form of programming environment, such as Java or Wscript. Java, a now-familiar technology that draws its origins from the Web, was designed with security in mind and therefore disables access to local resources on the machine making it somewhat safe.

The problem is that users often have to turn off precisely these security safeguards to do useful things, thereby leaving gapping holes while still lulling the user into a false sense of security.

Wscript is another technology beginning to appear on a range of new smart cellular phones. Unfortunately Wscript, which is part of the Wireless Application Protocol, is reportedly even less secure than Java. More interesting still, Wscript offers applications direct access to the user's phone directory as well as the device's telephone capabilities--an ideal environment for a soon-to-be thriving virus.

Antivirus companies are responding to this new challenge by expanding their product lines to serve next generation phones and popular personal digital assistants (PDAs), such as the Palm Pilot. Network Associates, for example, has designed a "micro" engine based on their VirusScan software, specifically suited for wireless devices.

Likewise, Symantec is talking up the issue of protecting your PDA and smart cellular phone while trying to convince phone manufacturers about the importance of including such technology into the device itself.

But how real is the concern? Over the short term, there is little real chance of your smart phone becoming seriously infected, mostly because the points of contact with other devices are still comparatively limited.

However, this is set to change in a big way. As almost everything moves towards becoming "intelligent" and connected, there will be many more potential hosts for viruses, and even more ways for these nasty pieces of code to propagate.

It's not too hard to imagine a time in the not-too-distant future when your wrist watch, digital television, PlayStation, and even your car will be potential breeding grounds for viruses. Facilitated with wireless communication technologies such as Bluetooth, your smart devices may be even more difficult to keep healthy.

Can the idea of practicing only "safe communication" be that far away? Probably not.

(Jerney is president of Volksware, Inc., a Silicon Valley-based publishing, consulting and professional services firm specializing in e-commerce, mobile computing, the Internet and Web publishing. If you have any comments, suggestions or questions about Silicon Valley, please send them along to jerney@volksware.com)

http://www.yomiuri.co.jp/newse/20001226wo63.htm

-- Martin Thompson (mthom1927@aol.com), December 25, 2000