Doomsday scenarios regarding PDA and wireless viruses have been circulating since 2000, when the first PDA-specific virus, Phage 1.0, surfaced. 2001 was to be the year of the wireless virus, according to both IDC and Gartner. Four years later, the soothsayers are back, proclaiming the dangers of these airborne attacks. Should we listen this time?

Last year, two new worms surfaced--skulls.a and cabir.a--that had a far greater impact on the popular psyche than on systems. Cabir.a was clearly devised as a proof of concept. The worm's only danger was that it dramatically reduced battery life for Bluetooth devices. Why were these harmless viruses being trumpeted as signs of a forthcoming mobile Armageddon?

It turns out certain Bluetooth smartphones can be hijacked so the attacker controls the device and, unbeknownst to the user, can dial a third party. This attack can turn a smart phone into a remote bug, broadcasting conversations from an unsuspecting user's pocket. And in August 2004, a team at Flexilis, a wireless research and development company, created a device called the bluesnarf rifle, which could target Bluetooth smartphones from more than a mile away.

That said, the malware to come is likely to be more annoying than crippling. A real doomsday scenario would require an elegantly written virus capable of using carrier networks to propagate itself across multiple platforms, disabling smart phones and infecting corporate networks along its vicious path. It would be the Kaiser Soze of viruses.

We've been waiting for years for a virus to display signs of inspired intelligence. Could such a virus appear in the nascent world of wireless devices?

Yes. Sure, you might say virus writers still get more bang out of attacking Microsoft OS vulnerabilities. But you can't discount the geek appeal. Being the first malcontent coder to scribe a successful wireless worm could win you acclaim in certain circles. Criminals and terrorists can't be discounted, either.

There are a couple of ways to protect yourself and your network. All the major antivirus manufacturers offer antivirus products for wireless devices. Trend Micro is offering a free download to protect Microsoft's Windows Mobile 2003, Symbian OS 7.0 with UIQ 2.0/2.1 OSs until June. After that, the vendor anticipates that virus protection will be commonly available as a managed service by most wireless carriers.

Likewise, F-Secure has introduced a suite of smart-phone security-management software: F-Secure FileCrypto, F-Secure SSH, and F-Secure Anti-Virus. In October 2004, F-Secure partnered with Elisa, a Finnish wireless operator, to launch a managed antivirus subscription service. Elisa smart-phone users can download the antivirus client to their phone for a free one-month trial. (See "Prescient PDA Protection,", in the latest issue of Secure Enterprise, for more on safeguarding data on mobile devices.)

Until managed antivirus services are widely available in the United States, security officers should work to standardize the smart-phone adoption in their environments. This will save some headaches down the road when it comes to patching and managing antivirus programs and enforcing policy.

However, rushing to purchase the latest security technology may be self-defeating in the long run. Eager adoption of the "break and fix" model further supports the already broken paradigm we've come to know and hate with the PC. Are we really prepared to start downloading gigs of antivirus signatures to our phones? There has to be a better way. Perhaps it's time manufacturers bake security in from the get-go. If consumers reward progressive manufacturers with their purchasing loyalty, we could be on our way to a worry-less wireless world.