Some 65 million years ago dinosaurs ruled the Earth. Scientists believe a meteorite crashed into the Atlantic causing a climatic change of cataclysmic proportions. Plants stopped growing, the dinosaurs died, and man crawled out of the primeval sludge to eventually invent Windows CE.

Today, scientists tell us that meteorites might hit the earth again. They note that this time, unless we're very careful, mankind will go the same way as the brontosaurus.

So, what are you doing about it? When you step out of your office and into the street, do you look upwards into the sky for falling asteroids? Or do you look left-and-right for oncoming traffic?

I think most sensible people watch out for the everyday threats they are most likely to encounter, rather than fear predicted occurrences that may never surface. Indeed, the danger of looking out for meteorites is that you may get run over by a taxicab.

Do Cell Phone Risks Exist?

What has all this got to do with viruses? There has been much discussion recently about the potential vulnerabilities of new technologies, such as WAP cell phones and palmtop computers. Concern has focused on whether or not these devices can be infected by viruses. Judging by the volume of press releases coming from some anti-virus vendors on these subjects, you would imagine mobile devices are at great threat of attack.

The fact is, to date, there is no virus that infects cell phones, despite the hysterical press releases, media stories and hoaxes stating the contrary. What have been seen are viruses that are capable of sending text (SMS) messages to cell phones. For instance, VBS/Timo-A is an email-aware worm that can send text messages to phones. Another infamous virus, the LoveBug, is capable of forwarding its code to fax machines and cell phones via Microsoft Outlook. Of course, neither of these viruses causes any harm to the mobile devices and both are incapable of spreading further.

A growth area for mobile communications is in wireless application protocol (WAP). WAP is based on the same model as web communications in that a central server delivers code, which is run by a browser installed on the phone or organizer. It's important to note, though, that there is nowhere on current WAP devices where a virus can harbor itself. Unlike a PC, a WAP phone is not able to store the applications it uses.

Also, there is no way a virus would be able to spread to other WAP users. Current WAP-enabled cell phones do not allow for communication between 'client' phones. Simply put, code passes from the phone company's server down to your phone, but not vice versa or from one phone to another.

The bottom line in this case is that cell phones and WAP-enabled devices are simply not sophisticated enough to be infected at the present time. However, consumer demand for increased functionality often means that manufacturers are keen to develop the technology required to meet user requirements. As these devices become more complex, the opportunities for viruses to infect them may also rise.

PDAs Pose Problems?

What about palmtop computers and personal digital assistants (PDAs) - can they be infected by computer viruses?

PDAs run specially written scaled-down operating systems, such as EPOC, PalmOS and PocketPC. They are often connected to home or office PCs to synchronize the data on the two machines. This presents an opportunity for viruses to spread onto them.

Yet, no viruses currently exist for the PocketPC and EPOC operating systems, although there is no technical reason why they could not be written. There is a virus called Palm/Phage which is able to infect Palm OS, but it is not in the wild and poses little threat. Nonetheless, it is sensible to keep backups of any Palm applications and data.

There is also a trojan horse known as Palm/Liberty-A, which is able to infect the Palm OS. It deletes Palm OS applications and was distributed in the 'warez' community. Like Phage, it is low risk and you are unlikely to ever encounter it.

Viruses Make a Bid for Bluetooth?

Bluetooth is a standard for low-power radio data communication over very short distances. Computers, mobiles, fax machines and even domestic appliances, like video recorders, can use Bluetooth to discover what services are provided by other nearby devices and to establish transparent links with them.

Software that utilizes Bluetooth is currently emerging. Sun's Jini technology allows devices to form connections, exchange Java code automatically and give remote control of services. The worry is that an unauthorized user, or malicious code, could exploit Bluetooth to interfere with these services.

However, Bluetooth and Jini are designed to ensure that only trusted code from known sources can carry out sensitive operations. This means that it is highly unlikely for a virus outbreak to occur.

What's to Happen?

Inevitably, the evolution of mobile and PDA technology will bring with it the development of further security. The issue here is where you implement anti-virus measures.

The most efficient way to protect mobile devices is to check data when you transfer it to or from the device. For cell phones, the WAP gateway would be a good place to install virus protection. All communications pass through this gateway, providing an ideal opportunity for virus scanning.

As cell phones become increasingly interconnected, it will be difficult to police data transfer at a central point. Then, the solution will be to put anti-virus software on individual phones - that is, once they have sufficient processing power and memory.

In the case of PDAs, anti-virus software could be used during data synchronization with a conventional PC, but again, there will be an increasing requirement for anti-virus on the PDA itself.

It is easy to get carried away with the potential virus threat. However, much of the hype is unsubstantiated and based on mere speculation. There have been some ludicrous suggestions about viruses. At the moment mobile devices are just not sophisticated enough to allow widespread virus infection. A virus is limited by the functionality of the platform it infects.

The current trend seems to be for people to worry about the potential threats of tomorrow, which may never come to fruition, as opposed to the real risks of today. The best advice to follow is to remain alert to what the dangers are right here, right now and to protect against them. While you're concerning yourself about the future, you could be missing what's right under your nose.

Graham Cluley is head of corporate communications for Sophos Anti-Virus (www.sophos.com)

SC On-Line
SC Magazine
www.scmagazine.com