Protecting the smartphone from malware

Despite the increasing sophistication of smartphones and other mobile devices, viruses and malware don’t plague the wireless industry the way they do the personal and business computing worlds. But computer protection software giant Symantec has decided to dive into the smartphone space regardless, in anticipation of future security threats and to stake a claim in the growing applications market.

Symantec (NASDAQ:SYMC) today announced the launch of Norton Everywhere a suite of services and applications targeting Android and Apple iPhone devices as well the growing number of non-PC devices connected to the Internet via Wi-Fi and home networks. The most familiar service in that suite is a mobile version of its Norton Antivirus software, initially for Android phones only, which identifies malicious applications and software before they’re downloaded and installed onto a device. It will also scan applications already installed on a device to see if they are doing anything suspicious, such as accessing phone logs and phone books and relaying that information across the network, and warn users about just what their apps are doing.

Norton Mobile will be available as a Beta application in June, and while Symantec is investigating optimizing the security solution for other platforms, it felt Android was the best place to start. Unlike the iPhone, which uses a closed application distribution model driven by Apple’s App Store, Android software can come from anywhere — the Web, third-party app stores, even embedded in an e-mail, said Dan Nadir, director of product management for Symantec.

“Android is more open than other platforms,” Nadir said. “There’s more potential for something to go wrong.” Because smartphone malware is still relatively new, Norton has taken a more active stance in identifying threats, scanning Android Market, third-party app store software and any Android app it can find on the Web for malicious code, Nadir said. It then uses that info to compile a “black list” of apps, which it pushes to each device. Whenever a user tries to download one of those apps, Norton blocks it or issues a warning.

Smartphones today come with little or no protection against network threats, but consumers have little understanding about how exposed their devices are. Smartphones are able to do many of the functions a PC can, from accessing bank accounts to trading stocks, plus they keep information a PC wouldn’t have: records of phone calls and precise location and presence information. The awareness of the wireless network threat, however, has been muted by the fact there have been relatively few high-profile instances of viruses or data theft from smartphones.

Nadir said Symantec believes those threats will increase as open devices like Android phones become prevalent, but in order to seed the marketplace it is coupling its malware protection software with other security and backup applications. “No one perceives that there is yet a threat, so we looked at other things people might find useful.” Nadir said.

Norton Mobile software includes a call-blocking application and a service that allows customers to access from the iPhone and Android devices any files stored in Norton’s Online Backup and Norton 360 cloud storage services. Called Norton Connect, the service allows customers to download files directly to the device or share them with others by creating network e-mails with secure links to the files. Symantec is also providing a remote security solution, which will wipe or lock a smartphone if it is lost or stolen.

Norton Everywhere isn’t just addressing the smartphone. It’s launching its own set of domain name system (DNS) registries as an alternative to those supplied by an ISP. Apart from supplying the basic switchboard functions of the DNS service, Symantec is overlaying its own security measures, identifying DNS entries with known phishing, malware and spyware code. A customer could implement the DNS service on his home network, which would reset the DNS settings on the home router, extending the security features to every device behind that router, whether it is a Wi-Fi-connected phone, a laptop or a home gaming console.

Lastly, Symantec is partnering with Mocana to license a security framework to smart device manufactures, which would allow them to embed differing levels of security software directly into devices that connect to a network.