Tech Bitch

Today, pretty much everyone has a mobile phone and there are even those who have two. While some of us are still using traditional mobile handsets to make calls and send text messages, there is a growing percentage of the population that is using more advanced functionality, such as e-mail and payment services.

To all intents and purposes, mobile devices are a far cry from the simple handsets that took off so dramatically during the 1990s, moving from becoming a business tool to something that everyone had and quickly grew to depend on. We now manage our lives - both professional and personal - not only using our computers but increasingly using mobile devices.

When it comes to computers and the Internet, we’ve had more than twenty years to learn about the need to consider security, and in many cases, experience has taught us much about what to look out for. Whether it’s a virus or a phishing scam that has caught us out, we’ve come to realise that our use of technology can make us a target for those who want to make use of our personal machines to either spread their evil malware or attempt to profit from our misfortune.

We saw a similar scenario with mobile phones, albeit not with the volume that we’ve seen on PCs: mobile devices can carry sensitive information as easily as PCs and while malware for mobile platforms has not been on the same scale as for computers, threats have been seen, and as mobile networks are used for more and more purposes, it’s probable that the volume of malware will continue to grow. Therefore, it should be no real surprise a recent survey demonstrated that more than one third of us question the general safety of mobile devices and services.

So what does this really mean for you - for the individual making use of the functionality that your mobile device can offer? In the first instance, you’re by no means immune to the threat of malicious code and more than one in ten (14%) mobile users have already been exposed to mobile virus incidents, whether this is personally or knowing of someone who has been infected. In the old days of simplistic handsets on voice networks, this would be an inconvenience, but today, with mobile messaging and Internet use growing, more information is send and stored using our mobile phones, which - quite simply - means that there is more at risk.

It’s interesting to note that this incident rate, while seemingly small compared to the PC world, is actually eating into users’ confidence, and 80% of mobile users cite virus infection as a legitimate concern. Furthermore, irritation levels are set to soar as mobile spam continues to grow: more than a third (38.6%) of us receives spam on our mobile devices at least once per month. These two points alone make it clear that mobile threats are out there and slowly gaining ground, but become even more serious when it is highlighted that 86% of us are concerned about security risks such as fraudulent billing issues or information theft.

The challenge is how we can respond to such issues, especially as we bought into the whole concept of mobile devices based on them being a phone, with no technical expertise required to operate it. Regardless of that, as handset manufacturers have created more advanced hardware in-line with the services introduced by the network operators, we’ve all got a little bit of technological genius in our pockets and we need to know how to deal with that.

Security software for mobile devices has a lot in common with the programmes we have installed on our PCs at home and at work - it has to be advanced enough to deal with the range of threats we face now and in the future and it has to be kept updated. But where do we get it? We don’t walk into the mobile phone shop on the high street and see boxes of software lined up next to handsets and hands-free kits. With these challenges in mind, it’s worrying, yet not altogether surprising, to learn that 79% of us are knowingly using unprotected devices.

Neither is it shocking to discover that 59% of global mobile phone users feel that mobile operators should be responsible for this and 56% of us think that security features should be pre-installed on the handset … after all, we’ve got used to Internet Service Providers highlighting the value of their security.

Only time will tell if the same approach is taken by network operators but in the meantime, it’s clear that we need to use our mobile devices with some awareness of how much more than a phone they really are and use some common sense to avoid becoming a victim. We know that replying to spam on our PCs will only confirm that our email address is valid and in use, so the same approach should apply on mobile devices.

Furthermore, we know that an e-mail offering us money if we reply with our bank details is not really what it claims to be. Above all, we have learned not to launch attachments and download files in e-mails and we have to take the same cautious approach with messages to our mobile devices.

In the world of information security, a little caution really can go a long way and while there is no substitute for sound security technology, being aware of the threats and knowing what to look out for can help us to deal with the risks we face as we continue to get the most out of the miniature computers call our phones.

Thanks to Greg Day for getting this off his chest

Security boffins at SoftScan whispered into my ears this morning. Instead of sweet nothings they said that spam levels have remained steady, accounting for 96.47% of all e-mail scanned by their infallible servers. What a disappointment!

However, some eagle-eyed white costs noted in the last couple of weeks subtle changes to the delivery and format of ‘bulk mail’ spam, which may indicate that spam levels will increase once again in the near future.

The change is in messages sent out in vast quantities apparently by the same few providers. Similarities observed in the past in the technical makeup of the messages have led SoftScan to conclude that these messages are written on templates specifically designed to have maximum effect on bypassing anti-spam filters.

“It’s too early yet to be absolutely certain, but a change in the template indicates that the spammers are trying out new tactics, which is normally a precursor to a larger blitz of spam,” comment Diego d’Ambra, CTO of SoftScan.

“Junk mail from these few providers seems to come in waves and from the distribution you can see that there are some very successful spammers that cover a large part of the market. In addition, we’ve also seen a change in the delivery of these messages. This may mean that the botnets have been recruiting significant numbers of new zombies or that the spammers are trying to find new ways to bypass blacklist technology.”

Virus levels remained typically low during the month accounting for just 0.09% of all e-mail scanned. The top five virus families in February were:

1. Phishing (85.92%)

2. Dropper (7.07%)

3. Diehard (2.14%)

4. Netsky (1.37%)

5. Downloader (0.97%)

PayPal said you should drop Apple’s Safari browser if you want to avoid online fraud.Safari doesn’t make PayPal’s list of recommended browsers because it doesn’t have two important anti-phishing security features, according to PayPal.

Apparently, Apple is lagging behind what they need to do to protect their customers. PayPal recommends at this point to use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera. Basically, anything but Safari.

Safari is the default browser on Apple’s Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac.

Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites. Another problem is Safari’s lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.

When it comes to fighting phishing Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption) - that’s it! An emerging technology, EV certificates are already supported in Internet Explorer 7, and they’ve been used on PayPal’s Web site for more than a year now. When IE 7 visits PayPal, the browser’s address bar turns green - a sign that the site is legitimate. Upcoming versions of Firefox and Opera are expected to support the technology.