News

Mobile Security Largely Based on Lack of Windows Monoculture

Without a doubt, the most influential factor driving the current state of IT security is the ubiquitous presence of Microsoft’s dominant Windows operating system on a vast majority of the world’s PCs.

By Dave Gradijan

April 09, 2007 — CSO —

Without a doubt, the most influential factor driving the current state of IT security is the ubiquitous presence of Microsoft’s dominant Windows operating system on a vast majority of the world’s PCs.

Since an estimated 92 percent of the world’s desktops were running on Windows products in 2006, according to researchers at Net Applications, it only makes sense that a similar majority of computer viruses have been aimed at users of the software.

However, as more enterprise businesses begin to adopt newer, more PC-like mobile devices, dubbed "smart phones," some IT department leaders say they have been waiting to adopt Microsoft’s Windows Mobile device OS based on security concerns.

Experts analyzing development of the nascent enterprise mobility sector have frequently cited the widespread use of a variety of operating systems as a major benefit to security of handhelds for the past few years.

Security researchers refer to the popularity of handhelds running on software made not only by Microsoft, but also by Palm, Symbian and Research In Motion, among others, as one of the factors that has led to the existence of very few malware attacks aimed at mobile devices.

Attackers cannot focus on a single dominant platform in the mobile space, making it less attractive than the world of Windows desktops, the thinking goes.

As more users adopt smart phones, that dynamic may shift, experts claim, but the lack of a single dominant handheld OS has served as a form of protection.

"As the addressable market for smart phones expands, there will be more attacks, as malware activity always moves to the areas of greatest impact, but the activity isn’t comparable to the desktop today," said Jan Volzke, head of marketing for Mobile Security at San Jose, Calif.-based McAfee. "The number of operating systems in use today has likely had an effect on slowing attacks, as there is no single platform to write malware code to."

But enterprise users say that a range of factors are pushing them to marry their Windows desktop environments with their mobile device strategies, with security as one of the leading catalysts.

Fears of creating a Windows Mobile monoculture that may be more attractive to attackers are superseded by the need for a stable product with familiar characteristics and ties to existing infrastructure, some say.

Chevron PetroChemical, a massive plastics manufacturer based in Houston, is in the process of rolling out Motorola and Samsung smart phones running on Windows Mobile because IT project managers feel the company can protect those handhelds more easily than those running on other operating systems.