I’m going to take a little time to expand on the following paragraph from yesterday’s Mac Virus blog
SC Magazine’s Dan Raywood reports that Eugene Kaspersky, CEO of the eponymous security vendor, believes that desktop computers and the internet as we know it will give way to smartphones and mobile services, and that the need for security will disappear as a result. I’m far from convinced – there are far too many phone-based security issues around already for me to swallow that without blinking – but it’s an interesting hypothesis, and there’s probably some truth in it. Though I’m not sure that I’ll ever give up my laptops for something I can’t touch-type on…
Jimmy Kuo has quite rightly hinted that I was somewhat imprecise about what I mean by “some truth.”
Do I think that the smartphone will replace the desktop any time soon? Nope. I think the desktop has, to some extent, been sidelined by the laptop and, to a lesser extent, the netbook, but that’s as far as many of us can go for “serious” computing. I will not be writing my next book on a Blackberry (I’d rather go back to the Amstrad PCW I was using in 1986, thank you, or WordStar on my first PC, or….), or coding on an iPhone, or Photoshopping my pictures on an Android, or blogging on – well, you get the idea. That sort of activity, whether it’s work or recreation, doesn’t go with the combination of a small keypad and a tiny screen. However, it’s obvious that a lot of people use smartphones for much more than phonecalls or even communication, where not long ago they’d have used a “real” computer.
Do I think that the need for security will vanish as more people use mobile devices (after all, the iPod has some of the same functionality – and vulnerability – as the iPhone) as their primary machine? Frankly, no. The main security model for smartphones right now is application whitelisting, and the combination of determined experimentation and social engineering has already eroded that model. Transitive malware issues such as the recent Vodaphone Spain problem with widespread HTC Magic-borne Mariposa, platform independent social engineering attacks like (some) phishing, continuing research into attacks on communication/network protocols – no, I don’t see many infosec professionals migrating to other professions any time soon.
David Harley FBCS CITP CISSP
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence