There was a time when the wireless world was a worry-less world in terms of network security and fear of viral attacks. However, it appears those days are coming to a close.

Viral attacks on handheld devices, to be sure, are still a rarity. But most security experts agree it's only a matter of time before there is a major outbreak, which raises the question: is anti-virus software for the handheld now a necessity?

According to a recent survey by Bluefire Security Technologies, 70 percent of more than 1,800 entrepreneurs and business executives polled -- all of them wireless device users -- say fear of viral attacks against their handhelds is a top security concern.

The fear factor

"The world has changed," says Mark Komisky, co-founder of Bluefire and author of the survey. "The wireless ecosystem has matured. Devices are now capable of e-mail and are supported by more robust operating systems. They now have the same functionality as a notebook computer, which means they have the same vulnerabilities. From the perspective of a virus, a wireless device is now just another IP address on the Internet."

Viruses and worms that can attack computers through Web browsing, e-mail, or attachments, also run the risk of making your PDA or smartphone vulnerable. Up until June 2005, when the Cabir worm first appeared, targeting Symbian Series 60 phones, there was little real threat to handhelds. Since that time, there have been more than 100 mobile viruses detected and new strains are appearing every week and some have spread over Bluetooth and other wireless connections, according to F-Secure, an anti-virus maker based in Helsinki.

"It's just a matter of time until viruses are just as pervasive on handhelds because so much of computing is moving to mobile computing," says Ben Rothke, author of Computer Security -- 20 Things Every Employer Should Know.

And it's not just the handheld device itself that's at risk. Komisky points out other key areas in which handhelds with wireless connectivity can pose risks to your business:

  • Connecting through a public Web connection. Remote access can provide a hole in the network, especially if users are connecting to their e-mail, for example, through a public wireless Web connection at an airport or coffee shop hotspot.
  • The desktop back at the office. Take an infected handheld and sync it up on the PC at work. Now, the PC is infected too. Such malware can also spread rapidly within your firm to other computers.
  • The VPN connection to the network. Without a virtual private network (VPN) quarantine feature on the company firewall, there's a risk of spreading an outbreak remotely just like any other infected laptop.

The downside of handheld anti-virus protection

So when in doubt, why not just get the anti-virus software as a precaution to protect your handheld and your business? There are some other considerations that businesses need to factor into the discussion, security experts say.

"Don't get me wrong, I would never tell my clients not to get anti-virus protection for their handhelds, if they wanted it," says John DeLozier, of Nply Security, a Dallas-based network security consulting group. "But, I would advise them that there's a much bigger risk of being compromised by loss or theft than from an attack."

DeLozier goes on to point out a couple of other reasons why a business owner might think twice about getting anti-virus software for PDAs and smartphones. Aside from the obvious cost of the software itself, there's the greater cost of installing and maintaining it.

Smaller companies, especially, tend to give their employees the freedom to pick out their own handheld devices and just expense them back to the company. It's highly unlikely one brand of software will accommodate different handheld models. Managing compatibility can quickly become a major headache for a minimally staffed IT department.

Meanwhile, it's not just business consumers debating whether the time has come for anti-virus software to come standard on wireless devices. It remains to be seen whether manufacturers or wireless carriers will make it standard issue.

According to the Bluefire survey, 86 percent of those polled say security software should be required in all handhelds. Three out of five say they feel confident their companies would be willing to pay more to have it.

With that kind of demand, regardless of need, it's a safe bet both manufacturers and carriers will figure it out soon enough and one way or the other wireless devices and security software will go hand-in-hand.