Skip Maine state header navigation
A Publication Featuring The Information Services
Technology of Maine State Government
| Volume VII, Issue 11 | November/December 2004 |
|
|
By Bob Witham
In our fast-paced, technology-oriented world, there are many people who find it difficult to juggle their daily tasks without the help of a Personal Digital Assistant (PDA) device. As a result, the number of PDAs in use is growing as more and more people discover how handy these little devices are.
There are several manufacturers of PDA devices, but the type which seems to be gaining popularity uses Microsoft code as a basis for operating systems such as Windows Pocket PC 2002 or Windows Mobile 2003. As with anything by Microsoft, it seems that virus writers have painted a big bull's-eye target on Microsoft’s chest, and they have taken dead aim at PDA software as well. The first Windows Mobile virus named WinCE4.Dust was written early in September 2004.
This first virus is what is known as a "proof of concept" virus. Basically, it was written to prove that such a virus could be written. Antivirus manufacturers and other industry pundits have proclaimed for quite some time that PDAs are subject to the same problems as other personal computer devices, and that it was only a matter of time until someone actually wrote a virus and unleashed it. Dust virus is not spreading in the wild, and is confined to the laboratory environment only. However, the code is in the hands of other virus writers, and it is only a matter of time until a malicious version of the virus is developed. Worse yet would be one that "jumps" operating systems, or uses the PDA as a springboard to a network.
Many PDAs are now coming with wireless attachments so that you can be connected (in theory) to your network or the Internet anywhere in the world. In actual practice, connectivity coverage is still limited, but it is getting almost as good as cell phones. Oh, as long as we’re discussing them, there is also a virus that infects some cell phones too, but that’s another story. With PDAs having open connectivity to the network, they are a perfect conduit for transmitting viruses. One scenario might be that an e-mail comes in, you open it to read on your PDA, the PDA becomes infected because there is no antivirus (AV) software on the device, and the PDA begins spamming network messages which causes a network traffic slowdown, and an eventual collapse of network response times. Yeah, a stretch, but then I’m allowed to be paranoid; I’m a computer security geek.
McAfee Antivirus has developed a software package that will detect and clean viruses on PDAs. We are currently evaluating this software and intend to purchase a limited number of licenses to cover PDAs within State government. It is our hope that this will plug a potential hole in our security perimeter. With the growth in the use of PDAs however, and given that many people purchase their own PDAs, we may have a difficult time plugging that hole for long. Contact your IT support staff for more information if you are using a PDA without antivirus software on it.
Questions? Contact Security Analyst Bob Witham by calling 207-624-9439.
