Yesterday, while I was browsing PalmAddict, I noticed a post that was submitted from “Roy” -

“Hi Sammy, The anti-virus industry is one of the most infuriating and controversial ones. Development and deployment of viruses allows anti-virus vendors — the actual source of these viruses — to sell the elixir, which will potentially avoid nasty data losses. Palm is no exception. If you have purchased anti-virus software for the Palm or have thought about it, you probably ought to read on.”

This kind of sparked my interest, so I read on - schestowitz.com : Palm Anti Virus - The Scam. Here’s an excerpt:

“In practical terms, anti virus software for Palm handhelds is utterly unnecessary. There are two known Palm viruses, which are “proof of concept”; nothing has been shown to be malicious beyond this fabricated illusion. Such viruses are created by anti-virus developers and vendors in order to create a scare and prove that Palm handhelds are potentially penetrable. The viruses have not been found “in the wild” yet and this state is unlikely to change any time soon.”

My initial feeling was that this was more of a conspiracy rant then some good honest advise. One of the things that bothered me was the information provided. I’m not a anti-virus expert, but after looking around a little bit I learned enough. Here is what I found that contradicts the statements made in just that little excerpt -

1. “There are two known Palm viruses” - I found that there is at least three known Palm OS viruses/tojans, PalmOS/Liberty.A, PalmOS/Vapor.A, and PalmOS/Phage.A
2. “nothing has been shown to be malicious beyond this fabricated illusion” - The first Palm OS virus, PalmOS/Liberty.A, deleted all files not located in the ROM. I don’t know about you but if I was sitting in a plane playing a game, then find that all my calendars/contacts/docs on my Palm device were gone right before a big business trip and no way of restoring it until I got back home or to the office- I would be more than a little upset.
3. “Such viruses are created by anti-virus developers and vendors” - I found nothing whatsoever to substantiate this claim. Who knows maybe I wasn’t looking hard enough, but it kinda sounds like conspiracy theory junk to me.
4. “The viruses have not been found “in the wild” yet” - From what I found this is also not true. Although it doesn’t seem there there are any currently circulating - the first one did. PalmOS/Liberty.A circulated the net masquerading as a crack to a GameBoy emulator. The third one, PalmOS/Phage.A, could email itself.
5. “In practical terms, anti virus software for Palm handhelds is utterly unnecessary.” - Although there isn’t a significant threat for a virus attack on your palm device, by no means does it mean that Palm devices are absolutely immune to viruses. Being a Mac user, there is a same sentiment in the Mac community. But when my grandma purchased an iMac and asked me whether or not she should put antivirus software on it - I said although there isn’t any real threat right now, it would probably be a good idea to put in on the machine. Macs aren’t invulnerable to viruses - neither are Palm handhelds. In my opinion, making a statement like that is dangerous.

I could rant more about some of the other statements in the article, but I think thats enough.

After following a link to PalmSource’s page on Anti-Virus solutions for the Palm and it mentioned FB-4’s VirusGuard, I messaged a friend of mine. Scott, the lead developer of the Palm OS version of VirusGuard at FB-4, had this to say towards the writer in regards to the post -

“It sounds like you feel that all anti-v apps for Palm are not needed. You simply have no way to back up that argument. The only reason you do not see viruses “in the wild” as you call it, is b/c the market for such mobile devices has been so small in America. This is changing. The point when most people use a PDA, or Smart Phone type device as their day to day phone (expected to be in 2008 URL: http://www.zdnet.com.au/news/security/0,2000061744,39198008,00.htm ), we will see a raise in virus production. The only reason we do not see that many right now, is due to the lack of targets. It is also possible to write an application that would give someone control from the outside. It would require something to be installed on the device first, but there is no reason it cant be done. The type of control the remote user would have would depend on the local application, but it would not be hard to write something that could take in input from over the air, and execute code based on that input. As a Palm developer myself, I can think of many ways that a simple application could kill a device. In the end, a hard or zero reset is all that is needed to fix it, along with restoring all your 3rd party apps, contacts, biz cards, settings and prefs (which will take time, and we all know time is money). And before you think about it, a HotSync wont do it. If you had a virus on your Palm, and you did a HotSync before you knew about it, it is now going to be put back on your device when you restore it. Next time you try to make such a naive argument, you might want to look at the other side of it. Just because you think that you will never download a file that has code in it that will alter your device in a unwanted way, doesn’t mean other people wont. Your argument about “trusted sources” is also wrong. The only person that says weather a site is trustworthy is the person viewing it. If they feel the site is safe, then it is to them. Humans will be just that, Human. They will make mistakes. If you are one of the people that is able to ensure you device is clean of malware, then good for you. Just remember, not everyone is as smart as you.”

Anti-Virus for your Palm isn’t “like buying premium insurance for a boy’s 50 watt toy motorcycle” - your Palm device isn’t some $25 dollar toy that you got from Walmart. But it is like insurance, insurance that your data and your device is protected when you need it most. If your device isn’t absolutely immune, you should ask yourself - “How much is my device and my portable data worth to me?” “How quickly can I recover from the loss of data and maybe even use of my device?” “How important is it to keep my Palm’s data out of the hands of others?” I have ran into a few situations where my Treo got messed up unintentionally by trustworthy sources - 1. A Sprint Store accidentally programmed my phone not to be able to use any audio - I wound up pretty much prank calling a bunch of people for a few hours until I spent a couple more hours getting it fixed by another Sprint Store 2. After doing a over-the-air update to some software that I trusted and everyone probably would, my device soft reset and I lost all the prefs for all my apps. I couldn’t use some important software until I re-entered my serial numbers back in. 3. When I accidentally recorded a video that took up all the spare room on my Treo that sent it into a reset loop, in which I spent hours trying to fix. — Ok now throw in a creative virus developer - What are our possibilities now? Now throw in a Treo enabled, enterprise sales force - one gets the virus - sends it to the rest of the team. The rest of the team opens it up since they read somewhere that you don’t have to worry about viruses on the Palm. Wahm! The sales team is toast for the day - loses the company millions in sales - upsets some important clients.

Even with that I still don’t personally worry too much about viruses. From month to month I change my mind if I personally need virus protection on my Mac and Palm. But here is the thing - I would never tell anyone NOT to use anti-virus software - not unless they are using a device that absolutely can not be penetrated, like maybe a calculator There are numerous ways our Palm devices can be attacked - especially us Treo users. Bluetooth, IR, SD slot, hotsync, and dont forget that always on internet - there are plenty of points of intrusion. As smartphones get more and more prolific the threat or the possibility of a threat will increase.

So here is my advice - don’t get caught with your pants down just because no one is currently paying attention. Things change.

Technorati Tags: Palm, Treo, virus

1. cyberhomie Says:
   July 20th, 2005 at 5:40 pm

   Roy’s post wouldn’t have bothered me at all except that it was linked to from a site that I know a huge number of Palm users read - PalmAddicts. I figured I should point out some facts that I found, establish some true possibilities, and throw in my own opinion. My 2¢ wound up turning into $1.20, but I think it was important to say.

   And to be sure that ppl are clear - treo Addicts does not currently sell anti-virus software or is currently sponsered by any anti-virus vendors.