Mobile phones with built-in office and Internet functions, so-called smart phones, are starting to become omnipresent and consequently will inspire more and more hackers and virus writers to come up with ideas, especially since these end devices, like PCs, have many security gaps.

Believe me, the dangers are manifold: attackers can, for instance, read personal data such as contact and call lists, steal documents stored on the mobile phone, or reprogram the device in such a way that it works like a bug which monitors the entire usage behaviour of the owner, including telephone calls and sent as well as received text messages.

Fortunately, no one is defenceless if the following simple advice is taken to heart. These points apply to users of Windows Mobile smartphones, but can be applied, for the most part, to other operating system devices too:

Don’t be frivolous

Act with the same caution while surfing the mobile Internet as when you use your regular PC. So, do not download software indiscriminately from the Web. It is recommended that you install only programs with a digital signature that confirms the program as legitimate software from commercial vendors, which has gone through a specific certification procedure.

Don’t try to outsmart any security mechanism

The programming interface (API) of the Windows Mobile operating system allows ex factory-only certified software with a digital signature. This system works well as long as a user isn’t trying to install a signed program. The pre-adjustment can be avoided, for example, with Novosec’s auxiliary program SDA_ApplicationUnlock, which disables the certificate checkups on mobile devices.  This creates a security risk, as any other software can also be embedded without control on the mobile device. Therefore, you are strongly advised to avoid such "workarounds," if you want to keep your smart phone free of malicious programs.

Use a process manager

Process management software enables you to search for suspicious processes on your mobile phone and to stop it if necessary. Due to hardware limitations, only a limited number of processes can run with Windows Mobile. Make a note of these processes if you are sure that your phone is not infected. If, at a later date, a hitherto unknown process attracts your attention, it could indicate a virus and you can stop the process.

Use WLAN and Bluetooth sparingly

Disable WLAN and Bluetooth if you are outdoors, as these close range wire data transmission techniques can be easily abused to dispatch viruses or other pests. In addition, so-called “sniffers” can intercept your confidential data.

Watch out for spontaneous data connections

If you discover that your mobile phone connects without manual intervention (via GPRS, UMTS, etc.) to a mobile operator, it could be a sign that it is infected with a virus, which causes data to be transmitted to a foreign body. If this is the case, cut off the connection immediately and remove the malicious program by using anti-virus software.

Make regular backups

Whether your smartphone is used for business or for private, probably one of the most important resources on your device is your contact list. Imagine the consequences if it were lost or stolen, so always save the stored data on your mobile device regularly. Should the device be infected by viruses, it can then be set back to the factory defaults without significant loss of data when getting rid of any pests.

Save sensitive data outside of your smartphone

Don’t save confidential files on your mobile device’s built-in memory, save them on removable memory cards. Be aware that smartphones are in general not very safe.

Install anti-virus software

Almost all security providers now have anti-virus solutions for mobile devices. If you haven’t done it yet, install such software. It is time that your smartphone enjoys the same protection as your desktop or laptop computer.

In both cases: software, which block viruses or other malicious programs so that it can’t reach the system, is more effective than those that clean already infected machines, as the subsequent virus revision is not always easy. You can have the most effective protection, if you combine a mobile security solution with an anti-virus program for the PC with active real-time testing.

Source: McAfee