F-Secure has denied overplaying the threat posed by mobile malware after the Finnish antivirus vendor issued information about a new mobile worm.
The warning, released last week, claimed that the worm Commwarrior Q affects smartphones running Symbian Series 60 software.
But despite the fact F-Secure maintains that the worm is not spreading widely or quickly, the warning has re-opened a debate about whether F-Secure is overplaying the threat of mobile phone viruses to sell its mobile antivirus product.
Symbian, the company which develops the mobile operating systems affected by Commwarrior viruses, feels that F-Secure is hyping the threat posed by mobile malware. "It's inevitable that antivirus companies will highlight scenarios where their product becomes more appealing. F-Secure is particularly active in this," said David Wood, executive vice president of research at Symbian.
However, F-Secure denied on Monday that it was trying to spread fear, uncertainty and doubt. "[The threat from Commwarrior] isn't vast yet, but F-Secure is not issuing alerts or press releases," said Richard Hales, UK country manager for F-Secure. "[Mobile malware] is nothing like as much of a problem as PC viruses."
But Symbian maintains that its business could be affected by antivirus vendors overplaying the threat of mobile malware. In particular the company claims that innovative open standards software development could be stifled by security fears.
"There is a risk that a fear of viruses becomes like a virus," said Symbian's Wood. "We want to avoid the industry putting up barriers to application development, which would close down opportunities for innovators."
F-Secure admitted there was a danger that consumers and operators would be alienated by potential mobile security risks, and said this was a situation it wanted to avoid.
"All of us need to be careful about that," said Antti Vihavainen, vice president of mobile security at F-Secure. "The situation is not critical, and the benefits of openness are far bigger that the penalties for creating rich ecosystems. However, any open system will be exploited, and we need to be protected from that," Vihavainen added.
F-Secure said it had received one sample of Commwarrior Q, and added that it had no way of knowing how widespread the virus was. Commwarrior Q spreads itself via Bluetooth and MMS, can hide itself in other (SIS) files, and can change file size, making it harder to detect, the company said.
Vihavainen insisted that far from damaging consumer confidence, selling mobile antivirus software could help open standards mobile operating systems development.
"It's good that end users have something to lean against. People feel much more relaxed in trying new apps if they know they have antivirus running in the background," said Vihavainen.
However, Symbian indicated that mobile antivirus may not be necessary, as the operating systems themselves have already been hardened, and current mobile malware requires social engineering tactics to spread.
"The good news is that Symbian has seen this coming for a long time, and every release has seen improved security. This future nightmare world should never come to be," said Wood.