First Palm virus raises questions about security

The Phage.936 virus was discovered by antivirus researchers at McAfee.com and Finland-based F-Secure last night. The virus erases third-party applications on infected Palm operating systems, filling the display screen with a dark gray box.

Other than Palm handhelds themselves, two other such devices use the Palm OS: Handspring Visor and TRG Pro.

The virus comes on the heels of last month's release of the Liberty Trojan horse, the first known malicious program targeting the Palm OS. The Liberty Trojan horse duped some people into downloading a program that erased data.

Palm has not received any complaints or reports of virus-infected Palm users, a company spokeswoman said today. "We're looking into it," she added.

Unlike a Trojan horse, which cannot replicate itself, the Phage virus is self-replicating, according to Vincent Gullotto, senior director of Avert, McAfee's antivirus response center.

"This is a real, replicating virus," Gullotto said. "It's a classic file infector and overwriter."

These two incidents do not equal an epidemic, and most virus writers are still targeting PCs and Microsoft software. Still, antivirus companies are warning owners of handheld computers--and devices with wireless Internet access--that they may be sacrificing security for convenience.

"This is a good indicator that virus writers are looking at the Palm," Gullotto said. "There's lots of them out there. It's an easy target."

Palm is by far the most popular personal digital assistant on the market, with about 60 percent worldwide market share, according to International Data Corp. That number is boosted by Palm licensees such as Handspring, whose Visor is the No. 2 selling handheld in retail stores.

In a way, the virus may be a backhanded compliment to Palm, said Ken Dulaney, an analyst with Gartner. "When you start having viruses, that means you've established a market."

By nature, handhelds with the Palm OS are low risk in terms of susceptibility to viruses and malicious software. In this case, people can easily remove unwanted software stored on the device by resetting and re-synchronizing the handheld with a PC.

Antivirus software makers also have an interest in publicizing these types of problems because they sell the software that handles them.

Companies such as McAfee and Symantec sell software to protect Palm and other handheld computers, but corporations are dependent upon their employees to proactively install such software.

Companies risk infection from employees who use their own handhelds and then synchronize them with corporate PCs, analysts say.

Dulaney said the virus is another sign that corporations must take responsibility for all the devices their employees use, including personal digital assistants, cell phones and PCs.

"The problem is that you've got a personal device, which is not managed by the company, interacting with company data," he said. "It's like oil and water."

Companies willing to purchase such devices for their employees will see the investment pay off by being able to manage the software installed on these products, he added.

"With ownership you get manageability," Dulaney said.

Viruses can spread among handheld computers in a couple of ways.

The popular beaming feature on Palms, which allows people to send and receive information via an infrared port, is one means of spreading viruses. And handheld computers are increasingly offering wireless Internet access, which means that viruses may be even easier to spread in the future.

Just this week, Handspring announced that its Visor will soon offer a cell phone module.

"The wireless industry as a whole is one where virus writers will take a look and notice there are vulnerabilities," Gullotto said. "Security doesn't appear to be a main focus at this time."