As smartphones and iPad-like devices become the preferred media for accessing information, antivirus companies may find themselves out of a job. End-users, however, will need more education to avoid falling for ploys that dupe them into giving away sensitive information.
That's the conclusion of a recent report by Forrester Research, which predicts that by 2015, half of devices on corporate networks will be post-PC devices, such as RIM's BlackBerry or Apple's iPad. Because such devices are typically sandboxed -- either programmatically, through a managed marketplace, or both -- exploitable vulnerabilities are harder to find and to attack consistently. Attacks that do succeed can be removed remotely by the operating system makers before they propagate too far.
The trend means that attackers will have less-vulnerable products to attack, according to Forrester Research analyst Andrew Jaquith, author of a report titled "Security in the Post-PC Era: Controlled Chaos."
"Vendors have an interest in downplaying the improved security postures of post-PC operating systems," he writes. "They have suddenly realized their addressable market for endpoint aftermarket products is about to drop by half."
Companies that meet the trend head on could save money. The total cost of securing a laptop is $400 over three years, according to Forrester. Most post-PC devices do not require the equivalent add-on security protections, such as full-disk encryption, client-side security suites, and compliance auditing software.
"While a number of zero-day malicious exploits will continue to emerge on post-PC platforms like Apple's iOS, the longer term trend is clear," writes Jaquith. "Increased developer accountability and restricted room to maneuver on the device will reduce the impact of vulnerabilities on post-PC devices."
Instead of vulnerabilities, user ignorance will be the greatest weakness in the era of smartphones: Attackers will shift their focus from software vulnerabilities to vulnerable users.
Yet, that's good news, Jaquith says. "By removing integrity concerns and the need for onboard client security software from post-PC devices, enterprises can finally focus on the two things that matter most: the data and the capabilities required to handle it properly," he writes.