Finding security in Windows Mobile monoculture

Without a doubt, the most influential factor driving the current state of IT security is the ubiquitous presence of Microsoft's dominant Windows operating system on a vast majority of the world's PCs.

Since an estimated 92 percent of the world's desktops were running on Windows products in 2006, according to researchers at Net Applications, it only makes sense that a similar majority of computer viruses have been aimed at users of the software.

However, as more enterprise businesses begin to adopt newer, more PC-like mobile devices, dubbed "smartphones," some IT department leaders say that they have been waiting to adopt Microsoft's Windows Mobile device OS based on security concerns.

Experts analyzing development of the nascent enterprise mobility sector have frequently cited the widespread use of a variety of operating systems as a major benefit to security of handhelds for the last few years.

Security researchers refer to the popularity of handhelds running on software made not only by Microsoft, but also by Palm, Symbian, and Research in Motion, among others, as one of the factors that have led to the existence of very few malware attacks aimed at mobile devices.

Attackers cannot focus on a single dominant platform in the mobile space, making it less attractive than the world of Windows desktops, the thinking goes.

As more users adopt smartphones, that dynamic may shift, experts claim, but the lack of a single dominant handheld OS has served as a form of protection.

"As the addressable market for smartphones expands, there will be more attacks, as malware activity always moves to the areas of greatest impact, but the activity isn't comparable to the desktop today," said Jan Volzke, head of marketing for Mobile Security at San Jose, Calif.-based McAfee. "The number of operating systems in use today has likely had an effect on slowing attacks, as there is no single platform to write malware code to."

But enterprise users say that a range of factors are pushing them to marry their Windows desktop environments with their mobile device strategies, with security as one of the leading catalysts.

Fears of creating a Windows Mobile monoculture that may be more attractive to attackers are superseded by the need for a stable product with familiar characteristics and ties to existing infrastructure, some say.

Chevron PetroChemical, a massive plastics manufacturer based in Houston, is currently in the process of rolling out Motorola and Samsung smartphones running on Windows Mobile because IT project managers feel the company can protect those handhelds more easily than those running on other operating systems.

Jonathan Perret, IT Remote Connectivity analyst at Chevron PetroChemical, a joint venture between parent company Chevron and ConocoPhillipsSP, said that his company has been actively banning its employees from using smartphones and PDAs -- including the popular Research In Motion BlackBerry -- for the last several years.

Despite many requests by individual users to bring their personal BlackBerry devices into the office, the firm waited until it could get in hand Windows Mobile devices that would allow for enforcement of the same types of policies it has created for securing its desktops.