The software on PDAs is a limiting factor for malicious coders, Garcia-Manrique said. "The version of (Microsoft Corp.'s) Outlook on a Pocket PC device doesn't have the same capacity to execute code as the version on a PC, so script viruses wouldn't operate, and nor would macro viruses, as macro code doesn't execute on a Pocket PC device. It's the scripting capabilities that open the door for malicious code," she said.
The limited scripting environment, which doesn't support Visual Basic, means that most malicious code won't operate, agreed Steve Crayson, a device specialist with Microsoft EMEA (Europe, Middle East and Africa) Mobile Devices Division.
"In three years using a Pocket PC, I've never seen a virus," Crayson said. There has been plenty of hype about the danger, "but I'm not aware of any real threats. And I download all sorts of applications all the time," he said.
However, hackers will undoubtedly use PDAs to get at PCs and networks in future, Garcia-Manrique said. "Viruses are transmitted using the most popular communication methods, and today that's (regular) e-mail. Ten years ago it was floppies. Once the (PDAs) have 802.11 LAN access and direct Internet connections, you get much more information flowing back and forth and the door is much more open."
Jack Clark, product marketing manager for Network Associates Inc., sellers of McAfee antivirus products, agrees with the floppy analogy. "The PDA is the modern version of the floppy, but with much greater storage. I've seen it happen myself. I synched my handheld with my PC and it picked up a virus I'd received by e-mail." That virus had been written for PCs, he said, not for the PDA itself.
McAfee has developed antivirus and firewall products for PDAs, he said, not because it believes that dangerous code is rife but because hackers "have demonstrated that it's possible. And so we're just saying let's get firewalls and scanning on there, close the door before the horse bolts."
From an organizational viewpoint, Clark said, the first step is to find out where the vulnerabilities are. "Scan your network and find ... where the PDAs are connecting."
Symantec, too, offers security products to ease these concerns, but Garcia-Manrique stresses that, so far, it's more important to watch what's happening with wireless laptops. "The impact to the network hasn't really changed with PDAs. The perimeter is extended a little, but the recommendations are the same. You need integrated security across all devices," she said.
If PDAs aren't such a big concern, what about the other ubiquitous mobile device in every office -- the mobile phone? Modern mobile phones can give access to e-mail and company documents too. Are they a cause for concern?