In contrast, Microsoft, in its Windows patching routine, "doesn't have to go to every laptop OEM to get permission from each." Stamos added that Google (GOOG) has set up separate "tiers" for certain devices and customers to be patches. Overall, Stamos advocated that the mobile-device industry make a break with the current situation regarding carrier control, and especially for enterprise users, "please give these people the ability to patch their phones." The iPhone and Android devices are hard to manage in part because of this.
Apps were another topic of discussion. Amoroso said AT&T's policy on Android is that "we restrict apps to the Android market. I thought this community would love that," because it was intended to make malware more difficult to exploit. But, he adds, "the reaction is more like they want mobile to look more like the Internet."
Mobile-device apps may seem silly or whimsical at times, but the reality is that apps are becoming part of the critical infrastructure, Amoroso pointed out. Some businesses are also setting up their own app stores to distribute apps to their end-users.
2011 is the "eye of the storm" in terms of mobile-device security, said Amoroso. One reason is that over the next 12 months, carriers are rolling out their 4G networks, a move that's "unbelievably profound" because it will be "an IP infrastructure for mobility at speeds that will be appealing for hacking." He said he felt the world was not yet fully prepared for this as an event.
The current tight-knit relationship between the carriers and the makers of the smartphone operating systems, including Google, RIM and Apple, among others, effectively leaves a broad swath of the traditional security industry somewhat out in the cold in terms of becoming aware of patching issues and being able to best offer their own analysis and remedies.
"The carriers have the power," acknowledged George Kurtz, worldwide chief technology officer and executive vice president at McAfee (MFE), who discussed the issue separately. He said McAfee strives to keep communications open with Google, Apple (AAPL) and others. He notes the anti-malware vendors fighting Windows-based problems have benefited by what's become technical cooperation with Microsoft (MSFT). But that kind of relationship doesn't exist at this level in the mobile-device world today, he noted.
The current situation leaves a lot of control in the hands of carriers, which admit it can take a long amount of time to get through a patch-approval process.
Sign up for CIO Asia eNewsletters.