Mobile security needs more than just software, needs education

Mobile security is becoming more of an issue and companies are developing products to protect users from the bad guys. But what are they doing to protect us from ourselves?

PC users - victimized by malware, spyware and never-ending pop-up windows in the past - know better  today than to click on links from strangers or download and install random programs on their computers. But smartphone users haven't learned those tough lessons yet.

A company called Lookout Mobile Security, which is announcing its 1 millionth customer today, said that mobile security is entering a new phase, just as PC security did so many years ago. Old timers will recall that some hackers initially launched massive attacks for the fame or notoriety. But then came the opportunity to make money off of this hacking business - and so they did.

That's where we are with mobile security today, according to Lookout's CEO and founder, John Hering. The company has seen a rise in the number of apps that are loaded with malware. Six months ago, four pieces of malware would be found per 100 phones per year. Today, that's jumped to 9 pieces of malware. And it's not just on open source platforms like Google's Android. There have been instances of problems with apps that get past the app judges on Apple's iOS platform, as well.

Malware and spyware were always risks in the PC world, as well, but because third-party developers are the ones who are showcasing their mobile apps in mobile app stores, you never know if the developer is a tech genius at MIT or a bad person with bad intentions somewhere overseas. The latest attack: apps loaded with malware that sit dormant and then, days later, starts to auto dial overseas numbers to premium services.

When you're phone bill comes... Ka-Ching!

That's one of the major differences between PC and mobile attackers. On the mobile side, the device is tied to a monthly bill. And users may not know they've even been attacked - until the phone bill gets here.

Hering and I had a good discussion not just about the product that he's selling but, more importantly, how he's selling it. He mentioned updates to his own blog and presence at security conferences. But, through those channels, he's not reaching the people he should be reaching - everyday users.

Has he tapped the carriers to deliver the message at point of sale? What about the device makers? Where's the funny viral YouTube video that educates us? A Facebook page? How about a TV commercial or an online one? Maybe one of those new iAds or some sort of public service announcement during a mobile Pandora stream? There has to be a number of ways for the company to spread the word among everyday folks.

When it comes to mobile security, we consumers need more than some security products that will protect us from the bad guys. We need security software that protects us from ourselves and our own silly mistakes.