Receive message from Nokia 3650?
Yes/No

Installation security warning. Unable to verify supplier. Continue anyway?
Yes/No

Install Cabir?
Yes/No

Three little dialog boxes with similar wording to that shown above may be the only things stopping people installing the latest attempt at a Symbian virus Cabir, sure this is rather more labour intensive than the usual "whoops, I clicked on an attachment" or "D'oh! I'm running Outlook" but still some people will fall for it, and then attempt to send this same worm to all the Symbian phones within 10m, so we're talking about a worm with reproductive capabilities that need human assistance, and a limited audience for it to infect. Not a big deal really.

Ok, maybe I'm being a little cynical, but until these worms become truly capable of self-propagation they are really not worth talking about, unless one is deperate to sell snake oil anti virus software of course.

Conceivably one could write a Symbian worm that operated successfully along these lines, but it would realistically involve say a buffer overflow of the bluetooth stack to get the malware onto the phone stealthily and perhaps many other buffer overflow style exploits to actually install and run the software, non trivial, and not something that's really likely to be a problem now. Initially I thought this worm partially validated the Symbian Signed program, but in fact it proves the opposite in that the malware would have to get onto the phone in an unconventional manner, and would therefore probably attempt to circumvent any signing restrictions. In fact if Symbian Signed makes it difficult to get software onto phones, legitimate authors will investigate alternative routes for getting their software in user's hands, possibly making the Symbian Signed program as effective a road block as DECSS or Apple's broken iTunes DRM.