Viruses are a serious problem to users of computers. In order to combat the problem, there are a variety of anti-virus software products available which are able to identify viruses resident in the files or memory of a computer. Modern anti-virus software, such as for example F-Secure Anti-Virus for Windows NT, uses a virus signature comparison in order to identify viruses. Each virus contains code which can be analysed and recorded on a database. The database need not record all of the code contained in a virus if a unique “digital fingerprint” or signature can be recorded instead. This may be for example the overall pattern of the code, or two or three particular lines. When a signature comparison is made, the anti-virus program searches for viruses by scanning a file for the presence of a virus signature such as are present in the database.
Clearly, if effective protection is to be maintained, the database used by the anti-virus software must contain signatures for all known viruses. Unfortunately, new viruses are detected all the time, currently at the rate of one per day. Once a newly detected virus has been analysed by the anti-virus software provider and a signature created, the database must be updated on all of the computers which are using the anti-virus software. There have been various methods up until now for carrying out this update.
The earliest method used by virus software providers was to send a diskette through the mail to registered users of the anti-virus software, this diskette containing the required update to the database. Conventionally, the update takes the form of a “.dat” file containing signatures for all currently identified viruses. Another method has been to make the database update available on-line, so that it can be obtained by connecting to a remote server maintained by the anti-virus software provider. Updates have also been provided in the form of attachments to e-mail.
Increasingly, mobile phones are being used to connect to the Internet. Mobile Internet access is being facilitated by new networks (incorporating HSCSD and GPRS) as well as other protocols such as WAP. As mobile “platforms” with wireless modems and internet connections become more powerful, Internet connections will be as easy to obtain as for a desktop PC. This increase in the usage and capacity of mobile platforms renders them susceptible to attack by viruses. The methods outlined above for updating anti-virus software can also be used for mobile platforms. However, in general they will not be permanently connected to the Internet, and indeed may only connect to the Internet occasionally. In addition, Internet connections can be expensive, and this discourages use. This can lead to the signature database used by anti-virus software becoming out of date, rendering protection incomplete. Out of date protection can be worse than no protection at all, as it can engender a false sense of security in a user.
U.S. Pat. No. 6,799,197 describes a secure method for delivering anti-virus updates to mobile clients. It is suggested that the Wireless Application Protocol (WAP) can be used to provide the secure communication channel. As is well known, WAP data can be transported over any (wireless) data network. In GSM (and UMTS) networks, WAP is primarily transported over GPRS bearers, and such bearers would certainly provide the bandwidth to transport the requisite .dat files (typically these are several thousands of Kbytes in size). This approach suffers however from the disadvantages already noted, namely the requirement on the part of a user to initiate a connection, and the associated cost.
In order to overcome the requirement for a user to initiate a data connection, it might be possible to utilise WAP Push messages. A WAP push message can be sent from the network side to the mobile platform inside a Short Message Service message, and upon receipt at the mobile platform causes the platform to establish a (GPRS) bearer and download the .dat file from the anti-virus provider's server. However, this approach does not solve the cost issue, and also presents problems where for some reason a data bearer cannot be established, e.g. due to poor network coverage or user mobility.