That said, mobile devices are becoming an increasingly popular platform for Web browsing and mobile banking. Such activities will inevitably attract the attention of criminals looking to hijack phones through downloaded exploits and skim money from bank accounts.
Once profit-minded criminals begin attacking Windows Mobile and other OSs popular in North America, antivirus and anti-spam software will be about as effective on mobile phones as they've been on PCs -- that is, not very.
AV software always has been a step behind the exploit du jour. There's no reason it will be any different on mobile platforms. So what to do? Enterprises that issue mobile phones to their employees will have to include security software, regardless of its efficacy, because it's a best practice, and will probably be a compliance mandate. So Symantec and McAfee will get their pound of flesh. Consumers would be better advised to save their money and use common sense: don't accept Bluetooth connections from unknown devices, don't enter sensitive data on unknown or untrusted sites, and be careful what you download.
If mobile malware and crimeware really begin to plague the United States, the carriers will likely step in and make security features such as Web-site filtering and mobile phone malware scanning an added service. Given their customer volumes, they should be able to offer competitive pricing against individual software products. And from a user perspective, I'd rather have the malware sifted out in the cloud than try to block it on the device.
In the end, mobile phone users will have to pay someone. The question is whether it will be a criminal or a corporation.