Will segmenting wi-fi SSIDs limit the spread of viruses, trojans and the like?

Solution 1:

SSIDs are not security boundaries, they are simply convenient wireless connection points. There is nothing inherently "secure" (or for that matter, "insecure") about SSIDs, so the question is what do you do with them.

If each SSID connects to a separate network/VLAN and there is no routing between the separate networks then this would perhaps isolate the wireless machines from each other but would probably leave you with a network that was awfully complicated without actually being very useful.

edit - toally should have added this to the question originally, sorry.

One place where using separate SSIDs connecting to separate networks is very useful is for guest wireless access. You should have a separate network/VLAN and SSID for guest network access that routes directly out via your Internet connection and doesn't allow direct guest access to your LAN. This sort of separation of different types of user is pretty much standard practice in a lot of wireless implementations I've seen these days, provides immediate isolation of a source of threats that might otherwise be difficult to deal with, and should not be difficult to implement.

You might want to investigate stuff like Network Access Control (NAC) as a method for ensuring that devices connecting to the network meet a certain standard level of security. This still isn't a security panacea, but it may be helpful.

Solution 2:

To the extent that some worms spread by probing random IP addresses within a local subnet, and that separate SSIDs imply separate subnets, yes it may help. However, it is most likely not worth the added complexity and there are better solutions.