Risk
7/17/2012
12:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Symantec Debuts Android Antivirus Software For Enterprises

Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.

Symantec Tuesday announced the release of its first enterprise-grade Android antivirus software.

Dubbed Symantec Mobile Security for Android, the application builds on the consumer-focused Norton Mobile Security for Android product released by Symantec earlier this year. The product enforces a Symantec-maintained blacklist of known-bad or suspicious applications. If a flagged app is found on the device, it can warn the user, as well as any mobile device management (MDM) console being used by the corporate information security team.

Symantec said it maintains its Android app blacklist by automatically downloading apps from more than 70 known app stores around the world, then checking to see what the app does: Does it subscribe users to unwanted services? Does it attempt to surreptitiously send premium SMS messages? Symantec said it's analyzed more than 3 million such apps, or app updates, to date.

[ Some free Android apps use networks that could threaten your privacy. Read more at Free Android Apps Have Privacy Cost. ]

"On the iOS platform, all the applications that you'd use are blessed by Apple--they look at them, certify them, and that's how all applications come onto the App Store. It's a very curated experience," said Vizay Kotikalapudi, a senior manager in the enterprise mobility group at Symantec, speaking by phone. But with Android, anything goes. While security experts recommend that users only use apps from the official Android Market, without security controls, users can do anything they please.

Symantec, accordingly, said it's providing businesses with a way to lock down devices--in conjunction with MDM software--but without having to control everything that happens on those devices. "Where we see the industry really moving is that instead of managing the device, enterprises really want to manage their applications and data," said Kotikalapudi. "So that's a big shift from a device-centric process and model. Instead they're going toward a data-centric and app-centric model."

Using MDM software, for example, businesses can stipulate that any Android device must be running Symantec's antivirus software, and that the software reports that no suspicious apps have been installed on the device. "What Symantec is bringing is an enterprise product that gives you control and visibility, and which is integrated with our MDM product as well," Kotikalapudi said.

Symantec also announced the release of its new Symantec Mobile Management for Configuration Manager, which uses technology Symantec gained after it acquired Odyssey Software earlier this year. The software allows IT departments to use Microsoft System Center, an endpoint management tool, to manage Android device security. The Symantec Mobile Management software has also gotten an upgrade, allowing it to natively manage not only Android and iOS devices, but also devices based on Windows 7 Phone.

In addition, to allow businesses to deploy corporate email in a secure manner to Android devices, Symantec Mobile Management now integrates corporate email accounts with NitroDesk TouchDown integration, which offers an Outlook-like interface on Android devices. Kotikalapudi noted that because the native client on Android devices is Gmail, corporate IT departments often want their users to instead use an email client that has built-in security controls. Finally, Symantec said it also offers an internal app store for apps and documents that can be downloaded to Android and other mobile devices.

Antivirus applications for Android aren't new. Numerous security software developers, including AVG, F-Secure, Kaspersky Lab, Lookout Mobile, as well as Symantec, have already offered some form of Android antivirus software--much of it free--at least to consumers.

Also not new is the debate about Android antivirus software effectiveness. Last year, for example, Chris DiBona, the open source and public sector engineering manager at Google, excoriated antivirus manufacturers for using fear to sell their mobile security wares, after Juniper reported seeing a 472% increase in Android malware between July and November 2012.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," said DiBona in a Google+ post. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS, you should be ashamed of yourself."

In response, however, many antivirus companies highlighted that malware writers have been getting familiar with Android, and unleashing attacks such as DroidDream, which disguised malware as legitimate applications. Likewise, Mikko Hypponen, chief research officer at F-Secure, said via Twitter that what DiBona missed was that the security play involves much more than just stopping malware. "These tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."

The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. The Malware War report covers the key methods malware writers use to thwart analysis and evade detection. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.