Risk
7/17/2012
12:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Symantec Debuts Android Antivirus Software For Enterprises

Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.

Symantec Tuesday announced the release of its first enterprise-grade Android antivirus software.

Dubbed Symantec Mobile Security for Android, the application builds on the consumer-focused Norton Mobile Security for Android product released by Symantec earlier this year. The product enforces a Symantec-maintained blacklist of known-bad or suspicious applications. If a flagged app is found on the device, it can warn the user, as well as any mobile device management (MDM) console being used by the corporate information security team.

Symantec said it maintains its Android app blacklist by automatically downloading apps from more than 70 known app stores around the world, then checking to see what the app does: Does it subscribe users to unwanted services? Does it attempt to surreptitiously send premium SMS messages? Symantec said it's analyzed more than 3 million such apps, or app updates, to date.

[ Some free Android apps use networks that could threaten your privacy. Read more at Free Android Apps Have Privacy Cost. ]

"On the iOS platform, all the applications that you'd use are blessed by Apple--they look at them, certify them, and that's how all applications come onto the App Store. It's a very curated experience," said Vizay Kotikalapudi, a senior manager in the enterprise mobility group at Symantec, speaking by phone. But with Android, anything goes. While security experts recommend that users only use apps from the official Android Market, without security controls, users can do anything they please.

Symantec, accordingly, said it's providing businesses with a way to lock down devices--in conjunction with MDM software--but without having to control everything that happens on those devices. "Where we see the industry really moving is that instead of managing the device, enterprises really want to manage their applications and data," said Kotikalapudi. "So that's a big shift from a device-centric process and model. Instead they're going toward a data-centric and app-centric model."

Using MDM software, for example, businesses can stipulate that any Android device must be running Symantec's antivirus software, and that the software reports that no suspicious apps have been installed on the device. "What Symantec is bringing is an enterprise product that gives you control and visibility, and which is integrated with our MDM product as well," Kotikalapudi said.

Symantec also announced the release of its new Symantec Mobile Management for Configuration Manager, which uses technology Symantec gained after it acquired Odyssey Software earlier this year. The software allows IT departments to use Microsoft System Center, an endpoint management tool, to manage Android device security. The Symantec Mobile Management software has also gotten an upgrade, allowing it to natively manage not only Android and iOS devices, but also devices based on Windows 7 Phone.

In addition, to allow businesses to deploy corporate email in a secure manner to Android devices, Symantec Mobile Management now integrates corporate email accounts with NitroDesk TouchDown integration, which offers an Outlook-like interface on Android devices. Kotikalapudi noted that because the native client on Android devices is Gmail, corporate IT departments often want their users to instead use an email client that has built-in security controls. Finally, Symantec said it also offers an internal app store for apps and documents that can be downloaded to Android and other mobile devices.

Antivirus applications for Android aren't new. Numerous security software developers, including AVG, F-Secure, Kaspersky Lab, Lookout Mobile, as well as Symantec, have already offered some form of Android antivirus software--much of it free--at least to consumers.

Also not new is the debate about Android antivirus software effectiveness. Last year, for example, Chris DiBona, the open source and public sector engineering manager at Google, excoriated antivirus manufacturers for using fear to sell their mobile security wares, after Juniper reported seeing a 472% increase in Android malware between July and November 2012.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," said DiBona in a Google+ post. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS, you should be ashamed of yourself."

In response, however, many antivirus companies highlighted that malware writers have been getting familiar with Android, and unleashing attacks such as DroidDream, which disguised malware as legitimate applications. Likewise, Mikko Hypponen, chief research officer at F-Secure, said via Twitter that what DiBona missed was that the security play involves much more than just stopping malware. "These tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."

The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. The Malware War report covers the key methods malware writers use to thwart analysis and evade detection. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio