Risk
7/17/2012
12:18 PM
50%
50%

Symantec Debuts Android Antivirus Software For Enterprises

Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.

Symantec Tuesday announced the release of its first enterprise-grade Android antivirus software.

Dubbed Symantec Mobile Security for Android, the application builds on the consumer-focused Norton Mobile Security for Android product released by Symantec earlier this year. The product enforces a Symantec-maintained blacklist of known-bad or suspicious applications. If a flagged app is found on the device, it can warn the user, as well as any mobile device management (MDM) console being used by the corporate information security team.

Symantec said it maintains its Android app blacklist by automatically downloading apps from more than 70 known app stores around the world, then checking to see what the app does: Does it subscribe users to unwanted services? Does it attempt to surreptitiously send premium SMS messages? Symantec said it's analyzed more than 3 million such apps, or app updates, to date.

[ Some free Android apps use networks that could threaten your privacy. Read more at Free Android Apps Have Privacy Cost. ]

"On the iOS platform, all the applications that you'd use are blessed by Apple--they look at them, certify them, and that's how all applications come onto the App Store. It's a very curated experience," said Vizay Kotikalapudi, a senior manager in the enterprise mobility group at Symantec, speaking by phone. But with Android, anything goes. While security experts recommend that users only use apps from the official Android Market, without security controls, users can do anything they please.

Symantec, accordingly, said it's providing businesses with a way to lock down devices--in conjunction with MDM software--but without having to control everything that happens on those devices. "Where we see the industry really moving is that instead of managing the device, enterprises really want to manage their applications and data," said Kotikalapudi. "So that's a big shift from a device-centric process and model. Instead they're going toward a data-centric and app-centric model."

Using MDM software, for example, businesses can stipulate that any Android device must be running Symantec's antivirus software, and that the software reports that no suspicious apps have been installed on the device. "What Symantec is bringing is an enterprise product that gives you control and visibility, and which is integrated with our MDM product as well," Kotikalapudi said.

Symantec also announced the release of its new Symantec Mobile Management for Configuration Manager, which uses technology Symantec gained after it acquired Odyssey Software earlier this year. The software allows IT departments to use Microsoft System Center, an endpoint management tool, to manage Android device security. The Symantec Mobile Management software has also gotten an upgrade, allowing it to natively manage not only Android and iOS devices, but also devices based on Windows 7 Phone.

In addition, to allow businesses to deploy corporate email in a secure manner to Android devices, Symantec Mobile Management now integrates corporate email accounts with NitroDesk TouchDown integration, which offers an Outlook-like interface on Android devices. Kotikalapudi noted that because the native client on Android devices is Gmail, corporate IT departments often want their users to instead use an email client that has built-in security controls. Finally, Symantec said it also offers an internal app store for apps and documents that can be downloaded to Android and other mobile devices.

Antivirus applications for Android aren't new. Numerous security software developers, including AVG, F-Secure, Kaspersky Lab, Lookout Mobile, as well as Symantec, have already offered some form of Android antivirus software--much of it free--at least to consumers.

Also not new is the debate about Android antivirus software effectiveness. Last year, for example, Chris DiBona, the open source and public sector engineering manager at Google, excoriated antivirus manufacturers for using fear to sell their mobile security wares, after Juniper reported seeing a 472% increase in Android malware between July and November 2012.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," said DiBona in a Google+ post. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS, you should be ashamed of yourself."

In response, however, many antivirus companies highlighted that malware writers have been getting familiar with Android, and unleashing attacks such as DroidDream, which disguised malware as legitimate applications. Likewise, Mikko Hypponen, chief research officer at F-Secure, said via Twitter that what DiBona missed was that the security play involves much more than just stopping malware. "These tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."

The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. The Malware War report covers the key methods malware writers use to thwart analysis and evade detection. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1774
Published: 2015-04-28
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE-2015-1863
Published: 2015-04-28
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVE-2015-3340
Published: 2015-04-28
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.