Vulnerabilities / Threats
10/8/2012
02:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Does Mobile Antivirus Software Really Protect Smartphones?

Bad news: Many mobile antivirus apps are useless. Here's what mobile device management and mobile application management experts say you should focus on instead.

October is National Security Month and with good reason: Even a cursory glance at recent technology headlines reveals no shortage of malware threats, with the mobile space--and especially the Android OS--drawing particular attention.

BYOD policies have positioned these risks as significant enterprise concerns. Much has been written about mobile device management (MDM) and mobile application management (MAM) tools, and how these products can insulate businesses against data theft. Even so, because MAM/MDM is a nascent industry, it's natural to wonder whether antivirus is a crucial part of the puzzle, and whether standalone antivirus tools provide legitimate protection.

Recent tests conducted by AV-Comparatives, AV-TEST, and PC Security Labs found that many products failed to protect against malicious programs, but a few standouts achieved virtually perfect detection rates. Case closed? Not exactly.

Savid Technologies CEO Mike Davis said in an interview that many mobile antivirus applications are mired in signature-based tracking, the antiquated method PC vendors used a decade ago, rather than behavioral analysis, a more modern approach that looks at the actions a program attempts to execute, not predefined identifiers in the code. Mobile antivirus products that rely on signatures can be adept at spotting known threats--but if a device downloads a new virus, the security breach might go undetected until damage is already done.

[ Learn more about mobile threats. See Android Warning: 50% Of Devices Need Patching. ]

Davis said vendors are not necessarily to blame because mobile operating systems aren't designed to accommodate behavior-based malware tracking. "There is no root administrative user," he stated, "so the AV doesn't have the full control" it needs for such analysis to occur.

Gartner research VP Peter Firstbrook cautioned in an interview that even if behavior-based, or heuristic, scans were ubiquitous on smartphones and tablets, such methods "haven't stemmed the tide" of viruses on PCs and thus wouldn't render mobile devices unassailable. Behavioral analysis often falters, he said, because "the behavior of a bad application or a good application is a matter of opinion," meaning that a program might be useful when it executes its intended function but malicious if it starts exporting information to an unauthorized third party. To illustrate, he mentioned instant message programs that use keystroke monitors to let users know when their chat counterparts are typing. Such programs exemplify "legitimate APIs and system calls" that can go awry, he explained.

Because of this difficulty, Firstbrook said the selection of a mobile operating system outranks security software when it comes to fending off malware. He said iOS is safer than Android, for example, because "somebody approves every app that it runs," turning the platform into "essentially a closed system" that is more difficult for hackers to penetrate.

He asserted the key iOS security challenges for enterprises involve password protection, encryption, remote wiping, and other MDM/ MAM concerns, as stolen data results primarily from lost devices, not viruses. For Android-based devices, Firstbrook stated that the situation is somewhat different because more users procure apps from illegitimate markets. Indeed, a recent Arxan study found that nearly every popular app on Android has been hacked, illustrating how crucial it is that users use sanctioned sources such as Google Play. The study also found most iOS apps have been hacked, but this fact is somewhat mitigated because iPhone and iPad users are less prone to unofficial markets.

Even the legitimate app markets might not be sufficient, however, according to Jon Clay, senior manager of core technology marketing for security vendor Trend Micro. He stated in an interview that criminals rely primarily on third-party app stores to propagate their schemes but that "quite a few malicious apps" have still infiltrated Google Play. He noted that Google Bouncer is a good step for the Android ecosystem but that it hasn't expurgated threats entirely.

Many businesses consequently "try to stay away from Android," according to Firstbrook. He suggested that this reluctance explains developers' preference for Apple's mobile OS, despite Android's larger user base.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.