Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Symantec Debuts Android Antivirus Software For Enterprises

Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.

Symantec Tuesday announced the release of its first enterprise-grade Android antivirus software.

Dubbed Symantec Mobile Security for Android, the application builds on the consumer-focused Norton Mobile Security for Android product released by Symantec earlier this year. The product enforces a Symantec-maintained blacklist of known-bad or suspicious applications. If a flagged app is found on the device, it can warn the user, as well as any mobile device management (MDM) console being used by the corporate information security team.

Symantec said it maintains its Android app blacklist by automatically downloading apps from more than 70 known app stores around the world, then checking to see what the app does: Does it subscribe users to unwanted services? Does it attempt to surreptitiously send premium SMS messages? Symantec said it's analyzed more than 3 million such apps, or app updates, to date.

[ Some free Android apps use networks that could threaten your privacy. Read more at Free Android Apps Have Privacy Cost. ]

"On the iOS platform, all the applications that you'd use are blessed by Apple--they look at them, certify them, and that's how all applications come onto the App Store. It's a very curated experience," said Vizay Kotikalapudi, a senior manager in the enterprise mobility group at Symantec, speaking by phone. But with Android, anything goes. While security experts recommend that users only use apps from the official Android Market, without security controls, users can do anything they please.

Symantec, accordingly, said it's providing businesses with a way to lock down devices--in conjunction with MDM software--but without having to control everything that happens on those devices. "Where we see the industry really moving is that instead of managing the device, enterprises really want to manage their applications and data," said Kotikalapudi. "So that's a big shift from a device-centric process and model. Instead they're going toward a data-centric and app-centric model."

Using MDM software, for example, businesses can stipulate that any Android device must be running Symantec's antivirus software, and that the software reports that no suspicious apps have been installed on the device. "What Symantec is bringing is an enterprise product that gives you control and visibility, and which is integrated with our MDM product as well," Kotikalapudi said.

Symantec also announced the release of its new Symantec Mobile Management for Configuration Manager, which uses technology Symantec gained after it acquired Odyssey Software earlier this year. The software allows IT departments to use Microsoft System Center, an endpoint management tool, to manage Android device security. The Symantec Mobile Management software has also gotten an upgrade, allowing it to natively manage not only Android and iOS devices, but also devices based on Windows 7 Phone.

In addition, to allow businesses to deploy corporate email in a secure manner to Android devices, Symantec Mobile Management now integrates corporate email accounts with NitroDesk TouchDown integration, which offers an Outlook-like interface on Android devices. Kotikalapudi noted that because the native client on Android devices is Gmail, corporate IT departments often want their users to instead use an email client that has built-in security controls. Finally, Symantec said it also offers an internal app store for apps and documents that can be downloaded to Android and other mobile devices.

Antivirus applications for Android aren't new. Numerous security software developers, including AVG, F-Secure, Kaspersky Lab, Lookout Mobile, as well as Symantec, have already offered some form of Android antivirus software--much of it free--at least to consumers.

Also not new is the debate about Android antivirus software effectiveness. Last year, for example, Chris DiBona, the open source and public sector engineering manager at Google, excoriated antivirus manufacturers for using fear to sell their mobile security wares, after Juniper reported seeing a 472% increase in Android malware between July and November 2012.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," said DiBona in a Google+ post. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS, you should be ashamed of yourself."

In response, however, many antivirus companies highlighted that malware writers have been getting familiar with Android, and unleashing attacks such as DroidDream, which disguised malware as legitimate applications. Likewise, Mikko Hypponen, chief research officer at F-Secure, said via Twitter that what DiBona missed was that the security play involves much more than just stopping malware. "These tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."

The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. The Malware War report covers the key methods malware writers use to thwart analysis and evade detection. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10694
PUBLISHED: 2019-12-12
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1....
CVE-2019-10695
PUBLISHED: 2019-12-12
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user�s username and password were exposed in the job�s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the ...
CVE-2019-5085
PUBLISHED: 2019-12-12
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5090
PUBLISHED: 2019-12-12
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulner...
CVE-2019-5091
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.