Software interfaces with Symantec service that assesses apps from more than 70 app markets and blacklists malicious or suspicious choices.

Mathew J. Schwartz, Contributor

July 17, 2012

4 Min Read

Symantec Tuesday announced the release of its first enterprise-grade Android antivirus software.

Dubbed Symantec Mobile Security for Android, the application builds on the consumer-focused Norton Mobile Security for Android product released by Symantec earlier this year. The product enforces a Symantec-maintained blacklist of known-bad or suspicious applications. If a flagged app is found on the device, it can warn the user, as well as any mobile device management (MDM) console being used by the corporate information security team.

Symantec said it maintains its Android app blacklist by automatically downloading apps from more than 70 known app stores around the world, then checking to see what the app does: Does it subscribe users to unwanted services? Does it attempt to surreptitiously send premium SMS messages? Symantec said it's analyzed more than 3 million such apps, or app updates, to date.

[ Some free Android apps use networks that could threaten your privacy. Read more at Free Android Apps Have Privacy Cost. ]

"On the iOS platform, all the applications that you'd use are blessed by Apple--they look at them, certify them, and that's how all applications come onto the App Store. It's a very curated experience," said Vizay Kotikalapudi, a senior manager in the enterprise mobility group at Symantec, speaking by phone. But with Android, anything goes. While security experts recommend that users only use apps from the official Android Market, without security controls, users can do anything they please.

Symantec, accordingly, said it's providing businesses with a way to lock down devices--in conjunction with MDM software--but without having to control everything that happens on those devices. "Where we see the industry really moving is that instead of managing the device, enterprises really want to manage their applications and data," said Kotikalapudi. "So that's a big shift from a device-centric process and model. Instead they're going toward a data-centric and app-centric model."

Using MDM software, for example, businesses can stipulate that any Android device must be running Symantec's antivirus software, and that the software reports that no suspicious apps have been installed on the device. "What Symantec is bringing is an enterprise product that gives you control and visibility, and which is integrated with our MDM product as well," Kotikalapudi said.

Symantec also announced the release of its new Symantec Mobile Management for Configuration Manager, which uses technology Symantec gained after it acquired Odyssey Software earlier this year. The software allows IT departments to use Microsoft System Center, an endpoint management tool, to manage Android device security. The Symantec Mobile Management software has also gotten an upgrade, allowing it to natively manage not only Android and iOS devices, but also devices based on Windows 7 Phone.

In addition, to allow businesses to deploy corporate email in a secure manner to Android devices, Symantec Mobile Management now integrates corporate email accounts with NitroDesk TouchDown integration, which offers an Outlook-like interface on Android devices. Kotikalapudi noted that because the native client on Android devices is Gmail, corporate IT departments often want their users to instead use an email client that has built-in security controls. Finally, Symantec said it also offers an internal app store for apps and documents that can be downloaded to Android and other mobile devices.

Antivirus applications for Android aren't new. Numerous security software developers, including AVG, F-Secure, Kaspersky Lab, Lookout Mobile, as well as Symantec, have already offered some form of Android antivirus software--much of it free--at least to consumers.

Also not new is the debate about Android antivirus software effectiveness. Last year, for example, Chris DiBona, the open source and public sector engineering manager at Google, excoriated antivirus manufacturers for using fear to sell their mobile security wares, after Juniper reported seeing a 472% increase in Android malware between July and November 2012.

"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," said DiBona in a Google+ post. "They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM, or iOS, you should be ashamed of yourself."

In response, however, many antivirus companies highlighted that malware writers have been getting familiar with Android, and unleashing attacks such as DroidDream, which disguised malware as legitimate applications. Likewise, Mikko Hypponen, chief research officer at F-Secure, said via Twitter that what DiBona missed was that the security play involves much more than just stopping malware. "These tools do much more than just antivirus: Antitheft. Remote lock. Backup. Parental control. Web filter."

The stakes have never been higher in the fight for control of corporate and consumer devices between malicious code and the anti-malware software designed to detect and stop it. The Malware War report covers the key methods malware writers use to thwart analysis and evade detection. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights