Does Mobile Antivirus Software Really Protect Smartphones?

  /     /     /  
Publicated : 22/11/2024   Category : security


Does Mobile Antivirus Software Really Protect Smartphones?


Bad news: Many mobile antivirus apps are useless. Heres what mobile device management and mobile application management experts say you should focus on instead.



October is
National Security Month
and with good reason: Even a cursory glance at recent technology headlines reveals no shortage of malware threats, with the
mobile space
--and especially the
Android OS
--drawing particular attention.
BYOD policies have positioned these risks as significant enterprise concerns. Much has been written about mobile device management (MDM) and mobile application management (MAM) tools, and how these products can
insulate businesses against data theft
. Even so, because MAM/MDM is a nascent industry, its natural to wonder whether antivirus is a crucial part of the puzzle, and whether standalone antivirus tools provide legitimate protection.
Recent tests conducted by
AV-Comparatives
, AV-TEST, and
PC Security Labs
found that many products failed to protect against malicious programs, but a few standouts achieved virtually perfect detection rates. Case closed? Not exactly.
Savid Technologies CEO Mike Davis said in an interview that many mobile antivirus applications are mired in signature-based tracking, the antiquated method PC vendors used a decade ago, rather than behavioral analysis, a more modern approach that looks at the actions a program attempts to execute, not predefined identifiers in the code. Mobile antivirus products that rely on signatures can be adept at spotting known threats--but if a device downloads a new virus, the security breach might go undetected until damage is already done.
[ Learn more about mobile threats. See
Android Warning: 50% Of Devices Need Patching
. ]
Davis said vendors are not necessarily to blame because mobile operating systems arent designed to accommodate behavior-based malware tracking. There is no root administrative user, he stated, so the AV doesnt have the full control it needs for such analysis to occur.
Gartner research VP Peter Firstbrook cautioned in an interview that even if behavior-based, or heuristic, scans were ubiquitous on smartphones and tablets, such methods havent stemmed the tide of viruses on PCs and thus wouldnt render mobile devices unassailable. Behavioral analysis often falters, he said, because the behavior of a bad application or a good application is a matter of opinion, meaning that a program might be useful when it executes its intended function but malicious if it starts exporting information to an unauthorized third party. To illustrate, he mentioned instant message programs that use keystroke monitors to let users know when their chat counterparts are typing. Such programs exemplify legitimate APIs and system calls that can go awry, he explained.
Because of this difficulty, Firstbrook said the selection of a mobile operating system outranks security software when it comes to fending off malware. He said iOS is safer than Android, for example, because somebody approves every app that it runs, turning the platform into essentially a closed system that is more difficult for hackers to penetrate.
He asserted the key iOS security challenges for enterprises involve password protection, encryption, remote wiping, and other MDM/ MAM concerns, as stolen data results primarily from lost devices, not viruses. For Android-based devices, Firstbrook stated that the situation is somewhat different because more users procure apps from illegitimate markets. Indeed, a recent Arxan study found that nearly every popular app on Android has been hacked, illustrating how crucial it is that users use sanctioned sources such as Google Play. The study also found most iOS apps have been hacked, but this fact is somewhat mitigated because iPhone and iPad users are less prone to unofficial markets.
Even the legitimate app markets might not be sufficient, however, according to Jon Clay, senior manager of core technology marketing for security vendor Trend Micro. He stated in an interview that criminals rely primarily on third-party app stores to propagate their schemes but that quite a few malicious apps have still infiltrated Google Play. He noted that
Google Bouncer
is a good step for the Android ecosystem but that it hasnt expurgated threats entirely.
Many businesses consequently try to stay away from Android, according to Firstbrook. He suggested that this reluctance explains
developers preference for Apples mobile OS
, despite Androids larger user base. Notwithstanding platform differences and root access restrictions, Clay stated that mobile antivirus programs have a place: If you cannot detect malicious software, theres potential for abuse or attack, he said. Still, enterprises need more than partial solutions. Aside from shifting their attention to MDM/MAM proper, how do security vendors cope?
Backend approaches, which are distinct from an apps on-device processes, are a popular option. Sean Sullivan, a security advisor with F-Secure Labs, said in an email that his companys products apply limited heuristics on the client side but that full-fledged behavioral analysis, though something his team would really love, would require companies to root/jailbreak the [device]. As a result, F-Secure uses emulation and automation on the back end to analyze potential new threats.
A similar approach is to assess the
reputation of app sources
, a tactic that Trend Micro--among other companies, such as
Symantec
--has developed.
This technique--which Clay characterized as dynamic, with heuristic-like qualities--can consider not only an apps maliciousness but also its effects on battery life, bandwidth, and other variables. He said his team seeks to collaborate with app vendors by giving them access to reputation-based data and by vetting every app, an approach that he said allows companies to avoid burdening the end user. It also provides a potential safety net for exploits that developers inadvertently leave open, applications developed in-house, and apps that were initially released in legitimate form only to be republished in malicious form.
Tim Wyatt, lead security engineer for Lookout, similarly advocated an approach that does most of the heavy lifting on the backend. In an interview, he stated that Lookout has built a mobile threat network of over 25 million registered devices that, according to the companys
website
, is constantly analyzing threat data worldwide to identify and proactively block new mobile threats as soon as they emerge. He asserted that the benefits from discovering telemetry of other users in our network are much bigger than [mere] detection.
In short, many antivirus apps provide little protection but some security vendors manage to buck the trend, mostly by compensating for the root access limitation. Nevertheless, Wyatt asserted that there are no one-size-fits-all solutions and that businesses must adopt comprehensive strategies that fit their needs.
When it comes to such strategies, Mike Davis endorsed MDM/MAM tech that blacklists malicious programs and otherwise manages what can be installed on workplace devices. He said the long-term solution, however, involves separating work data from personal data--a capability that vendors such as RIM, with
BlackBerry Balance
, and AT&T, with
Toggle
, have begun to offer.
Nonetheless, MDM and MAM products might not complete the equation either. Davis also said workers need training. The best way to avoid problems is to not install questionable applications, he remarked, but some users knowingly download dangerous apps from unofficial marketplaces because they mistakenly believe benefits justify the risk.
Cisco representatives have similarly looked outside application-based protection, arguing that security measures be implemented into
networks themselves
. Jack Danahy, director of IBMs Institute for Advanced Security, meanwhile, suggests a more low-tech consideration: that security might be simpler if users confine themselves to the apps they actually
need
for productivity, rather than trying to include--and protect--every function imaginable.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Does Mobile Antivirus Software Really Protect Smartphones?