Not that long ago, lots of people would have laughed at the very thought of malware ever afflicting a tablet or smartphone. Now, while some users still question the need for mobile security software, this type of product is no longer widely regarded as some kind of joke.
“There’s no such thing as an Android virus (yet),” wrote snapper.fishes in the Android Lounge forum. That was way back in December of last year, though. “There has yet to be a single case where someone downloaded a malicious application [to an Android device] without knowing it,” he scoffed.
Only about four months later however, another user, dylo22, posted the following comment to the same forum: “It’s interesting how in a few months time the Android community went from, ‘Android doesn’t need antivirus’ to, ‘What’s the best AV to install?’”
Analyst: ‘A rise in malware targeting mobile devices’
“There have been a number of new threats in recent times [due to the] open source nature of OS like Android [and the] rise in malware specifically designed to target mobile devices,’ noted Nitin Bhas, an analyst at Juniper Research, in an email to TabletPCReview this month.
Earlier this year, Google pulled a bunch of malicious apps off of the Android Market. Hackers had produced the nasty apps by taking legitimate apps from the Market, decompiling them, adding malware code, and then reposting the apps online.
Malicious apps like these can fool the user into granting permission for the app to receive text messages and to read and write the browser’s history, for example, thereby allowing the app to sneak around to phishing sites.
Apple’s iOS Gets an ‘Approved’ Anti-virus Product
“Apple’s IOS is [on] the safer side in terms of security,” Bhas acknowledged. “But considering the sheer number of Apple devices, [iOS] is starting to become very attractive to malware developers.”
Indeed, in August of this year, the first Apple-approved antivirus (AV) software turned up in the App Store. While the two events aren’t necessarily related, Intego released its VirusBarrier iOS product shortly after a team of hackers discovered a vulnerability in the way that iOS handles PDF fonts.
The hackers used this vulnerability for jailbreaking purposes. However, a number of security researchers have reported that, alternatively, the same flaw carried the potential for use in distributing malicious PDF files to users, since it had been publicly made known over the Web.
VirusBarrier iOS is more limited in its capabilities than anti-malware software for PCs and Android tablets, for example. Due to the technology used in iOS, apps can’t see the file system. VirusBarrier iOS can only be used for on demand scanning of email attachments or files downloaded from the Web or from cloud services like Dropbox.
Intego’s software for iOS is designed to detect and eliminate viruses in these files that mobile devices might pass along to Windows and Mac PCs, in addition to scanning iPad, iPod touch and iPhone devices for spyware, keyloggers, and malicious .zip files.
‘An uptick in malware, particularly on Android’
Meanwhile, growing numbers of companies — including big names like Symantec, McAfee, Kaspersky, and mobile security specialist LookOut Mobile Security — are now offering mobile security software for Android tablets and phones.
Typically, these products are meant to protect Android gadgets against viruses, spyware, trojans and bots, as well as to provide Web site filtering to help safeguard users from unknowingly visiting phishing sites. Some suites provide additional features such as a mobile device lock, backup and restore, and anti-theft capabilities.
“We’re seeing an uptick in malware, particularly on Android,” maintained Mark Kanok, group product manager for Symantec’s mobile division, in an interview with TPCR.
Although vendors disagree on exact statistics, all of them point to a big hike in bugs. Symantec estimates that the number of malware apps for Android has increased from 50 to 200 over the past year. Lookout counts a rise from 80 malware apps to 400 within the first half of this year. Kaspersky has identified 69 forms of malware for Android, but with 800 different modifications within those 69.
Vendor Claims: Hype or Reality?
Some users still dismiss such vendor claims as hype. “People have the perception that tablets are less susceptible, that they are not like PCs,” conceded Tim Armstrong, a malware researcher at Kaspersky Labs, in another interview.
In online forums, some people have argued that users of Android devices can’t get infected by malware unless they give permissions to apps for root access.
“Android runs on Linux, which is much more secure. Apps are sandboxed from each other, and root access is something that has to be explicitly given,” wrote SPCS, also in the Android Lounge. “That makes it a lot more secure and harder to infect.”
Some Android users have also voiced concerns that certain anti-malware products might hog memory or drain battery life, although opinions seem to vary considerably on that score.
Are Mobile Security Suites’ A Must’?
Additional exploits have emerged on Adobe Flash, observed Gary Davis, senior group manager at McAfee. “Hackers like to target Flash because it runs across many different OS, including Android,” he elaborated, during another interview.
Last fall, for instance, Adobe confirmed that a security flaw in all editions of Flash Player — including those running on Android, Windows and Macintosh — had been actively exploited in attacks against Adobe Reader.
Then in June of this year, Adobe acknowledged that another Flash Player bug had been used by hackers to steal the log-in credentials of GMail users.
“Mobile security suites are indeed ‘a must’ regardless of how quickly OS (operating system) manufacturers can patch up security holes or possible exploits,” according to Juniper’s Bhas.
“Our research with vendors indicates that though security patching and exploit prevention minimize the negative impact of malware, they will cover only a small part of the potential threats,” according to the analyst.
Meanwhile, Microsoft plans to embed the engine behind Microsoft Security Essentials (MSE), a free downloadable security package for Windows, directly into Windows 8, a forthcoming OS that will run on both PCs and ARM tablets.
Although not everyone agrees that anti-malware software is a necessity on mobile devices, more and more users seem to be moving in the direction of thinking that a dose of protection certainly can’t hurt, especially if the mobile security software is inexpensive — or even better, free.
Tablets in Business
Businesses are refocusing their mobile strategies and turning to tablets. But new devices present new challenges for IT and decision makers. JoinTabletPCReview in exploring the world of enterprise tablets, with news and solutions-oriented analysis.
Jacqueline Emigh also contibuted to this report