ITsecurity
twitter facebook rss

Mobile Malware: Should I Keep Taking The Tablets?

Posted by on October 14, 2014.

I recently came across a comment to one of my blogs – it doesn’t matter which, because it didn’t actually relate directly to the article it was attached to. The commenter wanted to know whether she needed to install anti-virus onto her tablet, because ‘tablets can’t get viruses’, as her son had told her, and she wondered whether she was being conned by anti-virus companies into buying and filling up her tablet with unnecessary apps for the detection of mobile malware.

It’s sometimes difficult to tell troll from truth in blog comments, where anonymity is easy and spam is sometimes quite clever (though by no means always!), but I made a short response. And I got to thinking that at a time when for many people their phone and/or tablet is their main computing experience (outside work, at any rate), maybe there are others in a similar state of confusion, so let me expand on that theme.

Is it true that tablets can’t get viruses? “Can’t” is a big word, but it’s true that mobile devices don’t usually get ‘real’ viruses. Newsflash: while there are still occasional sightings of a high-profile Windows virus, self-replicating malware, which was once pretty much the only game in town, long ago declined nearly to vanishing point even on the platforms where they once flourished, leaving the dinosaurs of my generation as the custodians of technology which nowadays excites little interest. Unless, of course, you count the occasional journalist wanting to compile yet another ’10 viruses that once ruled the earth’, or security bloggers waxing nostalgic on the anniversary of some long-gone media virus or worm.

Other malicious software is a different matter. Whatever you may understand by the term: clearly, there’s a difference in impact between a totally destructive Trojan and joke apps or even mildly irritating adware, though there are instances of adware that’s so intrusive that it makes the system it infects unusable. And plenty of other types of malware that come somewhere in between those extremes.

The commenter didn’t say what tablet she uses, but there are many, many examples of Android malware – AV-Test apparently claims 1.8 million samples (presumably more by now) –  though opinions vary – well, Google’s does – on how much real impact they have. Some devices are more vulnerable than others, and while iOS isn’t impregnable, most iOS-targeting malware relies on the device being jailbroken. In general, Apple’s ‘iron hand’ approach to app-sandboxing and App Store whitelisting  has made iGadgets a largely malware/anti-malware-free zone, while making it all but impossible for AV companies to introduce full-strength malware detection software to the platform, though on-demand scanners for iOS do exist in a limited sense. If I can quote myself and Lysa Myers:

An approved on-demand scanner is likeliest to detect:

  • malware that isn’t native to iOS but might use the iGadget as a gateway to vulnerable systems (heterogeneous malware transmission)
  • borderline apps that are closer to the ‘possibly unwanted’ class than to unequivocal malware
  • iOS-specific malware that can only take hold on a jailbroken device.

There are a lot of security apps out there that seem to me to be of doubtful usefulness, but those tend not to be made by the mainstream anti-virus vendors. If you’re going to buy a security app – you may think it’s better to be safe than sorry, but that’s not a decision I’d want to make for you – I’d go for a product by a company with a track record in security programs for other platforms. However, there are actually quite a few free products for Android and iOS from mainstream vendors. Since I get much of my income from a company that includes mobile AV in its product range, it would be a bit flaky for me to make comparisons…

However, AV-Test have recently tested 36 security products.

http://www.av-test.org/en/news/news-single-view/36-security-apps-for-android-are-put-under-constant-fire/

http://www.av-test.org/en/news/news-single-view/30-security-apps-for-android-take-on-2200-pieces-of-malware/

And this might be a good time to note that AMTSO recently published a decent set of guidelines for anyone aspiring to test mobile products:

http://www.amtso.org/released/20140220_AMTSO%20Guidelines%20on%20Mobile.pdf

David Harley


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , , , ,