There's been some disagreement among vendors and researchers about whether certain types of Android apps should...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
be classified as malware, adware or something else entirely. But if even researchers can't decide, how can users? My question is, what role should enterprises have in helping users distinguish secure mobile apps from unsecure mobile apps, especially when these insecure apps could play a role in an enterprise data breach at some point?
When viruses first emerged and began to evolve, there was confusion about what to call or name malicious software. As spyware evolved in the late 1990s and early 2000s, the same debate reemerged about how to describe, classify or name the different types of emerging malware and how to differentiate them from legitimate software. Terms such as general malware, spyware, adware, potentially unwanted programs, spamware, etc., were used to define malware.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous
This variation in terminology among vendors, researchers and the rest of the industry confuses users. That's a big part of why it can be difficult for a user to decide if an Android application is actually malware. Simply by using naming conventions that seem nonthreatening, mobile malware authors can easily make their wares appear to be secure mobile apps to the average user.
In truth, malware should be classified based on what it does, not just on where it does it or what it's named. Given the multi-platform nature of attacks and the incorporation of general operating systems in many different types of products, confusion abounds when terminology refers to a coffeemaker virus and smartphone virus as two distinct viruses when, in reality, both viruses exploit the same code in the Android Linux OS that often underpins two different devices.
Enterprises that allow bring your own device (BYOD) usage on the corporate network and allow any data to be accessed by noncorporate-managed systems -- like an employee’s home computer or external email, or allowing users to install software on their systems -- definitely have a role in helping employees securely use their own devices, including smartphones. Enterprises could suggest applications that are reasonably secure to users, but evaluating all of the hundreds of thousands of apps available to users is not possible. An enterprise could recommend a third-party application list or refer users to a company that lists applications that are reasonably secure. Helping users secure their smartphones prevents data breaches.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.