Traditional antivirus vendors are doing a good job detecting and blocking known mobile malware, according to Av-Test, a Germany-based independent service provider that tests antivirus and antimalware software.
The firm tested the detection capabilities of a variety of available Android mobile security apps using a malware set of 618 malicious application package (APK) files. Malicious apps that were discovered between August and December 2011 were included in the test set.
Avast, Dr.Web, F-Secure, Ikarus and Kaspersky rated highly, according to the firm’s latest analysis, Test: Malware Protection for Android 2012 (.pdf), issued today. Zoner and Lookout, two independent security firms with mobile security apps also performed well, Av-Test said. The apps had a detection rate of more than 90%.
Products that fell between 65%-90% included AegisLab, AVG, Bitdefender, ESET, Norton/Symantec, Quick Heal, Super Security, Trend Micro, Vipre/GFI and Webroot. Despite falling below 90%, Av-Test said the mobile security apps are still very good and should be considered.
“Some of these products just miss one or two malware families, which might be not prevalent in certain environments anyway,” Av-Test said in its report.
Mobile malware continues to make up about 1% of overall malware, but despite the threat currently being minimal, experts at RSA Conference 2012 have pointed to a variety of attacks, from banking Trojans to SMS fraud, which could pose a threat to enterprise networks. Some say attackers are not too far away from weaponizing applications to perform a variety of functions all aimed at collecting as much data as possible about the device owner.
Judging by the attendance at the mobile sessions during the conference, it’s clear that security professionals are concerned about mobile device security and are looking for ways to gain control and visibility into employee devices at the endpoint. Both Google Android and Apple iOS have been built with security features right into the platform.
“I would go as far as to say they are probably the most secure platforms ever built,” Kevin Mahaffey, CTO of Lookout told me in a mobile security interview at RSA Conference. Sandboxing and granular permissions that limit the device capabilities available to installed mobile applications make it much harder for an attack to be successful, Mahaffey said.
“We haven’t really seen malicious use of vulnerabilities on mobile devices yet, but plenty of researchers have demonstrated that it’s possible. There’s no magic pixie dust in iPhone or Android that makes it somehow immune from all the problems on the desktop,” Mahaffey said.
Anup Ghosh, founder and CEO of browser security vendor Invincea, shares a different view about the
Android platform. At RSA Conference, Gosh told me Android users should be concerned about mobile malware. Apple has done a good job of controlling its platform, keeping its ecosystem closed off to potential malware writers. Meanwhile, Android is using Java as part of its sandboxing strategy. It’s highly buggy, Ghosh said, with a lot of native interfaces to the underlying firmware.
According to Gosh: “When you download an app from the Android store you are giving explicit permissions, giving that app access to all kinds of system resources, which are all holes to that sandbox. It’s a fairly rich environment for adversaries to write malware. We’re still early as far as malicious code development goes, but they will follow the money.”
It doesn’t hurt to have a layer of security for protection. Mahaffey said a good mobile security app can protect device owners from malware or spyware, provide safe browsing capabilities and locate lost and stolen devices.
Av-Labs said that its test determined a grouping of 17 trustworthy mobile security apps. Even if a mobile security app performed poorly in its detection tests, some have other capabilities such as remote lock and wipe, backup and phone locating that may make them useful.
The firm tested the latest version of available mobile security apps using an Android emulator running the Gingerbread version of Android. The results were verified on a Samsung Galaxy Nexus running the latest Android version, Ice Cream Sandwich.