Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smartphones - Anti-virus software not needed?


  • Please log in to reply
3 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 11 December 2013 - 07:28 PM

Recently some interesting articles were published on the use of anti-virus software for smartphones. The links are listed below:
 
(1) Paper by Georgia Institute of Tech. & Damballa - "Analyzing Malicious Traffic in Cellular Carriers"
(2) Antone Gonsalves - "Let's dump anti-virus software and move on"
(3) Economist magazine, 12.03.13 - "Thief in your pocket?"
 
The crux of the above is that the rate of malware infection in mobile devices is so slight that the use of AV software is not warranted. Reference #1 concluded from their study that the rate of infection is approximately 0.0009% of mobile devices. Reference #3 concludes that as long as mobile device users acquire apps from Google and Apple app stores, and practice safe surfing habits, these users should not worry about mobile device malware.
 
I am interested if anyone has counter arguments. Do you agree that AV software is not needed? Is there something missing from these arguments? Comments?


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:36 AM

Posted 12 December 2013 - 10:11 AM

I don't use smart phones but here is some more reading material.

* Do smartphones really need antivirus software?
* Does your smartphone really need antivirus software?
* How effective is antivirus software on smartphones?
* Does Mobile Antivirus Software Really Protect Smartphones?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 12 December 2013 - 05:28 PM

I think there is an observation bias here (paper #1): only smartphones that showed obvious signs of infection were counted (that's what I get from the abstract, didn't read the paper).

 

In the PC world, a lot of malware is stealth. If nobody sees it, nobody reports it, it is not counted.

 

Second: several smartphone OS's offer no API's at all for AV applications to be able to perform.

 

For example, in iOS, an AV app is like any other app, it has no special privileges or access so that it can monitor the phone resources for malware.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:36 AM

Posted 13 December 2013 - 07:40 PM

Hi,

 

the security settings in Android (I don't know for iOS) are very layered and split up, therefore you can control what an app can or can not do on your phone before installing it.

If you're installing a screensaver, for example, and it demands the permissions to be able to make phone calls, you might decide to go look for another screen saver.  This is something that is inherently different on Windows and also in general on PCs. While you can separate between Admin and not-admin on PC, you don't separate the access to different features of the OS, so it's easier to find a process to exploit because all of them will give you the power you want on the PC.

In addition you retrieve your programs from one authorative location, normally, that makes it a lot harder to introduce malware because people will not just run that installer they got from a random website and in some cases the OS won't even allow it.  So the phone OS are more secure by default.

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users