News  General

From desktop to mobile

There’s a scam criminals love to pull, one adapted from the desktop: bogus antivirus apps. Think about it: You’re browsing the app store when you see Malware Killer Pro Free, which looks totally legitimate and promises complete, real-time protection from viruses, spyware, phishing, the whole enchilada. And maybe that’s exactly what it does—or maybe it’s a fake, an app that gathers up your private data and sends it off to the bad guys.

Among the new threats discovered last year was a malicious Google Android application that once downloaded would use a security vulnerability to take control and quietly begin sending premium rate text messages. The number was set up by the malware developers, netting them instant profits.

The relative vulnerability of Android phones and the iPhone is a major advantage in the corporate market for the BlackBerry. It can be easily set up by IT departments to use strong encryption and so that users cannot download applications.

Mobile security

Modern smartphones like iOS and Android don’t work like that. Instead, each app is given its own work environment, and is unable to access other apps’ data. Think of it like if you were to run every single application in its own VM. This, by itself, is a huge security improvement, and means that no malicious software can do much harm by simply being installed. Then, at least in the case of iOS, there’s the additional benefit that any app must be downloaded from the App Store, and is vetted against potential problems. In the case of Android, Google introduced “Bouncer” to help scan for problem apps, but it’s not foolproof.

Now, we’re starting to see corporate security suites implement various smartphone-related features as well. For example, if someone VPNs into the network using a smartphone, the model can be checked to see that it supports security features, or otherwise blocked. So right now my recommendation is to not worry about trying to get antivirus software to run on the phones themselves. Not only is it barely effective, but like any background process, it takes up valuable battery life and resources. Instead, if you have very sensitive documents, don’t allow them to be used on a Smartphone, implement the already-existing security features that come with any good smartphone, and you’ll be in good shape.