Earlier today I published a tweet via LinkedIn alerting my colleagues and followers to a vulnerability detected by Computer Associates in the Android smartphone operating system whereby premium service numbers were dialled randomly. As you can appreciate this could cost thousands of dollars in a single billing period (Trojan targeting the Androids). After reading of this new malware in the wild I thought I would quickly do a Google for Android anti-malware products. At the top of the list is an Android forum and the usual O/S bigotry was seen. This got me to publish this post.
Firstly lets define malware. According to Wikipedia malware is:
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.
Malware is in abundance across the internet and is commonly delivered in spam. As is clear, malware sources are no longer limited to programs.
As many of you would be aware there has long been a belief shown by non-Windows O/S administrators that their platform does not need antimalware protection as it does not suffer from such threats as it can not run Windows executable (.EXE or .COM) files, this argument is most often purported by Mac, Linux and UNIX administrators. In fact it was one of the main selling points for these operating systems. Whilst it is indeed true that these operating systems are less likely to be the victim of a malware attack, that has very little to do with the operating system robustness. Rather the market share of these operating systems.
All of these operating systems are significantly dwarfed by Microsoft Windows within the computing market. As such malware creators see a greater opportunity in that platform. Interstingly, Macintosh has seen significant growth and the previous bigotry towards antimalware products has been reversed as the attractiveness of attacking that platform have steadily increased.
Further, when you consider that malware has moved on from such a limited definition the belief is clearly from a bygone and more innocent era. Any system
administrator that truly believes this now needs their head read.
That said I am now seeing the same arguments being purported in relation to mobile computing devices, primarily smartphones however iPad’s and iPod’s also fit this profile. Common features of all smartphones are the ability to receive and send e-mail, browse the internet, and run applications. Further, increasingly these smartphones are based on an operating system based upon those of traditional computing devices. Android for example is a derivative of Linux. As mobile devices continue to add functionality their attack footprint grows, as does the attractiveness for the malware proponents to exploit the flaws in the devices underlying operating system. The logical conclusion therefore is that these devices will steadily increase as entry points for malware infections within the home and commercial environment.
It is thus my belief that all computing devices that access a public internet, or a private intranet, require some form of antimalware defence in the near future. Without a base level defence any network activity must be seen as a potential security issue.
Currently not all mobile computing device operating systems have a solution accessible, however many vendors of antimalware products do have some part solutions. Further development and collaboration with the mobile computing device vendors is still required so that corporations can invest in a centrally managed, device independent antimalware platform for mobile devices including RIM BlackBerry, Nokia Symbian, Nokia Maemo, Google Android, Apple iOS and Windows Mobile.
These mobile solutions should also be integrated with existing protection consoles so that Security administrators can get a true picture of all endpoint devices within their organisation and their current protection levels. That holistic approach must be a design requirement for any product for it to be truly effective within enterprise.
Note: Whilst I do not want this post to degenerate into which antimalware is better than the other, I would appreciate suggestions of products that are primarily aimed at mobile devices of all types. Sooner or later I am going to be pressed for a suggestion and would like to be forearmed.
