Monday, December 10, 2012

Built-in Antivirus software Android 4.2 inexcusably weak


Scientists at the State University of North Carolina (USA) presented the results of the study, which shows a completely unacceptable level of malware detection in the new Antivirus from Android developers. As it turned out, the new service for local verification of Android-applications submitted in a fresh version of the 4.2, detects no more than 15-20% of known malware.

According to the latest information, the Android platform is analogous to Windows mobile platform in the world - for example, by popularity. On the other hand, this popularity is unpleasant underside: the growing popularity of the platform calls attention by cybercriminals and malware writers. For example, according to antivirus company Sophos devices running Android OS less secure than devices based on iOS or Windows Phone. Even the U.S. intelligence agency FBI in October issued a special statement on the risks that threaten users Android.

Android platform developers clearly understand that their system needs increased security. In September this year, they have absorbed the company VirusTotal.com, which specializes in measuring the effectiveness of different vendors. After absorption in the platform of Android 4.2 'Jelly Bean' got its own service for testing applications, designed to detect potentially dangerous software directly on the machine user.


Despite the apparent efforts of developers Android, their results are only disappoint. Single illustration is the research, which was recently published Xuxian Jiang, assistant professor of computer science at the University of North Carolina. According to this study, a brand new Android service defines only from 15% to 20% of known malicious Android-applications. Also in this study found that a third-party anti-virus software for Android work far better in terms of malware detection. In particular, the detection accuracy in the decisions of Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky Lab and Kingsoft varies from 51% to 100%.

In their study, Associate Professor Jiang shows that the work of corporate anti-virus Android-based on comparing cryptographic hashes SHA1. This approach is designed to detect known malware files on its hash value, was 'weak and easily overcome.' Virus writers can simply repackage or slightly modify your files to the hash code of the application is completely changed. Incidentally, this fact makes antivirus developers gradually go beyond traditional virus detection signatures.

According to Jiang, the current approach to cloud security Android (Bouncer system for testing applications in the store Play Market) just need to be complemented by a powerful local tools to monitor malicious applications. At the same time, the traditional method of detecting the signatures obviously does not apply to the present situation, because it does not allow the speed to keep up with the creation and development of viruses. Jiang believes that Android developers should collect as much information about the applications, to the best legal framework, then a bunch of server technology and client technology Bouncer VirusTotal can be a powerful and useful tool for virus protection. It should also be noted that the intrinsic utility VirusTotal, presented in June, before absorption, revealed many more viruses than its modified version, built-in Android 4.2.

Links: http://www.cs.ncsu.edu/faculty/jiang/appverify/

No comments:

Post a Comment