Most Users with Free Android Antivirus Scanners aren’t Protected

November 30, 2011

Many free AV apps exist for the Android market but new comparisons by AV-TEST, a globally recognized security institute out of Germany, uncovered sobering security failures when they took the AV products through their paces.

The products to come out best were for-pay services from “Kaspersky and F-Secure, which detected at least 50% of all malware samples already in inactive state.”

Among the free options “Zoner AntiVirus Free was best with 32% detected malicious apps. All other scanners detected at best 10% of the apps; some didn’t detect anything at all.” Commenting on the results AV-Test said, ‘the circulation of obviously near to useless security apps endangers those, who trust them.’

AV-TEST’s test results are shocking, particularly as the advice given by security experts is that all smartphone users need anti-malware software in place. Yet those who diligently installed one of these free programs, has an entirely false sense of security.

The program with the lion’s share of installations is Antivirus Free by Creative Apps who, along with GuardX Antivirus and LabMSF Antivirus beta, failed to identify any malware in either the manual or real-time on installation scan.

Not only should these ineffectual products be purged from the Android market, there should be a howl of protest from consumers insisting that apps claiming to protect consumers actually do so – and be required to show how well they protect in their descriptions.

Below are two tables from the research, click here to read the entire report.

Linda

Advertisements

Top Tips to Avoid Malicious Apps

November 28, 2011

17.7 billion mobile apps are estimated to be downloaded in 2011 (a 115% increase from 2010). By 2012, mobile apps are projected to generate more than $15 billion in app store revenues from end-users alone, according to “Forecast: Mobile Application Stores, Worldwide, 2008-2015,” by Gartner.

“As the application market continues to boom, users should be more cautious that they know what they’re installing,” said Lawrence Pingree, Gartner analyst. “For example, they should only install applications from trusted sources and ensure that permissions match up with the respective application’s core features. Anti-malware protection will also go a long way in helping to ensure the user’s mobile device has the latest protection.”

To help consumers stay safer when selecting mobile apps to download, McAfee has just released their Top Five Tips to Avoid Bad Apps.

These include:

  1. Although smartphone malware is remains a relatively low threat compared to malware targeting PCs; being aware that it exists is the first step toward protecting yourself and your data.
  2. Always research any app and its publisher and check the ratings before downloading – you’re safer if you install apps that are broadly used or are recommended by friends or colleagues.
  3. Purchase from a well-known reputable app store market. For Android users, avoid installation of non-market applications by de-selecting the “Unknown sources” option in the Applications Settings menu on your device. If the option is not listed, it means your mobile service provider has already done this for the user.
  4. When installing an app, pay attention to the list of permissions it wants to access the hardware and software on your device, like your contacts, camera and location. If it wants permissions for things the app doesn’t need, don’t install that app! For example, an alarm clock app shouldn’t need to access your contacts or have the ability to transmit that data from your device.
  5. Install antivirus software on your phone. Always install an antivirus program when you get a new mobile device – before you add any other apps.

“Maliciously modified apps have started to become more prevalent,” said Vincent Weafer, senior vice president, McAfee Labs. “Based on McAfee detections, we’ve seen approximately 200 malicious apps versus tens of thousands of good apps. However, with mobile devices becoming a targeted platform for malware, it’s becoming more common for cybercriminals to attempt to corrupt a legitimate app. The best advice for users is to be careful, protect the mobile device and the mobile apps that reside on the device.”

These are tips to live by.

To learn more about mobile threats, see my blogs It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected.

Linda


Virtual Goods and Subscriptions for Mobile Devices Nearly $5B by 2016?

November 6, 2011

Fifteen years ago buying ringtones and swapping .3 megapixel photos was cutting edge, now global revenues from mobile virtual goods and premium subscriptions is projected to stretch to $4.7 billion USD by 2016, according to Juniper Research’s “Virtual Goods – Real Revenues on Mobile” study released this month.

Juniper defines virtual goods, as intangible, digital items which cost little to produce and are often sold in bulk at low prices, typically for about $1 USD each. Many virtual goods are digital depictions of physical goods – like the berries in Farmville for example – and Juniper says in-game items are a major source of virtual good revenue for many sites.

The kicker for consumers will be determining if the digital downloads are safe, or carry a bonus malware payload.

In my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, I explain why the surge in mobile revenue feeds the mobile crime rate:

The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?

Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.

As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:

Size of opportunity: There are now more than five billion connections worldwide and analysts predict this will surpass the six billion mark in 2012. More than 500 million of these phones today are smartphones that enable the rich features companies and crooks need to drive revenue, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media.  As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.

Cost of investment drops: As industry pressures condense the number of mobile platforms, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.

Risk – From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe. Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.

Risk – From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks,  security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made.  Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

We’ve already begun to see the damage. Android (Google) has had at least two embarrassing episodes with their mobile apps – see my blogs More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected. And as more users go outside the ‘tested apps in walled gardens’ like Apple’s and the ones carriers provide, the insertion of malicious code into apps will increase.

The bottom line: There is no substitute for strong security protection on your device.  There are a number of mobile security suites available to compare these TopTenReviews has created an excellent mobile security software comparison chart for consumers. Be sure you install one.

Linda


Great Infographic with Sobering Stats on Mobile Malware and User Ignorance

September 12, 2011

Over half (53%) of smartphone users say they are unaware that there is security software available for smartphones according to research by security company BullGuard, a shocking data point when mobile malware is skyrocketing.

In just the first six months of 2011, malware aimed at the most vulnerable platform, Android, has grown by 400% according to BullGuard, but that isn’t to say that Symbian, Apple or Windows Mobile users are safe.

The company has just released a new infographic titled Mobile Malware: – The Growing Threat of Smartphone Hackers & What You Need to Know’ that gives a great overview of the landscape of mobile malware, the lack of awareness about mobile threats among consumers, and what to expect for the second half of this year and into 2012 (the news isn’t great).

By the time you’ve finished scanning through the infographic, you may just be persuaded to install the mobile security software smartphones now desperately need.

Linda


It’s not Just British Tabloids; Cell &Email Snooping is Increasing

August 3, 2011

The phone hacking scandal that’s rocked Britain, shut down the 168-year-old News of the World tabloid, led to the resignation of high ranking British police officials and Downing Street’s communications director, and put Rupert Murdoch in the hot-seat is but one symptom of an overall increase in cell and email snooping.

While the British scandal centers around the hacking of a murdered schoolgirl’s phone, and the subsequent hacking of phones belonging to rich and famous people, relatives of slain servicemen killed in Iraq and Afghanistan, and possibly the families of British victims of the 9/11 attacks, most cell phone and email hacking is much more mundane.

According to a July 2011 Retrevo Gadgetology Report, snooping by romantic partners via email and cell phone is on the rise. – And they didn’t survey those who are snooping on ex’s.

Among their findings:

  • Overall, 33% of respondents said they had checked the email or call history of someone they were dating without them knowing in 2011, up 43% from 23% in 2010.
  • 47% of respondents younger than 25 have snooped, up 24% over 2010.
  • 41% of women admit to having checked the email/call history of a romantic partner or spouse, 28% higher than the 32% of men who have done so.
  • 32% of overall respondents say they would secretly track a spouse/partner using an electronic device if they suspected wrongdoing. This includes 33% of women and 31% of men, giving women a 6% edge.
  • 59% of overall parents say they would secretly track a child using an electronic device if they suspected wrongdoing. This includes 64% of mothers and 53% of fathers, making women 21% more likely to snoop on a child.
  • Slightly more married couples snoop on their spouses (37%).
  • The number of parents snooping is highest among parents of teenagers, with 60% snooping on their kids and possibly for good reason, as 14% of those parents reported finding something they were concerned about.
  • Overall, adults are 84% more likely to secretly track a child than a spouse/partner. This differential is 94% for women and 71% for men.
  • 34% of parents of children age 13-19 have used Facebook to learn more about the parents of their children’s friends. This makes parents of teens the most likely of all parents of children younger than 20 to snoop on Facebook in this way, followed by parents of children age 6-12 (29%) and children age 0-5 (25%).

­­­­9 Steps to avoid becoming a phone or email hacking victim

A few basic precautions can significantly reduce the chances your phone or email will be hacked by friends or romantic partners, ex-friends or -romantic partners, students, teachers, parents, children, or others you know.

  1. PIN/password protect your cell phone and email.  Strong, unique, PIN numbers and passwords are a must.  Choosing ‘password’ or something else obvious doesn’t cut it. The same goes for PIN numbers. You must change your phone’s default PIN number to something unique. Choosing easy to guess numbers like your birthdate or ‘1234’ is asking for trouble.
    1. Once you have created safe logins don’t tell anyone what they are and change them periodically.
  2. Be consistent about locking your phone and email accounts. All the passwords in the world are useless if you leave your account/phone unlocked and unattended. Make a habit of locking accounts whenever you are not in control of the device – whether it’s your phone or your computer.
  3. Do not use any automatic sign-in functionality or password reminder tools on shared computers.  If you do, everyone who shares the computer may have full access to your accounts.  XXXXXX Similarly, many phone services allow you to call your own voicemail without having to enter your PIN if you call from your own phone number. While this is convenient for you, it’s even more convenient for someone else who wants to hear your voice messages.  The problem is that your voicemail isn’t actually checking to see if the call came from your phone, it just checks to see if it came from your phone number which is very easy to spoof or fake.  All someone has to do is use a service like SpoofCard that allows a user to make their number appear to be whatever number they want it to be – like yours. Then they dial ‘their’ number to hear your messages.  By the way, SpoofCard now allows you to spoof SMS’s as well. Just imagine how much additional damage this can cause in the hands of a bully, stalker, or other freak with malicious intent.  To best protect yourself, skip the convenience of automatically retrieving your voice messages, and set your voicemail to require your PIN to keep would-be snoopers at bay.
  4. Use strong, up-to-date security products on your cell phone and computers. All it takes to learn everything on your device is one little piece of malware – and there are only two things between you and an infection: 1) Strong security software, and 2) your ability to spot fraud.
    1. Strong security software: Most professional hackers collect passwords using malware that has been installed on your computer or mobile phone, and savvier snoopers can do the same. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference and Malware reaches New Highs, Spam Dips; Mobile Malware New Frontier.
    2. Your ability to spot fraud: Spam and scams come at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these  14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the webpage) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.
  5. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker. Since many smartphone users use free WiFi hotspots to access data (and keep their phone plan costs down) smartphones are also more susceptible when leveraging public networks.
  6. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware and More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware.
  7. Check your computer and phone for monitoring tools. Family safety tools are designed to help parents protect their children, but all too often these tools are used to monitor spouses, friends, ex’s, etc. To know if you are being monitored – and all your interactions recorded and reported – you’ll need to check for monitoring tools. Online Tech Tips has an article titled How to detect computer & email monitoring or spying software that can be quite helpful.
  8. On phones, consider who sees your monthly statement. If family members have access to your statements, they can see who you called (phone number look up), who called you, and the times of day these occurred. This is also true of your text messages. If this is more information that you want snooped through, get your own plan and don’t leave your statements lying around.
  9. Don’t use location tools that track and broadcast your location.  There are two types of location tools, those that you can ping to get information like driving directions, and those that track your location to broadcast to others. If you don’t want to be snooped, tracked or stalked, don’t use a tool that can track you.

Applying these precautions to your mobile and email usage will not guarantee that you aren’t snooped or hacked, but they will go a long way towards protecting you from the snoops in your life.  If nearly half (47%) of the under-20 crowd are snooping, the non-snooping half had better start defending.

Linda