Throwing Contest

by Brian Katz on April 11, 2013 · 1 comment

As my first three blog posts this week have been related to security I felt it was only fair that I continue this week with another one in the same vein. I participated in a tweet chat yesterday that was premised on the fact that mobile malware exists and what can you do to prevent it on your devices in the enterprise. Now in this case, we were making the distinction that the mobile devices we were talking about were phones and tablets and did not include laptops and desktops which have their own set of malware issues and supposed solutions.

cow pie signThe premise of malware on mobile devices has been around for a while and you can’t miss the fact that every three to six months you are going to see an article proclaiming that the last quarter or so has seen even more mobile malware in the wild. These articles will scream out facts like there were more than ninety thousand pieces of malware detected last year and will have quotes from the current malware or anti-virus flavor of the month about best practices and how to protect yourself and your device. They will tell you that the majority of malware out there is Android based but that there is some iOS malware out there as well. Immediately after the report is released, Microsoft and Blackberry will trumpet the fact that they don’t have any or almost any malware at all and you should really think of moving to their mobile OS platform.

Are you sufficiently scared yet? Well, that’s good; you’re supposed to be as far as everyone is concerned. The problem is that you’re sitting in a field of cow patties while a bunch of journalists are competing to see who can throw one the farthest. It’s all a bunch of crap designed to get you to buy software that will protect you from these threats and in most cases does absolutely nothing but slow down your mobile device. If you have an iOS device, the software can’t even operate in the background so it is quite useless, and if you have an Android device, it is dubious whether malware detection software works and in many cases it only manages to slow down your phone or tablet.

This doesn’t mean malware doesn’t exist or isn’t an issue. It just means we have to adjust the perch that we are looking from. These days, the majority of the malware that exists is not in either the Apple App store or the Google Play store. Apple has been quite vigilant about malware and currently has a very good record with keeping it out of their store, while Google has spent time ramping up to try and keep the malware out. The truth of the matter, this isn’t where you are going to get infected. If you have an iOS device, you’re going to get infected with malware if you jailbreak the device and start sideloading apps. Some people do this to get pirated apps, others do this to get apps with more functionality. The problem is that no one checks these apps and it is very easy for someone to add malware to one. Android, on the other hand, while it can be rooted, gives users the ability to sideload apps with the unchecking of a box. The Amazon app store actually requires this box to be unchecked to work on an Android device. When it comes to Android, there are hundreds of different apps stores and people can send you apps to load in a simple email if the box is unchecked.

This is why if you look at the way Android is rolled out, areas with the highest prevalence of malware are Asia Pacific and Eastern Europe. There are many unbranded app stores here and many of the applications in them are plain malware or contain malware. I suspect this is due to the app model and the affordability of apps in those regions. Most recently in the news, a bunch of Tibetan activists were hit with Android Malware that was sent through a targeted phishing email. The email contained an app that allowed the activists to send free messages over the Internet. Once the activists clicked on the email, their device was compromised.

The secret to avoiding malware is simple. Educate your users to only download apps from known sources. Discourage them from jailbreaking or rooting their device. Warn them about the perils of unchecking the security box to allow downloads from unknown sources. In short, educate your users. Explain to them what they risk if they don’t use their common sense to protect themselves. “Those really could be naked pictures of Anna Kournikova that your Mom, or your boss sent you, but most likely, it’s a piece of malware that you shouldn’t click on.” Even better, with a little common sense, clicking on the file won’t endanger you anyway.

This doesn’t change the fact that malware writers will certainly get more sophisticated and find new ways to try and infect your devices, but for now, a little common sense and reason will go a long way.

{ 0 comments… add one now }

Leave a Comment

{ 1 trackback }

Previous post:

Next post: