Antivirus firms "misreporting" mobile malware
By Stewart Mitchell
Posted on 17 Jul 2012 at 09:05
Antivirus firms are overstating the scale of mobile malware, according to a network-level mobile security firm.
Security vendors have claimed that the number of malware variants they see is growing at an alarming rate. In May, one security vendor reported the number of threats had grown by 1,200% in one quarter - although there is plenty of scepticism surrounding the motives for such high estimates, with one Google executive last year branding the industry as "charlatans".
"When it comes to Android malware, we see a different story," said Ciaran Bradley at AdaptiveMobile, whose software runs on mobile operators’ systems to block malware before it reaches users. "We’re not denying that mobile malware isn’t out there, but we don’t see it spreading in the same way that traditional PC antivirus vendors are suggesting."
According to Bradley, the problem is exaggerated when using figures that include every new variant, with crime gangs able to create thousands of samples in a week.
We’re not seeing the levels of infection that would correspond with the number of samples that are out there
"I can’t go into specifics because our clients wouldn’t be happy, but we’re not seeing the levels of infection that would correspond with the number of samples that are out there," he told PC Pro. "It would be better if the industry talked about the number of infected devices. When the different antivirus companies are talking about samples, it doesn’t really help."
Bradley said that the majority of malware samples would never be a threat to most users. "You need to think about where people might get those samples," he said. "If you start plotting families [of malware], that’s more useful, especially in China and Russia – with Russia there are people creating new variants every day and if people are collecting samples of all of them it can skew the numbers.
“With China there’s no official [app] market so there are fake app stores that spring up and they’re not protected or policed in the same way that the official Google Play is," Bradley said. “If they’re getting the sample from there and file-sharing sites, there’s probably not much chance of most people getting them in real life.”
Bradley said the situation was improving, with companies like Sophos releasing figures of actual infections and the most common variants. Even then, Sophos admitted its sample size was “relatively small, as our free Android antivirus (which reported the stats back to us) has only been out for a couple of months”.
In a May press release reporting the 1,200% increase claim, McAfee pointed out that much of the increase was down to new ways of testing, but the majority of the headlines predictably focused on the big number.
McAfee admitted it was difficult to assess the levels of malware because there was no real benchmark. "Objectives for the security industry are generally one of the hardest things to find," said Raj Samani, CTO for McAfee EMEA. "The actual number of malware infections, for example, is almost impossible to measure."
Samani said the need to warn companies and individuals of the potential threat justified the figures used by the industry. "As an industry, the publication of such statistics is imperative to provide trending with regards to the scale of the issue, and of course they are objective," he said.
Is your business a social business? For helpful info and tips visit our hub.
Anybody using % figures just to arrive at an impressive looking (i.e. big) number should be ignored as a matter of course. "A twelve-fold increase" would be a more natural way of putting it, but of course spotty sub-editors think 1200 is a 'better' number than 12.
By martindaler on 17 Jul 2012
Rooting software labelled as malware
I tried to download a well known and highly regarded rooting application for an Android phone. My corporate Trend OfficeScan blocked it and labelled it as malware. I had to root the phone manually using ADB shell commands. [Thankfully, ADB was not blocked!]
By Paul_Jackson on 19 Jul 2012
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords