Antivirus firms "misreporting" mobile malware

 

Gallery

By Stewart Mitchell

Posted on 17 Jul 2012 at 09:05

Antivirus firms are overstating the scale of mobile malware, according to a network-level mobile security firm.

Security vendors have claimed that the number of malware variants they see is growing at an alarming rate. In May, one security vendor reported the number of threats had grown by 1,200% in one quarter - although there is plenty of scepticism surrounding the motives for such high estimates, with one Google executive last year branding the industry as "charlatans".

"When it comes to Android malware, we see a different story," said Ciaran Bradley at AdaptiveMobile, whose software runs on mobile operators’ systems to block malware before it reaches users. "We’re not denying that mobile malware isn’t out there, but we don’t see it spreading in the same way that traditional PC antivirus vendors are suggesting."

According to Bradley, the problem is exaggerated when using figures that include every new variant, with crime gangs able to create thousands of samples in a week.

We’re not seeing the levels of infection that would correspond with the number of samples that are out there

"I can’t go into specifics because our clients wouldn’t be happy, but we’re not seeing the levels of infection that would correspond with the number of samples that are out there," he told PC Pro. "It would be better if the industry talked about the number of infected devices. When the different antivirus companies are talking about samples, it doesn’t really help."

Irrelevant samples

Bradley said that the majority of malware samples would never be a threat to most users. "You need to think about where people might get those samples," he said. "If you start plotting families [of malware], that’s more useful, especially in China and Russia – with Russia there are people creating new variants every day and if people are collecting samples of all of them it can skew the numbers.

“With China there’s no official [app] market so there are fake app stores that spring up and they’re not protected or policed in the same way that the official Google Play is," Bradley said. “If they’re getting the sample from there and file-sharing sites, there’s probably not much chance of most people getting them in real life.”

Bradley said the situation was improving, with companies like Sophos releasing figures of actual infections and the most common variants. Even then, Sophos admitted its sample size was “relatively small, as our free Android antivirus (which reported the stats back to us) has only been out for a couple of months”.

Best estimates?

In a May press release reporting the 1,200% increase claim, McAfee pointed out that much of the increase was down to new ways of testing, but the majority of the headlines predictably focused on the big number.

McAfee admitted it was difficult to assess the levels of malware because there was no real benchmark. "Objectives for the security industry are generally one of the hardest things to find," said Raj Samani, CTO for McAfee EMEA. "The actual number of malware infections, for example, is almost impossible to measure."

Samani said the need to warn companies and individuals of the potential threat justified the figures used by the industry. "As an industry, the publication of such statistics is imperative to provide trending with regards to the scale of the issue, and of course they are objective," he said.