Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: iPhone Developer, SEO Journal, Macintosh Magazine, Microsoft Developer, CIO/CTO Update, Telecom Innovation, Android

Blog Feed Post

Malware, Malware Everywhere

Google/Android, Apple/iOS, Microsoft/Windows Phone, they ALL need to be more upfront with their users

By Steve McMaster - I want to preface this by saying that I’m an Android fan boy. I’ve owned a device running each and every version of Android at some point, from the G1 with Android 1.0 (did it have a codename?) through my Galaxy Nexus with Ice Cream Sandwich, and Jelly Bean coming soon. I have also never owned an iPhone. Just wanted to get that out there, in the interest of full disclosure.

That said, I’m really growing tired of reading articles about “Malware discovered in Google Play”, “First Malware ever in the App Store”, “Malware went undiscovered for weeks in Google Play”.

It’s not really news – People write malware, people distribute malware, people install malware – It happens. I shake my head at people who run Windows computers and don’t have good anti-virus software installed. I have 3 Windows computers at home (well, my girlfriend does, I really only use my Mac). They all have AV on them (ESET NOD32 if you’re curious). And you know what? I’ve got an AV-type malware detector on my phone, too (Lookout Security).

The thing about malware is that it’s out there and its not going to go away. If the fact that it got past Apple (granted, after however many years) says anything, it’s that you can try and try and try and you’ll still get it. There will always be security flaws in software, there will always be hackers, there will always be viruses/malware/etc. The fact that the news outlets on the Internet feel the need to report each and every time malware is found is indicative of something…but I’m not sure what. It’s like the news reporting on every time someone gets a parking ticket. There’s no need to inform the public about it. At best, you’re going to annoy the readers. At worst, there could be a lot of people getting parking tickets and you’re going to make people think the local police are getting overbearing with parking tickets.

The fact of the matter is, Google/Android, Apple/iOS, Microsoft/Windows Phone, they ALL need to be more upfront with their users about the fact that some sort of virus or malware protection needs to be installed. They could even take the route Microsoft ALREADY took with Windows on the desktop and include a pretty basic version in the OS. Google could easily pick up someone like Lookout and integrate the malware scanning into the base OS. Sure, Apple tends to fight that stuff at the App Store level, but having something integrated into the OS wouldn’t be a bad idea either. And at that point, why not integrate the scanning into app submissions? If you can detect the Malware before it gets accepted to the app store then you eliminate a huge chunk of the problem. My guess is that there ARE scanners checking apps before they get submitted to the store, but obviously things are getting through. So, are the scanners that bad that so many things are getting through, or do we not have the details about how many ARE getting stopped?

What it comes down to is this: Owning a smarter phone is great, it lets you carry the Internet in your pocket, stay connected, etc, etc. But you have to remember something important. YOU’RE CARRYING THE INTERNET IN YOUR POCKET. Your phone is now just as connected to the Internet as your computer. And if you’re affording your computer some sort of protection because its connected to the Internet, why wouldn’t you do the same for your phone? Assuming something is safe just because its not running Windows has been proven to be a bad security tactic (I’m looking at you, Apple). Do yourself, your data, and the poor people who are tired of reading articles about malware in the app stores a favor – just be smarter about your phone.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.