Security for Android?

[xguy]

There has been a lot of news including last night about a virus attacking Android smart phones. I don't have any security on my phone as i do my computer. Is there some way to combat this virus?

Thanks in advance for any advice.

 

[aysiu]

There has been a lot of news including last night about a virus attacking Android smart phones.

Viruses don't attack Android smartphones. Android smartphone users choose themselves to install trojans on their own phones.

I don't have any security on my phone as i do my computer. Is there some way to combat this virus?

Yes. Don't install trojans.

More details here:
http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

 

[droogie2799]

Viruses don't attack Android smartphones. Android smartphone users choose themselves to install trojans on their own phones. Yes. Don't install trojans.

More details here:
http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

I've seen this sort of logic posted from Android users but I am not sure if I agree. Malware does exist on Android and an anti-malware app might help you protect yourself. Of course not installing things you aren't sure of is part of it, but you have an anti-virus on your desktop right? Same logic applies there, be smart, but you still never know. With that, I would say, unless you are opposed to the background processes possibly being comsumed, why not have an anti-malware app?

 

[aysiu]

Malware does exist on Android

I didn't deny that. It exists, but it doesn't just magically appear on your device. You have to choose to install the malware yourself.

and an anti-malware app might help you protect yourself.

What evidence do you have of that? Can you point me to a single news story on Android malware that doesn't involve users installing the malware? (Carrier IQ doesn't count, because antivirus wouldn't do anything about it anyway, it comes with the phone, and you can't really uninstall it without rooting.)

Of course not installing things you aren't sure of is part of it, but you have an anti-virus on your desktop right?

No, I don't. Antivirus doesn't really do anything useful. Instead, I use real security practices (e.g., installing system updates regularly, using NoScript, using common sense, making regular backups).

Same logic applies there, be smart, but you still never know.

And antivirus still never knows. I don't know why people think antivirus companies have some secret all-knowing database that can proactively telepathically know about malware before it hits.

With that, I would say, unless you are opposed to the background processes possibly being comsumed, why not have an anti-malware app?

It's useless. And I am, as a matter of fact, opposed to background processes that are unnecessary.

 

[droogie2799]

I didn't deny that. It exists, but it doesn't just magically appear on your device. You have to choose to install the malware yourself. What evidence do you have of that? Can you point me to a single news story on Android malware that doesn't involve users installing the malware? (Carrier IQ doesn't count, because antivirus wouldn't do anything about it anyway, it comes with the phone, and you can't really uninstall it without rooting.) No, I don't. Antivirus doesn't really do anything useful. Instead, I use real security practices (e.g., installing system updates regularly, using NoScript, using common sense, making regular backups). And antivirus still never knows. I don't know why people think antivirus companies have some secret all-knowing database that can proactively telepathically know about malware before it hits. It's useless. And I am, as a matter of fact, opposed to background processes that are unnecessary.

So you regularly advise desktop users to not install an anti virus of some sort? You're opinion but I think that is the wrong move. Especially on the desktop where processing power isn't as big of a deal, there isn't a good reason not to have it.

On the device side, it is still less proven but to make a sweeping statement that says it doesn't help and shouldn't exist might be the wrong answer.

For you to ask me to show you where anti malware has helped, I would say you lock your car doors when you go to say the mall correct? Can you show me one case where this has prevented a crook from stealing? My guess is no, but yet you still practice this behavior that may or maynot help, why?

All I am saying is instead of being overly protective of a ecosystem we all love, let's be open minded and take into account that things like anti malware may be a good idea, expecially for more inexperienced users, such as my grandparents.....

 

[aysiu]

Locking car doors actually does something useful. Running antivirus doesn't. False analogy.

I can easily explain how locking a car door helps prevent some thievery. There are basically two types of car thieves--dedicated burglars and burglars of opportunity. If a car thief wants to target your car, she will come equipped with tools to open your lock, break the small window with minimal damage, and disable your car alarm. There's not much you can do there. If a car thief is just a criminal of opportunity, she want set out to commit a crime, but seeing an unlocked car with keys in the ignition, she might say "Hey, I think I'll take this for a joy ride," and there's nothing to stop her.

You know for a fact that there have been car thefts. You can see on census.gov there are thousands of car thefts. I've had my car broken into four times. I know it happens.

You have still to provide me with one example of 1) malware breaking into Android without the user installing it or 2) antivirus doing anything to stop malware that a user couldn't just do herself.

Why should I run something in the background that does nothing useful? Why should I even install it?

 

[aysiu]

With inexperienced users, I'd make the case that antivirus is not only useless but even counter-productive. First of all, a lot of inexperienced users think antivirus "protects" them, so they don't use common sense or other real security measures (installing security updates and patches) to protect themselves. It makes them complacent. Secondly, I know of a lot of inexperienced users who fall victim to rogue viruses (malware pretending to be antivirus that needs to remove infections). Their paranoia about malware (instead of measured practicality and common sense) takes over, and they end up compromised.

 

[jerofld]

Actually, calling anything an 'Android virus' is a misnomer. Android is actually rather resiliently built against virus. Android runs a java environment inside of a virtual machine that's in a shell of linux. Apps exist in the java environment and manipulate the virtual machine. The virtual machine (called the Dalvik VM) creates isolation from the actual linux OS.

Rooted phones are more likely for a successful virus attack, because the isolation between virtual machine and linux OS is partially defeated. But no one makes Android viruses because it'd be a waste of time (considering root users are your only real targets of opportunity and root users have tools to protect themselves).

It's just not economical to make a proper Android virus. It's like robbing a bank. Sure, you could hack in and put lots of money into your account, you just have layers and layers of counter-hacking software and safeguards to fight with. Or you can just send a bunch of naive people this sad story about a princess in nigeria and they would send you their bank info. That's what Android malware does. It masquerades as legit apps and exploits security flaws in the permission system to return the benefit for the malware programmer.

So yes, an anti-virus app would be virtually useless to 95% of Android users, because the chances of an actual Android virus being developed and deployed is ridiculously unlikely. But malware app that exploits people's naivety and utilizes a lot of permissions to gain the knowledge the programmer of the malware needs to run up your credit card bill? That's more plausable.

Where as on Windows-based PCs, bonafide computer viruses are far more common, because there is no virtual machine that isolates the virus from the core OS, making a direct attack possible. So you'd be silly to not have an anti-virus on a Windows-based PC, but silly to have one on a Linux-based machine, especially one employing a VM. Ask any Linux user that uses WINE to use Windows programs if they use an anti-virus. They will say no, because the virus would only exist in the VM, and that's easily purged.

And, as far as Android malware goes, paying attention to app behavior, reviews, and permissions would probably save you from malware more than anti-malware apps. Of my two years of owning Android devices, I've never once seen an anti-malware app find actual malware. I've seen a false positive or two (Although, one could consider the Facebook app to be malware, I suppose). And I've only ever seen one reported case of actual malware being detected by Lookout. So, to each their own. If you use one, just make sure it's for peace of mind and is not a placebo for personal vigilance of app behavior.

 

[Crashdamage]

I've used Linux at home for over 11 years and Android since I got one of the first original G1s. Never used antivirus, never had a problem. Antivirus on a Linux-based system is a total waste except to scan files that will be transferred to a vulnerable machine.

Malware is possible. Not a virus. Antivirus apps for Linux systems are just malware designed to turn your money into theirs.