Android OS does not need Antivirus Software

Discussion in 'Serious Discussion' started by CHEF-KOCH, Jul 11, 2013.

  1. CHEF-KOCH

    CHEF-KOCH MDL Addicted

    Jan 7, 2008
    941
    875
    30
    #1 CHEF-KOCH, Jul 11, 2013
    Last edited: Jul 11, 2013
    Hey folks!
    README
    First i don't want to know what Antivirus Software (AV) you are using on your mobile phone or what you are prefer to. And I don't want a s**t talk without proofs or with speculations or personal attacks against other users because they may have a different opinion than you. And this is only for Android, don't talk about iOS, Sellfish, Ubuntu or other mobile systems.
    Please respect this little rules or I will immediately report you to the Moderators!

    Why i wrote this?
    On almost every major tech blog, I have been blasted with reports that show that Android malware is exploding. That would explain why antivirus apps are some of the most popular on the Google Play store. However, your phone does not need antivirus and I am going to tell you why.

    - In fact, 99.5% of malware came from outside the Google Play Store. -
    - The majority of problems arise from the installation of ‘cracked’ applications from 3rd party market places which are often bundled with malicious software. -

    What makes a AV?
    Android antivirus programs are mostly used for:

    • Anti-Theft
    • To know any issues with settings in the phone (Faulty or unchecked settings)
    • To know which apps are using network, wifi, GPS etc through privacy advisers
    • Will block malicious websites that are suspicious.
    • Provides call/sms blockers.
    • Firewall/iptables.
    • Block Start-Ups.
    • Encryption (ordinary algorithms like AES)
    • Block malware/spyware and many more ...


    What are the disadvantages?
    • Those applications use lots of your resource (CPU and RAM).
    • There is no total security.
    • Suck battery life and make the phone laggy and sometimes interrupt the processes.
    • Security through obscurity
    • Do not forget to keep it updated because new viruses and threats appear all the time.
    • They tend to collect information about you - Carrier IQ.
    • False positives (it will occasionally identify legitimate apps as malware).


    Self-protection?
    • Do not download apps (.APKs) from untrusted sources. Places such as 4shared and uploaded are not recommended places for downloading APKs and apps (Drive-by). The person uploading the APK could have modified it before uploading. This could be a virus or even a keylogger which records everything you type. Stick to trusted sources such as the Google play (Android marketplace) or the Amazon appstore.
    • Always keep your Bluetooth off unless required.
    • Android 4.2 or higher also blocks apps from sending premium rate text messages.
    • Newer 'non Stock ROM's' like Cyanogen (CM) are bundled with an Privacy-Guard.
    • Do not root your device until you know what are you doing!
    • Apps (Framework-patches) can help to protect your personal data, but you need to know what are you doing (experts only! - because some apps may not working anymore after that or you will see a force close or similar problems). Good Apps are XPrivacy, OpenPDroid, PDroid, PDroid 2.0 or PDroid Manager.
    • Ad-Blocking Hosts file, you don't need any AdAware app, this does the same without any resource hock.
    • AFWall+ is a iptables based firewall, it's free and only for root users.
    • Read Required Permissions Carefully Before Installing Apps: Apps on iOS do not get privileged access to system resources outside of the ones carefully assigned by Apple. Apps on Android, on the other hand, have deeper access to your device and you must be aware of what permissions they require. These can be read after tapping Download and before tapping Accept & Download in Android Market. If you’re downloading a live wallpaper app and it requires permissions for location via GPS, then you should stay away from it.
    • Many stock, aosp, aokp roms are bundeled with an in-build encryption function, this will help if lose your phone. If your phone does not contain this function, you should try DroidCrypt , FreeOTFE , EDS or LUKS Manager.


    Can you help me on with this patches?
    No, it's already explaint trouth the threads and google many many times. And if you have to ask, don't use it. It's not for beginners!


    Antivirus is up to you!
    Maybe some users are unfamiliar with Linux distros, but these operation system actually don't need any antiviral protection since the teams working behind these OSes are really called developers! They always work hard to fix these OSes (operations systems) and make them more secure with their daily updates (and we don't pay them a $, surely not like the amount of $ spent on Microsoft) because they care about us and as they want to feel free filling their computers with private data they want us to feel free too.

    The thing is, lots of people have Windows installed as their OS, and they know that antivirus is a must! That is why when buying a smartphone (smartphone has a continuous internet connection - the "distribution center" of the viruses) they automatically feel the need for an antivirus, and maybe they are right, I bet that there are at least 20 private photos and 2 private movies and God knows what types of email and messages you send via your new smartphone! And that's not including those who actually integrate their phones as a part of their work (they are forced by law to keep any work documents in a safe places).

    I am sure that if you follow these directions, you won't be needing any antivirus app in your smartphones, but if you suspect that your going to miss something, and you feel pretty protective for you data and smartphone, I suggest you don't take the risk and apply the needed (and proved!) protection for your device - but expect for some battery drains for it isn't a perfect solution for mobile devices.


    Conclusion
    That’s it, really. You and only you are the best antimalware, mobile security solution for your Android device. Apps like Lookout Mobile Security and avast! Mobile Security only add an extra layer of security which, to be honest, you don’t need.


    Now .... What did you think about AV + Android? Tell us!


    Links:
     
  2. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340
    The best 'AV' behaviour is not to have sensitive data stored on the mobile and not to make money transactions with it. Also as you've said to keep away from cracked apps.
    I agree with you, one needs no AV on Android if on stock FW unrooted and only using gplay apps. I have booked flights with my mobile already using my credit card. It is really nothing to be worried about.

    I suggest dual boot. One untouched OS and one customized OS to try whatever you want :D..if you need to book a flight (to transfer money) just boot the clean OS...:)

    Anyway since I need a firewall I have avast! mobile security installed on my SGS3. It has AV and never appears in my battery stats list....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,668
    4,254
    150
    It all depends on usage you can say the same thing about Windows too, you don't need an Antivirus.
     
  4. free1975yuly

    free1975yuly MDL Expert

    Aug 24, 2011
    1,757
    149
    60
    My Samsung S3 restart by itself sometimes and I knew that is NOT normal,so deleted all wallpapers and apps.Keeped just those app's and wallpapers that comed with phone.:eek:
     
  5. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340

    Sure, but Android has got a bad reputation already. It is based on Linux which is known to be the safer OS compared to M$ windows. Anyway Android has a bad reputation concerning malware...I dunno why, but I guess there are many who reverse an (paid) app to crack it and then they hide malicious code in them...

    That is actually the reason why I use the avast firewall. I want to see if an app causes traffic and block them per default first.


    Example:

    I had the original lidroid tool app (AdvanceS) on my phone until wannam discovered that it phones every IMEI number to a special server....
    This example makes clear that any customized ROM might contain malicious apps coming as sysapps without that even the honest room cooker is aware of it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340

    When you are on stock FW you always can make a factory reset if there is something suspicious. Data on external SD will be untouched....make sure to save your contacts before and do not forget to save your account data
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,668
    4,254
    150
    The Android reputation is based on the popularity, obviously the more popular it becomes the more people will target it for malware etc. Same issue with Apple and Windows.
     
  8. CHEF-KOCH

    CHEF-KOCH MDL Addicted

    Jan 7, 2008
    941
    875
    30
    Well, the main problem is that this need an custom kernel that supports dual-boot. I know there are some apps that brings support for dual-booting but we need root for this and this also not working on all devices.

    Yes, but today it's almost impossible to do it. For example most users use gmail, online banking apps and many more apps on there mobile devices and it would be an security issue to use this on a rooted device. The only thing you can do is to use fake accounts or/and not use any app that need your private data (banking apps).
    But if we gonna to do this we lose the convenience retrieve all of our data on the go ...
    It is easier using our apps to retrieve our data simple and quickly every time (without booting our PC).

    Yep, that's the reason i attached the "Snake Oil" article. I also don't believe in AV-Software, not on PC or mobile devices.

    Here, again we need root. If we have no root the firewall will not work properly. And the Avast firewall are based on Droidwall (iptables firewall). You also need init.d and iptables support from the kernel itself. If not, it will not work (or with huge limitations -> init.d for start up data leak protection and root to access the iptables itself).


    Yes, sure. But don't get me wrong, but how can this protect user? I mean an full wipe or factory reset does not protect from stealing data and submit it through our existing i-net connection. This only helps if we think that our device is infected by some malware. But malware is not the problem, not on PC or mobile because the real problem is that the personal data could be transmitted to any servers.
    There is a huge hole i already wrote about, that any (ANY!) app can bypass the firewalls (any at the moment!) before the OS starts and nobody know how to solve this. This means that every app can transmit any data on any time to the servers before the firewall are fully started! You can simply check this behavior by an ping command through ADB before android are fully started up. (Here is the article.)


    Hm, yes but that also means if there are more people watching this projects there will be a faster fix for xyz problem or errors/security problems can be faster detect due to the mass of people.
     
  9. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,668
    4,254
    150
    Being open source also brings another load of problems.
     
  10. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,801
    44,952
    150
    Google is less restrictive on App Store submissions (while Apple can be an ass, but a very good filter), so it is much easier to smuggle malware/trojans through.

    All I hear of is trojans though, not true viruses that jump devices. Trojan is a social engineering issue as opposed to the OS being secure.

    No OS, no matter how secure, can stop the clueless user from disabling all warnings and installing the damn smilies (unless it doesn't give ability to in any case = iOS restrictions).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. CHEF-KOCH

    CHEF-KOCH MDL Addicted

    Jan 7, 2008
    941
    875
    30
    Sure, but we talking about it because the OS itself is open source, only some vendors making own closed source drivers (e.g. mali) for there devices, which nobody can see. The problem is without a proper source/documentation nobody is fully able to understand how it works or should I better say ... how things can be fixed without it and it ends up with memory leaks, crashes or similar. They saying they want to release the source but in fact, they don't do it or if they do it's to late or already outdated. And that is because they do not want to embarrass (if they are problems, and we all know software is never perfect), money reasons (copyright) and other companies can't steal it (or re-write it).

    I think this is wrong. Because Google Play updated there market with a strong and daily updated "Bouncer filter" (look at the second link) and they have huge limitations in the rules itself. For example, they removed AdAway from the market and some other "good" apps because google have very strong Developer Distribution Agreement (TOS). Also take a look into the Google Play Developer Program Policies. There is nothing much differ than in the Apple Store.
     
  12. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340
    I think there are different kinds of Android users.

    -Those who stay on stock FW and 'use their phone as it is'. They use gplay apps only
    -Those who flash custom roms /kernel.
    -Those who flash custom roms and try too 'fool' apps (such as Navigon) and have installed paid (cracked) apps, probably......


    First: They can get malware via their e-mail client and bogus sites. Measure: e-mail provider with AV engines, browse behavior: trusted sites only. Then I'd say there is no need to have av installed.

    Second: The same as the first. Plus there might be malware already inside the custom rom--->only trusted developers.
    I personally here would install a firewall since I already had decided to root and to go for a custom kernel. CWM backup or dual boot recommended. To block all apps per default and to grant access if needed only is recommended.

    Third: I would NOT make any money related transactions on such a phone, av is no additional protection here.
    CWM backup or dual boot highly recommended.


    I personally: Self made custom rom (themed), mod kernel, avast! on it.
    I do not use dual boot, but CWM recovery. I have a clean full backup on the phone.
    I try different things hence my phone is not the safest...but I restore the clean backup before I have to make money related actions, I try to avoid it to make those on the phone though.....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. gorski

    gorski MDL Guru

    Oct 21, 2009
    2,850
    734
    90
    Does it use Java?

    Does it use Flash?

    Is the OS absolutely impenetrable?

    Is the OS made to leak your info to the coporates (and the gov)? Are Google apps leaking your info?

    Are the corporates happily opening up to the lazy and incompetent gov agencies and security services WHOLESALE?!?

    How come that malware for Linux does exist? How come that Linux servers are being hacked into? How come there are security patches being written all the time, not only for Winblows but also Mac and Linux? Not to mention Java and Flash etc.

    So, to add the security SW to the mix of other prudent measures (apart from informing oneself, of course) is HELPFUL! Dogmatic attitude ("Linux is perfect and does not need AV SW") is NOT helpful and these mystifications should be done away with, by now!

    What one should do is use Paranoid Android WITHOUT Google apps package but use the equal or better alternatives.

    After that, one can use some of those apps and even the built-in capabilities of modded Android OS's to carefully manage every single app and its permissions.

    There, that feels better now... :D

    Btw, me a lay IT person but... ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340
    The major point is how to educate a 'right' awareness for security. I discuss that with many friends. But our POV's aren't always conform....

    My 'history' is the only evidence that I am not quite wrong with it since I never had personal harm due to malware so far.....
    Some of my friends behave paranoid, some careless......it is not easy to get it right....

    But a general strategy is to boot a clean OS right before sensitive operations are done (restored from a recovery image, or at Android from a CWM backup, it's quite easy with CWM, I have always a clean stock image on my phone).....

    To me a firewall is a far more useful security tool than av.....a firewall combined with a backup strategy and a clean recovery image (data loss due to malware) are useful security measures...when I cried in front of my monitor I haven't cried because of malware actions.....I cried because of data loss due to HDD crash and no backup made.....
    Also to delete browser cache is a quick and useful action after a money transaction....

    A major point is that one needs to make an effort to secure the phone (needs to inform oneself). That is an important thing. And potential harm is not declared in a manual....so to say ignorance is no excuse.....bitter but true. Be curious and you stay safe....inform yourself....be aware of which actions might be risky and which are safe....

    But I blame Android for that it has to be rooted to run a firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    4,668
    4,254
    150
    I agree with the firewall bit, it should have a bidirectional firewall built in by default and turned on unlike what Windows does.
     
  16. CHEF-KOCH

    CHEF-KOCH MDL Addicted

    Jan 7, 2008
    941
    875
    30
    It's a bit off-topic, but it seems we talking about security general so it should be okay to talk about it.

    Sorry, i disagree in the whole Linux firewall story.
    It's not an Android OS problem, it's a Linux Kernel problem. So well, it affect Android yes, but there are very good reasons for it.

    Let me handle it:
    Iptables requires elevated privileges to handle the write/copy/save operate executed by the current user.

    Now, we look deeper:
    Iptables/netfilter are bundled and installed by default on e.g. Ubuntu distributions. By default it allows all traffic, since 8.0x it comes with ufw/gufw (a gui/interface program that managing iptables).

    So why I'm telling this?
    Because, Android and Ubuntu iptables works equally in this case, that means it would be a security problem if
    a) all doors open by default
    b) we gonna make them access without root, because every user (Android Api Level 16 and up) have the ability multi-login with different users. This means everyone can manipulate, read/write/copy/save iptables, and without any proper gui you never notice it if the firewall is enabled (sudo ufw enable) or disabled (sudo ufw disable), you will only notice if it's already to late!


    And now?
    Well, if we gonna make a gui for that like gufw, most newbies would never able to setup it the right way. And if that software become an "per-app" control for each port or ip, I'm sure most users will disable it (like uac on windows) because of annoying popups. Don't tell me other thinks now, most users disable it i know it, because there is no white listening function available (but UAC Pass is a very good solution for this). But, the users, they know nothing about it and it's easier to disable it!


    So, yes. It's a good think that the stock kernel does not support iptables/netfilters or comes with a gui, it' to complicated to understand (like windows firewall) most users does not know which settings they should use, and a Firewall that's not good configured is almost useless.
     
  17. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,975
    10,545
    340
    Thanks CHEF-KOCH for your post. Very interesting POV and I actually agree with it.

    Maybe I should say it generally: I blame Android for not to have a possibility to forbid apps and sysapps to access the internet. Stock OS should have the option to setup either a blacklist or a whitelist.
    Stock android 4.x has already the feature to record the amount of traffic of each app, so why not to have the right to forbid access???

    I myself want to know which app (service) uses the internet and when and they should ask for it if I want them to ask and people who don't want to know that can simply ignore them...that is the point.

    I myself and other enthusiasts have no problem to root it....but IMHO 'stock' user should have the possibility to block an app from accessing the internet....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. gorski

    gorski MDL Guru

    Oct 21, 2009
    2,850
    734
    90
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. coast123

    coast123 MDL Novice

    Dec 26, 2011
    25
    0
    0
    I Happen to be an Open Source Developer and I have never had any problems what so ever I make my apps with open source developer api(S) and have never had any issues. All you need to do is download the files the open source program you are trying to install needs then there should be no issues also like paid software update it from the official site the developers had made for their project. You should have no problems if so that's okay many people aren't sure or are very skeptical about open source. I know my self when I started it was very skeptical of legality and viruses. But I learned many things from open source and programming. By the way companys like M$ and @pple are not open source and I did not like that. With open source you get the ability to modify the code to make it better for other users and then yet again the people who virus it. But most of the time with open source there are many white hat hackers who check the source code or modify it and see if there is a virus or bug there. Almost always willing to help clean up the program yet alone make it better. This is just my experience it may be different so I may be correct or not but that's okay if I am please correct me if I am wrong.
     
  20. dgibbs3196

    dgibbs3196 MDL Novice

    Jan 12, 2014
    4
    0
    0
    This is just my 2 cens but I do beleve you need a Antivirus and this is why...

    i have my new phone for a hole 5-6 days and some how it was freezing not responding took it back to "vzw" to have them look at it whin that told me it have a ""badddd Virus" At the time i was quite new to androde but i knew the androde was baced off linix... so to make a long story short that why i beleve you need a AV......