Android OS does not need Antivirus Software

Discussion in 'Serious Discussion' started by CHEF-KOCH, Jul 11, 2013.

  1. lomax512

    lomax512 MDL Novice

    Feb 11, 2014
    11
    1
    0
    Oooh spam for tea.
     
  2. hellionballistik

    hellionballistik MDL Novice

    May 30, 2014
    1
    0
    0
    :worthy::worthy:interesting post, interesting, thanks for you review:worthy:
     
  3. Polyester

    Polyester MDL Junior Member

    Sep 4, 2014
    86
    2
    0
    I don't use it anymore...
     
  4. PetersonJohn

    PetersonJohn MDL Novice

    Mar 21, 2015
    2
    0
    0
    According to your needs, you decided Android OS need Antivirus Software or not.
     
  5. kennethcbrown15

    kennethcbrown15 MDL Novice

    Aug 19, 2015
    5
    0
    0
    It is great to know that it does not need such protection, but most users are not aware of these facts. If they visit a particular site and download some apps, they might have to face the security issue, so it would be better to have an antivirus app on your phone.
     
  6. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,187
    60
    #26 CHEF-KOCH, Oct 13, 2015
    Last edited: Oct 13, 2015
    (OP)
    The problem is the user not the software, if you install software from untrusted sources without verifying the hases/signatures you always doing this on your own risk. The AV isn't better, due the fact that it only checks the signatures (not speaking about HIPS) against the online cloud, if there is no reputation because e.g. you patched it (illegal) and check against an AV it's mostly useless since the offset changed or is encrypted/packet which can't been seen with any traditional AV. The recent discovered malware also shows that the AV can easily beaten because the malware just uninstall it or deactivated it (in background).

    So Android comes with an protection against this, it's called 'adminstrator' which means that the processes/apps you choose can't be uninstalled (that easy) the main problem about is that ransomware also need to run with admin rights to lock your device, so this is again an user problem - because if you don't know if your av is a faked one (because you used warez) you maybe trusted such apps and boom, the ransomware have now control over your device.

    Another hole was StageFighter which was at the lowest level, that means this wasn't detected by any AV. So you see it's pretty much useless to use an AV since we are not anymore in the 90's and the attacks getting smarter and the protection not even changed that much to detect OS holes by itself. Today it's more about to steal your private data, logins, passwords and not to shutdown the entire device or destroy it like in the 90's. It's more cloud based (C&C attacks), what is really pervert on it is the fact that malware often hides as legit updates or as harmful apps which really do what they normally do, but in real it hides his malware and activate it only on xyz situations (only on wlan/vpn to hide traffic, uses encryption, and and and ...).


    Sources:
    * https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html
    * http://www.symantec.com/connect/fr/...ses-material-design-scare-users-paying-ransom
    * http://www.symantec.com/connect/fr/...ses-material-design-scare-users-paying-ransom
     
  7. shugal

    shugal MDL Novice

    Oct 24, 2015
    1
    0
    0
    So CHEF-KOCH, do you still consider your original post to be the best approach to securing Android? Or does it need an update (it´s still great but two years old now).
     
  8. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,187
    60
    I think it's still valid, in fact Android envolved and is more grown-up. The new permission feature in Android Marshmellow is quite a good process. I think my statements here and here are good for a dicussion ground.
    The Problem about AV's it that it's not like the 90's anymore, I mean every hacker know about known AV's and VirusTotal, so what they do first before they release malware? Right they test it in a VM against known scanners which means at time of releasing it it's 'stealth' and possible for a Long time as long no one uploaded the sample or the Av not detected it via a new technology.

    Of Course I Need to expant some stuff in my inital post and it will be done in the future but Overall I still think that Hype and to Play with peoples fear against malware is serious business and even if you installed one it doesn't mean you are 'more' secure. E.g. re-direct your entire network traffic to an other server and your traditional AV will never detect it (but needs root anyway) - so the user is still the Problem. Maybe I will for such case add some screenshots to show some settings to harden the OS.