George Santayana said a great deal more than “Those who cannot remember the past are condemned to repeat it,” but it’s probably the one quotation that nearly everyone in the security field will remember approximately verbatim.
For what (if anything) will I be remembered? Apparently, it’s likely to be a throwaway remark I made at the end of an interview with the UK journalist Steve Gold
about a year ago, when the conversation turned to Android security. Apparently, I said something to the effect of “Android is terrifying.”
I don’t, in fact, have panic attacks in the presence of certain smartphones, but I guess the remark got more attention than “Security researcher anticipates increased volumes of Android malware in the next year or so” would have done. Frankly, that would probably have been seen as an insight with as much significance as “It will rain soon in Seattle” -- had not DroidDream, arguably the first major Android malware, hit the world’s radar just a day or two after.
Now the meme has resurfaced
in the context of Symantec’s claim that there have been between 1 million and 5 million downloads of 13 apps infected with the malicious code called Android.Counterclank. In fact, the threat summary on Symantec’s own Website is considerably more restrained (1,000+ infections).
The trouble is that there’s a certain amount of debate as to whether the Android.Counterclank code is actually malicious. After all, it does actually ask during the installation process for permission to access some network and phone status data. The Android AV developer Lookout considers Counterclank to be “aggressive advertising,” rather than malware. And according to The H, Symantec is scaremongering.
The apparent difficulty lies in the definition of malware. Lookout has a (somewhat circular) definition that includes the phrase “designed to engage in malicious behaviour.” Well, yes, malware is a portmanteau word derived from MALicious softWARE. However, the company’s definition of malice is extraordinarily narrow -- “used to steal personal info... that could result in identity theft or financial fraud.”
There isn’t actually a universally accepted definition of malware, even in the AV industry -- heck, we never even came up with universal definitions for “virus” or “worm” or “Trojan” -- but as we use it in practical terms, it covers a lot more than that, including deliberate destruction of data or services, encryption for purposes of extortion, carrying a “joke” payload, and even doing nothing but replicating. (The last category includes most traditional viruses, as it happens.)
Symantec is, I imagine, concerned about the range of information that is silently accessed about the phone and its user, along with the very close similarity of some of the SDK code to pre-existing code found in earlier apps that are unequivocally considered to be malware. In fact, other vendors are detecting Counterclank using the same heuristic detections as Plankton/Tonclank, and they have been doing so for several months.
Lookout’s blog implies that, because the latest batch of programs do not use blatant backdoor and data-stealing functionality, the classification has changed from “malicious” to what many vendors call “possibly unwanted.” I remain unconvinced. Changing the browser’s home page might be considered “aggressive advertising,” but unless it’s specifically permitted by the user -- and Counterclank goes beyond the list of permissions requested, according to Symantec’s description -- it sounds very much like unauthorized modification to me, and that’s illegal in many jurisdictions (including here in the UK). In fact, while the underlying mechanism differs, misdirecting to a site that suits the software rather than the system user is uncomfortably close to the DNSchanger class of malware.
Google has removed some of the apps said to contain the Counterclank code from the market. However, five apps are still available, even though they were flagged by Symantec as containing the same “apperhand” code to which it has given the name Counterclank. It appears that Google considers
these apps to meet their terms of service. Given the modifications that Counterclank is capable of making to the user’s system, this decision seems controversial, to say the least.
Bouncer is a good start, even though it comes with the customary "shoot the messenger" "we know better than the AV companies" messages. But it's a long way from an all-inclusive screening process. I think I need to find time for another blog on that...
I'm with you on this, Mike. What puzzles me is that Google claims the new Android scanning service, Bouncer, has been in service for months, even though no one noticed.
I had asked myself how this would work too. It may be a great deal of work especially not being their core business, but maybe one of the ways it can be done is by outsourcing. In future if a company came up whose core business is to verify Apps, lots of app stores can outsource to them, including Android, Nokia etc.
For Android to start pre-screening apps would need radical re-engineering of their marketing model, before even thinking of the technical issues. But it's way behind iOS in this respect at this moment.
David, when compare with other OS, android is not still in a full pledged way. It have some issues with security and I think hackers/ malwares are trying to make use of such loopholes.
=" Defining "malware" is an interesting challenge."
use the term "unauthorized programming" and you'll understand it more easily
remember: web pages are transient programming and as such the script must run sand boxed. when you close the page the transient program is gone. a good sand box will not allow a transient program to access anything outsize that sand-box
which leaves the question: what do you do with a document you need to save or forward -- but which contains transient programming ? that is one of the big issues that remains to be solved.
Google has the right idea: trash all the transient programming
the transient programmming, properly done, is just automated commands -- for things that you could do for yourself -- anyway
but when a document containing such transient programming is forwarded the authority and permissions of the user may change and that might open the lid on Pandora's famous box
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The smartphone market reached a significant milestone, a breakthrough that may cause vendors to celebrate but could strain the capabilities of IT service desks.
In the fall of 2011, around 160,000 students in 190 countries enrolled in a Stanford-sponsored online course about artificial intelligence. About 23,000 completed the course and got certificates, including 248 who got a perfect score. The university offered the same course the old-fashioned way to students sitting in Stanford classrooms. None of the those students got a perfect score.
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
Has China stolen a march on the West, developing an Internet architecture that is not only based on IPv6, but is also inherently secure from both internal and external attack?
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
