
Android antivirus apps a complete waste of time - ukdm
http://www.extremetech.com/computing/104827-android-antivirus-apps-are-useless-heres-what-to-do-instead
======
DanielBMarkham
I had an odd thought reading this article. I wonder if what might be
considered malware could actually be a legitimate agreement between the user
and the programmer?

Something like "Instead of a subscription, I'm going to SMS these 3 numbers
once a month and it's going to cost you five bucks"

This actually might bypass all the headaches folks are having with merchant
accounts and payment plans and work out as something both the user and
developer might like a lot better. If crooks can make millions charging for
bogus SMS messages, why can't legitimate programmers use the same payment
mechanism for stuff the users like?

Don't know. Just throwing it out there. What caught my eye was the assumption
that any program using SMS to rack up charges was malware. Is that always a
true statement?

~~~
rsynnott
> If crooks can make millions charging for bogus SMS messages, why can't
> legitimate programmers use the same payment mechanism for stuff the users
> like?

This exists; you see it occasionally for web games.

It's quite expensive, though, and I suspect it's not allowed on Android if
you're in the marketplace; does Google allow you to use third-party payment
stuff for marketplace apps?

~~~
bostonvaulter2
Some apps use a separate paypal link that avoids the market.

~~~
TillE
Yeah, Google is pretty loose with their rules, and the Market structure passes
a lot of complexity (ie, sales tax responsibility) on to each developer.

I'm seriously considering using something like BMT Micro to sell upgrades to a
free app. The classic shareware model, more or less. I'd really like to
sidestep all the annoyances and time overhead that come with selling stuff
directly. I believe the iOS App Store is set up that way already (where you're
effectively licensing them to sell your software and they're paying you
royalties), but unfortunately not the Android Market.

~~~
rsynnott
The Android market passes sales tax responsibility to the developer? I hadn't
realized that; that sounds absolutely ridiculous. How do small developers cope
with it at all?

Yep, the iOS app store is effectively a publisher; the only tax complexities
involved are countries which practice withholding (the US and Japan, in
particular; unless you register with their tax authorities they withhold a
percentage, even for countries with which they have tax treaties), and special
treatment of royalties in some countries.

------
MichaelGagnon
These results are unsurprising to me. But then again, my startup is building a
cloud-based mobile-malware detection service to address the inherent
limitations of anti-virus on mobile devices. :-)

Here's the problem: "Anti-virus" in general is limited because it relies on
static signatures. Therefore it can only detect known malware and is
vulnerable to evasion (polymorphism / metamorphism). On mobile devices AV is
even more limited because of resource constraints (namely, limited battery and
cpu).

By doing malware detection in the cloud, we have plentiful resources to do
heavyweight analyses. We also get a better overall detection capability by
using behavioral analyses instead of just static signatures (we actually run
the apps).

If you're curious about the technical details, we presented at Black Hat in
August. [https://media.blackhat.com/bh-
us-11/Daswani/BH_US_11_Daswani...](https://media.blackhat.com/bh-
us-11/Daswani/BH_US_11_Daswani_Mobile_Malware_WP.pdf)

P.S. We’re hiring :-)

------
CWuestefeld
This isn't exactly the conclusion of the test it's reporting. That test said
that _free_ Android AV apps were poor-to-useless. But they included two
commercial apps in the test, which fared pretty well (although not perfect).

------
eogas
>...but by far the best way to avoid malware infestation is to use a little
common sense...

Also, people should stop wearing seatbelts, and just start driving better.

~~~
martey
That's a poor analogy.

It's difficult to get infected with Android malware without directly
installing questionable applications on your phone, but it is pretty easy to
get into an accident through no fault of your own.

~~~
eogas
I think you (and the author) give the average user too much credit. To most
people on HN, it's probably pretty obvious that downloading applications
directly from sketchy sources is a good way to have your device become
infected by malware, but the average user might not realize this. They might
not even realize that a source is sketchy.

This is anecdotal, but after about the 10th time reinstalling my parents OS, I
finally discovered that the root of all their malware-related problems stemmed
from the fact that they were downloading music using Limewire. It hadn't
crossed their minds that perhaps this was not a very good idea.

I'm sure they genuinely believed that their computer was repeatedly being
infected "through no fault of their own".

~~~
vetinari
The installation from non-market sources is disabled by default. The users
have to go to settings and check the checkbox allowing side-loading of
applications. So they will not install it by accident, it has to be wilfully.

~~~
sukuriant
Some websites and applications require you to allow third party apps to run
their applications; and if those websites can get a seasoned computer user to
change the setting, I imagine a less legitimate site could encourage the less
informed to do the same.

I'm looking at you, GrooveShark.

------
tehwalrus
hmm, it also mentions completely disabling 3rd party software sources, and not
downloading stupid things from forums.

If you're developing for android, you're going to install your own APKs from
sd card. Even if you "don't install other apps" that way, you're still
"leaving the vector open" by leaving the system setting on, apparently?

Also, if you want to upgrade the OS or kernel on some of the cheaper phones,
you'll need to use cyanogenmod, and usually a custom version hacked together
by randomers on forums. My (cheap, spare) droid runs a bootloader and OS which
is the result of collaboration between a Chinese guy, a British guy and other
developers from "the internet". You do have to join the forums, talk to people
a bit, and read up on the feedback these users get when they post new ROMs
though, I'll admit...

Maybe I'll install one of these free AV apps and see if they can find
anything! :)

------
a2tech
Just like desktop AV?

~~~
bni
Exactly, the same points made in this article applies to Windows aswell. Maybe
Windows AV will be a few points better, but who cares? It gives users an
equally dangerous false sense of security.

Yet, lots of people (both techs and non-techs) will think you are crazy if you
dont use AV on your Windows PC. Its some sort of mass psycosis.

~~~
randomdata
Yeah, I never understood the purpose of anti-virus software. If you have a
vulnerability that would allow a virus to make its way onto the machine enough
for a virus scanner to find the virus, someone _will_ use that same
vulnerability to access your system in a way that a virus scanner will not
protect you.

~~~
CWuestefeld
I should stop using my web browser and email client, and any other downloaded
software that didn't come on my OS install disc?

~~~
randomdata
I guess in a perfect world. Obviously that is not going to happen though.

Anti-virus software is like having airport security that only screens those
that fit a certain profile. Someone not meeting that profile is going to walk
onto a plane with the intent to do harm, at which point you are no further
ahead than you were when you had no security checks at all.

~~~
CWuestefeld
I think you haven't kept up with recent developments in AV software. These
days, they continue to monitor all those passengers even after they've gotten
on the plane. And remember, there are a lot of different planes -- each of our
individual machines -- and the AV software has also improved in its ability to
see something bad on one of the planes and quickly notify the rest of us.

~~~
randomdata
I realize AV software applies heuristics to identify some attacks, but in the
absence of intent, it is impossible to do it effectively. One man's botnet is
another man's legitimate computing cluster.

Unless you warn about everything going on in the system, you are not really
aware of everything. If you do warn about everything, the user will start to
ignore the warnings.

------
dpcan
I've been running AVG for a month now on my Android and actually don't mind
it. It doesn't appear to be draining my battery or affecting performance, and
I like the thought that should I download something from the Market that IS in
their database, it may catch it before I install. Even if it is a 1 in 10
shot.

------
ctdonath
As an avid iOS user, this is causing much head-scratching a la "viruses are a
problem on Android? why? it's 2011..."

~~~
esrauch
[http://www.mostiwant.com/blog/virusbarrier-ios-first-
antivir...](http://www.mostiwant.com/blog/virusbarrier-ios-first-antivirus-
and-antimalware-app-for-iphone-ipad/)

~~~
ctdonath
Quote therein: "there is no known malware for iOS".

This thing just sniffs for malware whose transmission vector may by
coincidence pass thru an iOS device, like PDFs and Dropbox.

------
ricardobeat
_The paid apps blocked all malware apps from being installed, even those that
were not spotted in the manual scans._

How does that make them useless?

This is one of the key advantages of the iOS App Store - the process of
analyzing app capabilities and security is offloaded to Apple - users don't
have to care about it.

