back to article 2 in 3 Android anti-malware scanners not up to the job

Two-thirds of Android anti-malware scanners failed to protect against a range of malware in independent tests. AV-Test put 41 different virus scanners for Android through their paces. Almost two-thirds of these scanners are not yet suitable for use as reliable products, identifying less than 65 per cent of the 618 types of …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    10.8 million devices

    I was sceptical at first when I read an article saying 10.8 million Android devices are infected with some form of malware and I tend to take reports from anti virus companies with a pinch of salt, but this report seems a little more believable now

    1. Ken Hagan Gold badge

      Re: a little more believable

      You are right to be sceptical of puff pieces from companies that sell actual AV products. I'm a little puzzled, however, that you lose that scepticism when confronted by a puff piece from a company that makes its money merely from "IT security research" rather than a particular AV product.

      On the other hand, none of these devices actually seem to have a security model for third-party code (*), so it wouldn't be surprising if *most* devices were not infected. Perhaps the 10.8 million figure refers merely to those for which we actually know the nature of the infection.

      (* Google appear to have lifted "as-is" the old ActiveX security model of asking the end-user if the software is safe, as if an end-user is in any way qualified or sufficiently informed to make that decision. Perhaps Google think ActiveX was such a long time ago that reality has changed.)

      1. Anonymous Coward
        Anonymous Coward

        Re: a little more believable

        I did say 'a little more' - not completely

        Nice reference to ActiveX, I had completely forgotten about that

      2. This post has been deleted by its author

      3. eulampios

        How to check permissions of a windows app

        Ken, the reference to ActiveX is a little overboard. Windows system at the time did not have any permissions system similar to POSIX,. When it became available, no one seemed to bother (due to poor implementation).

        Now when you fire-up "busybox top" in the terminal (or an adb shell) an android device you'll see quite a few UID's. Every app is running as an isolated process with its own set of permissions. These are the permissions to be cautious about before installing an app. There's nothing beyond that, unless a vulnerability is found. Maybe it was also available on Windows, just can't remember that. This very declaration is a much better antimalware tool than an obfuscated Windows progeny as we know it, AV.

        Folks, just ask yourself before installing another cool file manager that asks for full control of the device, network, sms, dialer, access to girlfriends and so on, doesn't this sound strange?

        1. Ken Hagan Gold badge

          Re: permissions

          I don't think that is overboard. Microsoft got a decent OS security model with NT and I was running that long before they produced a web browser, let alone ActiveX. When MS started talking about ActiveX, it made no sense to me because it was so obvious that you could not let random web-pages foist untrusted code on the end-user's system.

          The insecurity was by-design, and it still is. The Windows 8 consumer preview still forces the user to create a named account for day-to-day use, but hides the built-in Administrator account, and so is then compelled to give the day-to-day account full administrative privileges. That was and is utterly bat-shit insane.

  2. Ralph B


    2 out of 3 anti-malware scanners for any OS are not up to the job. This is what they call "industry standard", Shirley?

  3. Nick Ryan Silver badge

    ...and 3/3 of them make a balls up of the system, introducing more instability and unreliability than there ever was before.

    1. Anonymous Coward
      Anonymous Coward

      Nah, Norton was already in the "not up to job" category!

  4. DrXym Silver badge

    You don't need a malware scanner

    Just common sense. If "sexy girl screensaver" is asking for permission to send and receive texts then perhaps it is something to avoid. If you get some spam informing you of some website or marketplace where you can get all the popular apps for free then perhaps it is something to avoid.

    1. sabroni Silver badge

      Are you new to Android? Pretty much every app asks for permissions that it doesn't appear to need. I've had an android phone for about a year and I've installed about 3 apps, and all of them asked for more permissions than seemed necessary.

      The answer is only "common sense" if you don't want to install any apps.

      1. DrXym Silver badge

        No I'm not new to android and I'm aware that some apps ask for more permissions than they reasonably need. The answer is still the same. Do you trust the app? If not then don't install it.

        I've ranted about Gameloft games in the past requiring every permission under the sun and my response is to vote with my wallet.

        I've also frequently commented that Android needs something akin to UAC to veto / permanently block certain actions at runtime and the marketplace needs to punitively rank apps which ask for more permissions than is reasonable.

        But even if that happens it is no substitute for common sense.

        1. sabroni Silver badge

          You're right, I'm not really arguing that people should be stupid or ignore the security messages. It seems we both read the messages and don't install apps that are asking too much.

          However, the vast majority of users don't do this, they don't fully understand the risks or they just want the app that all their mates are raving about. For these users a good anti-malware app could be very useful, and would help them realise they should be reading the permissions before they install...

    2. dssf

      Re: You don't need a malware scanner

      Huh? Well, what about overlays and underlays? You click on "NO"/"GET ME OUTTA HERE", and you still click on yes, because the cursor was shifted, or shits so fast your eyes cannot detect the click-jacking or other subterfuge...

      Time for Google to become draconian like Apple... not to eradicate but to COMPLICATE the lives or livelihood of crackers, thieves, or ANYone (spouses, cops, agents, too), etc.

  5. Silverburn

    Fandroid radar kaput?

    4 posts and no mouth frothage or vindictive downvoting yet? Is my radar not working?

    1. Silverburn

      Re: Fandroid radar kaput?

      Ah wait - its not broken. Just picked up a massive cluster of them waiting to hijack the pending iPad 3 article comments...

  6. Tech Hippy


    Symantec shipped a poor product?

    I'm shocked sir, shocked.

    1. TeeCee Gold badge

      Re: Symantec?

      I'm just surprised that Symantec bothered shipping their product at all in this market.

      Most of these devices don't have a spare CPU core to dedicate to running it.....

  7. Dr. Vesselin Bontchev

    The 11k number is utterly bogus

    "AV-Test reckons there were more than 11,000 strains of Android malware"?! You've got to be kidding! There are just a few hundreds of them. Apparently, the AV-Test folks do not understand what a "strain" (or "variant") is. They probably have 11,000 SAMPLES in their collection, many of which contain one and the same malware variant.

  8. Anonymous Coward
    Anonymous Coward

    why not 100%

    If the person doing the tests can find N pieces of malware to try then why don't all the anti-malware companies (the professionals!) also know about those N already? Any product which can't spot exactly 100% of the *known* malware is basically useless.

  9. Ken Hagan Gold badge

    Re: why not 100%

    This is true, but it is also true that any product that has to "know" malware before it can detect it is also basically useless.

    Proper security comes from having OS permissions set correctly and from both the end-user and applications treating untrusted software as "malware until proven otherwise". The IT literate knew that before I was born. The entire AV industry is pure fraud, exploiting the IT illiteracy of the rest of the population.

    1. dssf

      Re: why not 100%

      What about behavior heuristics? Devise rules, let the user tick mark them, and when an app attempts to violate it, collect forensics, send to fair trade bureaus, cops, and legislators, and have them hunt down the violators and VIOLATE their asses. Sometimes, it seems a good time to use state-sanctioned murder to rectify some of these problems. Problem is, law sometimes is toothless and cowardly when the real repercussion is that the violators go after legislators with a vengeance, leaving the sheep ever savaged/fleeced.

      What I want to know is why the f*cking "DRM Protected Content Storage" has a PID and is using 22M-28M on my EVO.I don't cARE that it is sleeping or has a load of 0%.

      I want removed from my phone:

      nascar -- not interested, don't want to SEE the damned icon nor PID thread

      amazon -- not interested; if I want to purchase, it will be rare...

      nfl -- not interested, don't want to SEE the damned icon nor PID thread

      blockbuster -- not interested, don't want to SEE the damned icon nor PID thread

      nova -- not interested, don't want to SEE the damned icon nor PID thread

      sprint football live -- not interested, don't want to SEE the damned icon nor PID thread

      stocks -- not interested, don't want to SEE the damned icon nor PID thread

  10. Anonymous Coward
    Anonymous Coward

    Where's MSE when we need it?

    Heck, MSE can match these thingies for missed detection so why not MS?

  11. Anonymous Coward
    Anonymous Coward

    I have never, on any platform,

    seen an antimalware solution that did not cause an unacceptable drop in responsiveness.

    1. Anonymous Coward
      Anonymous Coward

      Re: I have never, on any platform,

      You are wise to post anonymously. Up there, I also posted something mildly critical of antimalware software and am getting downvoted for it. I wonder why?

      1. Anonymous Coward
        Big Brother

        re: why am I getting downvoted?

        "Up there, I also posted something mildly critical of antimalware software and am getting downvoted for it. I wonder why?"

        Most probably they are a) unable to produce a coherent response to what you say and can only resort to anonymous modding and b) they most possibly are shills with some agenda and c) your msg must have tripped some kind of bayesian filter they are running on the site.

    2. Craigness

      Re: I have never, on any platform,

      You're probably getting downvotes from people who have used antimalware which did not result in an unacceptable drop in performance. I've never noticed a drop in performance except for when using Norton. I use Lookout on android, but you'd never know it just from looking at the speed of the device.

      1. Boothy Silver badge

        Re: I have never, on any platform,

        Indeed, I use Avast on both PC and my Desire S, and notice no loss of performance, or a slow down in boot up on my PC. In fact under Android, Avast has yet to ever even show up in the battery usage list, so is using less than 1%

        Although to counter this, I have used both Nortons and McAfee on a desktop PC, and they both pretty much crippled the PC, increasing boot times by 2 or 3 times, and basically hogging all the resources. So much so that if you wanted to play any newer games, you had to disable the AV to get the games to run at a decent pace!

  12. Craigness

    Article title should be

    "The 7 best apps for Android security"

    There are 7 which detect more than 90% of malware. If you don't install from outside the Google Play Store, always look at the permissions, check the reviews and number of downloads and don't do something stupid then you'll be alright. But the itards will do their best to convince you otherwise.

  13. NoneSuch Silver badge
    Black Helicopters

    Publicity like this is bad in the short term, but will be great at improving things in the long. With independent testing, vendors now have to put up or shut up without marketing spin. Same thing happened back in the early Windows days.

    That being said, no security, anti-virus package, anti-malware or counter intrusion kit can ever be 100% effective 100% of the time. Limit any damage and keep credit card numbers, bank info, personal sex piccies and the like off your phone, or at least delete them as soon as possible.

  14. Ted Treen

    Speaking as an iOS user...

    (I'm sure I'll get voted down just for that alone)

    One of the biggest problems I've come across in assisting the technologically-challenged has been the user himself/herself.

    Even though I'm a Mac user myself, I help friends & relatives who have Windows PCs, too. I have recommended anti-nasty software to users on both platforms, and attempted to drum into their little heads the importance of good backup - preferably cloning their hard drive then executing an incremental backup at regular intervals.

    With recommendations for AV software, I attempt to (metaphorically, of course) engrave upon their brains "UPDATE YOUR AV SOFTWARE" but do they do it?


    I've just spent some time tidying up an XP system - assisted by my son - and the user asked me in a peeved voice "I installed the AV software you advised - so why is my PC infected?" My reply of course was "Have you kept the virus/trojan defs updated" and was advised "I shouldn't have to do that, should I?"

    I thought I'd almost conditioned him to do it when I advised about the AV - BACK IN SEPTEMBER 2010. Apparently, some people think that software produced in 2010 should - by a process of osmosis - be fully conversant with ALL nasties produced since, without they themselves having to do anything about it.

    Maybe you should have to have a computer licence, and three endorsements gets it suspended...

    1. Gordon Fecyk

      The correct answer for your user...

      "I installed the AV software you advised - so why is my PC infected?"

      Because anti-virus software is designed to fail. It's designed to keep you pressing that 'update' button and keep you paying for subscriptions. It's not designed to actually do PC security for you.

      I suppose AV companies could make products that did the job, but who would buy them? If they don't constantly nag you to do something, you might start to think they're not needed anymore, and stop paying for them.

      I don't rely solely on anti-virus software in my home, my home office, or workplaces. I manage Windows systems almost exclusively, with the exception of appliances running Cisco IOS or varying distros of Linux, but no Linux PCs or servers. Yet I don't have virus problems. Go figure.

      1. Danny 14 Silver badge

        Re: The correct answer for your user...

        and you clearly dont have children accidentally clicking on adverts whilst browsing flash game sites.

    2. Boothy Silver badge

      Re: Speaking as an iOS user...

      So install Avast, and tick the box in the settings to also auto update the program itself, (the definitions will already be set to auto update).

      After that point, if a new version of the app comes out, it will download and update in the background, and pops a little window up to let you know the program has been updated and here are the new features (if any), and if it needs to re-boot to finish, it asks if you want to do it now or later (and doesn't keep bugging you if you decline).

      The only extra user input required after installation and initial registration is to re-reqister each 12 months. A pop up asks if you want to switch to the pro (paid for version) or continue with the free version. Click the Free button and it re-registers for another 12 months.

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      You're recommending the wrong thing.

      >"With recommendations for AV software, I attempt to (metaphorically, of course) engrave upon their brains "UPDATE YOUR AV SOFTWARE" but do they do it?"

      You should instead be recommending that they take great care it's set to auto-update when they install it. (And any time you're passing their PC and have a few moments to spare, you should sneakily check the options and make sure it's turned on.)

      Computers automate things so that end-users don't have to remember to do them regularly. It's one of their strengths, you know. If you're telling them to manually update their AV, you're not giving them the right idea about what computers are for and how to get the most out of them at all.

    5. This post has been deleted by its author

    6. eulampios

      keeping the system up-to-date

      Ted, advise your users to install Ubuntu (or Mint, or similar) and tell them just to remember to press the red "security update" icon when it shows up as well as to install apps from the canonical repos only (i.e. using synaptic).

      Otherwise, when dealing with Windows and AV you have to put up with "false positive" and "false negative" even when the said AV is fully up-to-date.

  15. Anonymous Coward
    Anonymous Coward

    How did this happen?!

    Fair enough when Windows was designed/built no-one was even considering malware - hence they've had to react and tighten up reactively.. but Android? Come one Google, you didn't see this coming? Surely Android was designed and developed during a time when everyone knew about malware, and isn't it based on Linux, which is supposedly safe? How have Google managed to screw this up so badly?

    1. Anonymous Coward
      Anonymous Coward

      Re: How did this happen?!

      It's possible that they bought into the Linux has no viruses/malware, therefore Linux is invulnerable to viruses/malware hype. You'd be amazed how fantastically intelligent engineers and scientists can get caught up in thought processes which they subconsciously want to be true. This is especially evident when they don't have too much expertise in the areas which they get into. A Windows developer would be painfully aware that you always run AV, no so with a long time Linux dev.

      Still, I didn't think I'd see the day, but Google have proved that there is an active virus/malware market for Linux, if the userbase is there to make an attack worth while.

      1. Anonymous Coward
        Anonymous Coward

        Re: How did this happen?!

        > It's possible that they bought into the Linux has no viruses/malware

        I just modded you down :)

      2. Anonymous Coward
        Anonymous Coward

        Re: How did this happen?!

        Linux has very few viruses or trojans - so much so that most AV software checks for Windows malware.

        Of course good practice is necessary to protect any system - anyone might be fooled into downloading/installing malware which can be serious if working as root etc.

        Android malware is just a problem of naive users installing dodgy programs - just the same as Windows really

    2. Craigness

      Re: How did this happen?!

      Google didn't screw up. If an app has access to your contacts and to the internet then it can upload your contacts to the internet. Is that malware? Who knows, but if the user grants an app the permissions it needs to do those things then they must trust the app to behave nicely. Is it Google screwing up when a user doesn't bother to check the permissions or if the developer cons them? Google would be screwing up if it did not implement a permissions system, but it did. How it gets (mis)used is not down to them.

      1. Anonymous Coward
        Anonymous Coward

        Re: How did this happen?!


        That seems to be the argument that is totally discounted whenever a new MS based virus/malware is found. The vast majority of Windows malware/viruses are installed by the user either totally willingly or by operating the system as defacto administrator. If it is not an acceptable excuse for MS, it isn't for Google either.

        1. This post has been deleted by its author

        2. eulampios

          @AC, mind the difference!

          >>That seems to be the argument that is totally discounted whenever a new MS based virus/malware is found.

          Do you have the statistics?

          And BTW,

          1) how do you CHECK the set of permissions of a Windows app before you install it?

          2) does every 3-d party app on Windows run with a UNIQUE UID?

          So, Craigness is right.

        3. Craigness

          Re: How did this happen?!


          As I said before, "Google would be screwing up if it did not implement a permissions system". Windows does not have a permissions system, so if I install something from the web which claims to be something useful but actually logs my keystrokes there's not a lot I can do about it. If I install something on Android and select the "let this app log your keystrokes" option then it will not be Google's fault if the keystrokes it logs are my bank account details.

          A common argument against the permissions system is that all apps demand all permissions, rendering the system useless. That's not true. Here are 2 chess apps - one requires internet access and your phone number, both require SD card access. Which would you choose? If it's the one which can send your phone number across the web then I can totally understand your comparison of Android to Windows.

          1. Anonymous Coward
            Anonymous Coward

            Re: How did this happen?!


            "...Windows does not have a permissions system..."

            Complete and utter rubbish.

    3. eulampios

      Re: How did this happen?!

      You must be misunderstanding who is screwing up badly here.

      One of the strong security points GNU/Linux and *BSD was the fact that UNLIKE the MS Windows users fate, most if not all of the software is available from secure sources. Apps are mostly open source, maintained by professionals, installation is routinely checked for integrity by gnupg. (and these are much better written the the Android ones as well)

      Android did not have a similar secure central repo. Instead, Google brought the POSIX developed a more sophisticated permissions system in the API, when to write an app you have to explicitly declare all the permissions your app will claim. And still the ubiquitous Windows fears like "this website, email, sdcard are infected" have nothing to do with Android.

  16. dajames

    Interesting ...

    The report shows that 6 of the so-called anti-virus products actually detected NONE of the test malware samples ... those apps essentially ARE malware.

    I wonder whether any of the other apps detect them as such?

  17. Anonymous Coward
    Anonymous Coward

    How many malware instances are on rooted devices vs Google-approved?

    Just asking.

  18. Cameron Colley

    Perhaps Google ought to do something.

    Like, perhaps, sorting out the bullshit "let this application access everything, or don't install it" idea. Decent security may be a pain in arse but when people start loosing money they'll soon wise up to it.

    I know that doesn't stop malware, but it mitigates the risk considerably. There pught to be a permission to run as a service also, they could phrase it as something like "do you want this app running all the time?" though I suppose that would interfere with the bullshit miltitasking that modern phone OSs have meaning you can't close a program without jumping through hoops.

  19. Anonymous Coward

    re: anti-malware scanners not up to the job

    It's like 1999 all over again ...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021