This document summarizes research into the rise of Android malware and the effectiveness of antivirus software. The research found a 472% increase in identified Android malware between June and November 2011. Two studies tested antivirus software's ability to detect malware installed before and after the antivirus. In the first study, two of six antivirus programs could detect and disable malware. In the second study, only two could detect malware installed after. A larger second study of 41 antivirus programs against 618 malware packages found detection rates varied greatly, with some detecting over 90% and others less than 40% or nothing. The conclusion is that not all antivirus software effectively prevents or removes Android malware.
Android Malware Rise and Anti-virus Effectiveness Analysis
1. The Rise of Android Malware and
Efficiency of Anti-virus
Daniel Adenew
2. Intorduction
Popularity of Smartphones
53% End of 2012
A survey shows the amount of malware identified on
the Android platform has increased about 472%
during the period June 2011 to November 2011.
Pressing Need of Anti-malware
In this paper we will first take a look the cause of
rapid android malware increase and follows
analyzing the efficiency of the anti-malwares
3. Background Info
Not always PC vs Always Connected Smart phones
Un trusted Source
Existence of Multiple Vendors and Update and Patch
dependency, New API
No Evaluation; we can say very poor as that of
Apple.inc
Open Source Platform and Permission request
permission they don’t require and user’s allow
Rooting Feature most EVIL! –Execute with High
Privilege.
4. Android Ant-Malware
First Malware 2010,HTC
471%This survey also goes on to say that 55% of
the identified malware was from applications that
were installed on the mobile device and 44% were
SMS Trojan horses.
5. Why we need Analysis?
Because, there is no exact way of measuring anti-
malware tools and products?
Every anti-virus product on android market claims its
full protection. So, the best we can do is to know
which one has highest detection rate. But, that
doesn’t be a simple task? Anti-Virus analysis seems
necessary because there doesn’t appear to be an
independent evaluation or efficiency anti-virus
measure tools.
6. The Question here can be Does the
antivirus protect the device or not?
Answer is yes it does, but it is only to some extent or
not full protection.
7. Methodology of the research
Basis
Can anti-virus detect a suspicious application?
What is efficiency of any antivirus application in
protecting a given Android-enabled smart phone?
efficiency using two Questions
Before and After installation ? Does the anti-virus
tool detect , disable , avoid and protect the device?
8. How is Selected?
Using the rating value on the markets
reviews given from different online magazine and
journals were also considered.
Two categories of research used on the report
R1 and R2,I named them.
R1 Criteria
Based on above criteria the research selected a six
anti-virus application to do the test analysis. And, two
popular spyware/malware tools i.e. malwares were
also selected based on rating and popularity.
9. How is Selected?
R2 Criteria
Based on above criteria the research selected a 41
anti-virus application to do the test analysis.
And, 618 spyware/malware tools i.e. malwares were
also selected based on rating and popularity.
10. Test Scenario
Installing the spyware/malware before any antivirus
tools
Installing the spyware/malware after any antivirus
tool installed on the device
11. Under the Following Conditions
In R1,Testconditon where There android devices one
with root privilege available-
In R2,Used android emulator for root privileged
exploitation and three android devices form known
vendors
Since, there is no Vendor dependent malware?
12. Test Execution
Based on two criteria?
Malware Installed then anti-malware followed and
test examination-[with full system scan]
Anti-malware installed then anti-malware followed
and test examination-[with full system scan[]
In both case, efficiency was consider if anti-virus is
able to detect,avoid,protect the device?
13. Finding
In R1 –used 6 anti-virsu tools and 2 popular malwares
In R2,used 618 malware pkg,and all available anti-mlawre on the
market
Result on R1
In the first scenario .i.e installing the malware before any anti-virus
product.
The result shows that out the 6 selected anti-virus applications, only
two can detect and disable the two of the spywares/malwares and
rest tested anti-virus can only detect and not disable them.
In the second used on this research, i.e installing spyware after the
anti-virus installation.
The result shows that out the 6 selected anti-virus applications, only
two can detect and disable the two of the spywares/malwares and
rest tested anti-virus can’t able to neither to identify, detect nor to
disable them. It also noted the anti-virus was also infected by the
spyware/malwares.
14. Result continued…
R2
This research used categorization of detection rate, as
there is no exact detection rate to categorize all
, fluctuates.
first category contains products that detected over
90%, the second category 90% to 65%,
the third 65% to 40%,
the fourth everything less than 40% but above 0%
and finally the last group contains the products that
didn’t detect anything.
this groups were found to be from un trusted market.
15. Conclusion
Form the result on the research it can be said that not all
anti- virus products are effective at preventing malware
and spyware from infecting an Android phone.
Showed AOS has many security holes
The application test for security in android market are
weak,[Trojan]
Check rating and new apps before downloading
Limit permission ,in Jelly bean 4.1
Root privilege feature most not be enabled, with out trust
Need more research
++++++++++++++++++Thank you!+++++++++++++++