Feeds

Freebie Android anti-malware scanners flunk tests

Worse than useless

Secure remote control for conventional and virtual desktops

Many free-of-charge antivirus products fail to protect Android smartphone against malware effectively, leaving users with a false sense of security as a result.

Tests by antivirus testing lab AV-Test.org revealed that the best freebie Android anti-virus scanner, Zoner Antivirus, caught 32 per cent of 160 recent Android threats. The other six free-of-charge Android products fared abysmally, with the best of the rest detecting just 10 per cent of the threats. One detected none whatsoever.

AV-Test.org tested seven free-of-charge anti-virus products that it downloaded from the Android marketplace, after searching "anti-virus". The most widely used of these – Antivirus Free from Creative Apps – has over a million users but is still way behind either Lookout Mobile Security and AVG's DroidSecurity, which number 12 million and 10 million plus users respectively. AV-Test.org omitted these products from the tests because Lookout also offers a paid-for security software for Android and, in the case of DroidSecurity, because the technology was recently acquired by AVG (and rechristened AVG Mobilation).

The omission of the products from the tests mean that AV-Test.org's test results are less than comprehensive. But even their findings of a less than complete sample of Android anti-malware products are a real eye-opener, not least because they come from one of the few recognised authorities in anti-virus testing.

Each of the tested security software products was installed on an Android smartphone deliberately infected with inactive specimens of more than 150 recent Android threats. AV-Test.org ran on-demand scans in each case, recording how many threats were detected.

AV-Test.org also included test on F-Secure Mobile Security and Kaspersky Mobile Security, both commercial products, for comparison purposes. Kaspersky and F-Secure both detected more than 50 per cent of threats analysed, substantially better than any of the freebie products tested though poor when compared to the performance of their desktop products.

The second half of these tests involved deliberately attempting to infected freshly cleaned devices with 10 strains of Android malware. Products from F-Secure and Kaspersky detected and blocked all the samples. Zoner Antivirus blocked eight while the other six freebie products blocked either one or none. BluePoint AntiVirus Free, Kinetoo Malware Scan and Privateer Lite warned against one malicious app. Antivirus Free by Creative Apps, GuardX Antivirus and LabMSF Antivirus beta failed completely.

Paid-for apps beat freebies

"In general, the free products didn't perform very well (with just one exception), but the commercial products which were tested as reference performed significantly better," Andreas Marx, chief executive officer of AV-Test.org, told El Reg. "We're working on a review with a focus on commercial apps within the coming weeks."

Marx explained the rationale for the omission of both Lookout and DroidSecurity from this round of tests.

"The product selection is based on the criterion of how common the different freeware anti-virus products are (including their user ratings), based on the Android market scores/data. We wanted to limit the testing to no more than 10 products total in order to perform everything in a timely manner," Marx told El Reg.

"In this first Android test-run, we focused on 'free' anti-virus offerings (the two commercial products from Kaspersky and F-Secure were included as reference only with no final scores given). We consider Lookout's offering as a commercial product, despite the fact that there is also a freeware edition available. The product also includes much more features than a dedicated anti-virus offering. Other products like 'DroidSecurity' were not included, as this one was recently acquired be AVG Technologies, so we considered it also as 'commercial' product."

A greater range of Android security products will be put through their paces in further tests by AV-Test.org.

"As we have received an enormous feedback on this first Android security test report, we will perform further Android reviews in near future which are focusing on much more Android security products and anti-virus offerings. This one will include 'freeware' and 'commercial' offerings from a wide range of vendors," he added.

AV-Test.org's full report on anti-virus scanners for Android can be found here [PDF].

The scanning test set contained 83 Android installation packages (APK) and 89 Dalvik binaries (DEX).

Sean Sullivan, security advisor at F-Secure, explained that its Android security software deliberately avoids detecting binaries because they can lead to false positives.

Because of this the scanning results might be misleading, he said, adding that F-Secure's security caught all the tested malware variants when they actually tried to execute.

Despite making this point, Sullivan described AV-Test's methodology as "fair enough" because it tested in the same way for every product evaluated. ®

Updated to add

Maik Morgenstern Of AV-Test has got in touch to explain that its latest run of tests were more comprehensive then last year's batch because they offered a comparative review of the effectiveness of Droid security scanners.

The most recent tests accessed the effectiveness of 41 Android anti-virus scanners in detecting 618 samples, from 20 different important families of Android malware.

"Last year's test included free products only from more or less unknown vendors (at least no vendor known from traditional desktop IT)," he said.

"The point was to show, that even if there are free products that perform well (like Zoner) you should be careful when selecting your security solution, since there are products that effectively don't do anything at all but display ads. So this was not exactly a comparative review."

Morgenstern added: "This time we were trying to cover as many Android security apps as we could find. No matter whether they are free or paid versions, from known or unknown vendors. The goal of the report is to give an overview of the current malware detection rates of the products. So this one can be considered a comparative review (but it only covers detection rates, none of the other security features)."

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.