back to article Droid malware cloak outwits Google Bouncer and friends

Google's Bouncer Android defence tool is one of a dozen malware detection platforms that can be flawlessly skirted by malware employing smarter heuristics, researchers have found. Malware kitted out with virtual machine detection functions and clever heuristics could bypass seemingly any detection platform on the market. …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Surprise!

    Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is never about Microsoft.

    People need to give themselves a shake and start using MS products!

    1. ratfox
      Devil

      Re: Surprise!

      The media is not reporting any more about the civil war in Syria… must mean there is no war anymore, right?

    2. Message From A Self-Destructing Turnip

      Re: Surprise! (mmmmm juicy worm)

      The word "exploit" or the phrase "security problems/issues" is not actually used anywhere in the article?

      Why do people need to "give themselves a shake" before using MS products, that's a euphemism for something else isn't it? Is this optional or a mandatory requirement? People need to know.

    3. Anonymous Coward
      Anonymous Coward

      Re: Surprise!

      http://www.theregister.co.uk/2014/05/13/adobe_outdoes_microsoft_swats_18_bugs_in_latest_update/

      It is newsworthy that someone else has more issues that MS. The reason why there is no news about Microsoft and security issues is that after 30 years it is no longer news - it is situation normal.

  2. Anonymous Coward
    Anonymous Coward

    Here we go again..

    "However Google's Bouncer would have the smarts to detect the slippery malware if it were upgraded..." blah blah blah..

    And I suppose the writers (or funders) of this "news" have such a product for sale? Isn't this just a sales pitch for Google? and they are using El-Reg for free advertising space...

  3. RyokuMas
    Facepalm

    Simples...

    Prior to smartphones/tablets, Windows was the biggest and most insecure platform - so it got targeted.

    Nowadays, steadily more people are turning to mobile devices. On these devices, Android has the greatest OS market share. It is also inherently the most insecure out-of-the-box, by it's "open" nature. The fact that compared to the app stores of other, "walled garden" mobile operating systems, Google's security checks for new apps are very lax only makes matters worse.

    "The price of freedom is eternal vigilance" - you want an open OS, expect to be targeted by miscreants. Simples!

    1. dotdavid

      Re: Simples...

      It's worth mentioning that these sorts of malware-cloaking techniques would also fool the human and robotic gatekeepers of the walled gardens, not just Google's security checks.

    2. Anonymous Coward
      Anonymous Coward

      Re: Simples...

      I see what you did there, you compared Android and Windows. Android is WAY more secure than Windows.

      For starters, by default, apps come from a curated store. Sure it's loosly currated, but on Windows, you can download stuff from ANYWHERE.

      Secondly, on Android, all applications run in their own sandbox, with their own user-account that no other application can use. System access is granted on a fine-grained permissions scheme, granted at install, and can be revoked by uninstall. Windows has none of this.

      Thirdly, removing an application, removes anything it's installed, due to application sandbox. Any problem app is only a uninstall click away. Android controlls the install and uninstall, there is no way for an Android app to be authored in a way that leaves executible code active after it's been removed. Windows doesn't do this, it's trivial to write an install that does anything you damn want.

      1. Anonymous Coward
        Anonymous Coward

        Re: Simples...

        If that's the case, why does Windows Phone meet military spec. security requirements out of the box, but Android requires bolt-ons like Knox?

        Android is based on Linux which has an inherently weaker secuirity model. Windows has features like constrained delegation to minimise applied rights that don't exist and have no real equivalent in Linux. You have to resort to using insecure bodges like SUDO - which must always execute as Root / UID 0.

        1. Message From A Self-Destructing Turnip

          Re: Simples...

          Hey AC can you help me out with some advice. I have got hold of a copy of that Windows OS you keep going on about and I am ready to install it and give it a go. Unfortunately I've only got an old sock to hand. Will this do, or should I nip out and get a box of Kleenex to do the job properly?

      2. Anonymous Coward
        Anonymous Coward

        @ AC, Android is WAY more secure than Windows.

        Don't you think you should at least try and find out what this "Windows" thing is before you start parroting Google press releases?

      3. RyokuMas
        FAIL

        Re: Simples...

        And I see what you did there AC, you ignored the timeframes and platforms I specified. The contrast I was drawing was between the most popular desktop OS prior to mobile devices becoming widely used, and the most popular mobile OS at the present time.

        Of course, if you want to do a direct comparison, then you will have to compare Android to Windows Phone. Both have the same sandboxing and uninstall capacity you describe, but by default, Windows Phone apps come from the Microsoft store, which enforces stringent certification checks - I know, because I have a number of apps published, and on my first couple, I spent some time addressing where I had failed some of these checks. Compared to my first Android apps, which required a grand total of my paying Google $25 and uploading them... until I read this, I wasn't even aware that Google's store was curated.

    3. Anonymous Coward
      Anonymous Coward

      Re: Simples...

      "and most insecure platform "

      Not by vulnerabilities counts - it hasn't been for a decade or so now. Linux and Mac OS-X are both worse.

    4. Anonymous Coward
      WTF?

      Re: Simples...

      ""The price of freedom is eternal vigilance" - you want an open OS, expect to be targeted by miscreants. Simples!"

      Can you give me an example of a closed OS that no miscreant will be interested to target?

    5. eulampios
      Trollface

      @RyokuMas

      It is also inherently the most insecure out-of-the-box, by it's "open" nature.

      If freedom holds someone insecure he/she should voluntarily seek shelter in a nearby prison.

  4. Elmer Phud
    Megaphone

    standard tin-foil hattery

    but if the 'better mousetrap' was made the mousetrap industry would fold.

    it is a conspiracy from (erm, blindfold-pin-list) BIG PHARMA (must be in caps).

  5. Crazy Operations Guy

    Virtuaal machines

    Why do the scanning and operating environments have to be different? I figured that Google could easily build a PCIe card with a SoC and an FPGA to emulate a full tablet or phone. The peripherals would actually be tied to the host systems, but would appear to be regular devices from the SoC's point of view (emulating hardware in hardware) so software running on the SoC can't differentiate between this device and a tablet in the hands of the consumer.

    If built correctly, it could be adopted as a standard reference device for other manufacturers of Android devices producing a very secure platform (either Malware detection is better or malware writers will treat them like VMs and have their malware disable itself).

This topic is closed for new posts.

Other stories you might like