Masterarbeit, 2011
53 Seiten, Note: 75
Chapter 1 Introduction
1.1 Background
1.2 Project objectives
1.3 Methods used
Chapter 2 Understanding the Antivirus Application
2.1 Introduction
2.2 Components of a conventional or computer Antivirus
2.3 Components of a Smartphone antivirus
2.4 Comparison of computer antivirus and Smartphone antivirus
2.5 Smartphone Security for enterprises
Chapter 3 An overview of iOS and Android security features
3.1 Introduction
3.2 Security features of Apple iOS
3.3 Security features of Google Android
Chapter 4 Testing ‘Proof of Concept’ Smartphone malware against antivirus software
4.1 Introduction
4.2 The testing process
4.2.1 Rooting Android for HTC G1
4.2.2 Running the BOT application as root
4.2.3 Testing the Smartphone Antivirus
4.3 Test results
Chapter 5 Attacks on Smartphones
5.1 Introduction
5.2 Attacks and threats to Smartphone
5.2.1 Malicious Applications such as, Virus, Malware and Trojan
5.2.2 Vulnerabilities
5.2.3 False positive detection
5.2.4 Removable card
5.2.5 Loss of device
5.2.6 Social Engineering
Chapter 6 Analysis of cloud based security solutions
Chapter 7 Conclusion
References
Figure 1 Terminal window requesting access as root user
Figure 2 reset terminal window to go back to the prompt
Figure 3 'safebot' application is running as 'root'
Figure 4 Symantec mobile security is running as an application
Figure 5 Computer’s device manager displaying an installed Symantec driver
Figure 6 Symantec mobile security is running as user ‘app_39’ at application layer
Figure 7 Task manager displayling Symantec's Smc.exe running as SYSTEM User
Figure 8 Safebot malware is running as root user
Figure 9 Shows how a cloud-based email and web security service works60
Table 1 Comparison of features of computer antivirus products for home users
Table 2 Comparison of features of Smartphone antivirus for home users
Table 3 Summary of the key features of some enterprise antivirus products
The way of communication and information exchange has changed rapidly over the past decade and yet it’s a beginning of a new era of communication and information exchange. It started with Graham Bell’s invention of the Telephone and it took about 140 years to drift from Graham Bell’s Telephone system to Martin Cooper’s Cell phone. Cell phones or mobile phones made people’s life much easier than before. Mobile phones enabled voice and text communication on the go. However, since the release of iPhone in 2007, Smartphone has changed the way people communicate and exchange information. Smartphone is no more limited to voice and text messaging. With 3G mobile broadband and Wi-Fi access, Smartphone enables the use of internet on the go. Internet accounts such as email, Facebook, twitter and many more can be accessed using a Smartphone. Smartphone is accepted by enterprises for work as they believe that it increases employee productivity. Employees can access information required for work anywhere.
However, as technology evolves, the threats and risks associated to the Smartphone have also emerged. The use of internet on Smartphone requires protective measures like antivirus as used by a normal computer. A normal computer does not have to be directly internet facing. It can be in a private LAN and can access internet that is processed and protected by a firewall or an Intrusion Prevention System. A computer accessing Internet from a private LAN is less vulnerable to internet threats than the computers that are directly facing the internet. However, every Smartphone that uses mobile broad band is an internet facing device which makes it more vulnerable to internet related risks. The sales of Smartphone are growing exponentially and the threat landscape has also changed. Thus it has become vital to have the best protective measures to protect the Smartphone.
Chapter 2 analyses the components of computer and Smartphone antivirus for home users and enterprise users. It also compares some core components of some antivirus products.
Chapter 3 analyses some security features of Apple iOS and Google Android.
Chapter 4 uses a ‘proof of concept’ Smartphone malware to test against antivirus software.
Chapter 5 discusses the various attacks on Smartphones, the implications of the attack and possible protective measures against the attacks.
Chapter 6 analyses cloud based security solutions to protect Smartphones for enterprise users.
Below are some definitions that would help readers to understand the project.
Smartphone: It is a high end mobile phone that is capable of providing GPS navigation and internet access via mobile broadband and Wi-Fi access. It has a high resolution camera and touch screen with advanced computing capabilities. It can play multimedia files and display the standard web pages instead of the mobile optimized web pages. It allows access to most of the resources that are available on a computer like email, social networking and banking. It also allows to access company related work via enterprise developed applications.
Malware1: Malware is malicious software that can steal user sensitive data such as key strokes, browsing history, form data, credit card details, files, etc.
Trojan horse2: A Trojan horse is good looking software to disguise users that has a malicious software or code hidden in it that can steal data.
Root kit3: Root kit is malicious software that has System level privileges and kernel access of the machine and cannot be detected by antivirus software.
This project considers some of the threats to a Smartphone and discusses the possible protective measures. The project discusses about security solutions and security best practices for mass market users and enterprises. The project also discusses possible threats to a Smartphone, the source of the threat, the likelihood impact and protective measures. In the end, the project provides a brief summary and conclusion.
The project considers various components of a computer antivirus and a Smartphone antivirus and compares the components to find conclusions. The project analyses the security features provided by Apple iOS and Google Android platforms. Understanding the security architecture of these platforms is important as it helps to find out the missing links to find effective security solutions. One major part of the project tests some trial version Smartphone antivirus products against a ‘ Proof of Concept ’ malware on a phone with root access. The project analyses various antivirus products available to secure Smartphones. To analyse various antivirus products, the project refers to the technical information available on the website of the antivirus vendor. Whitepapers are also referred for additional information. The next chapter discusses the various components of a computer and Smartphone antivirus.
Definition of Antivirus4: It is software that checks for malicious code based on signatures or behaviour of the malicious code.
It is important to understand how the antivirus software for computer and antivirus software for Smartphone works. This will help to analyse if a particular feature that is available in computer antivirus software could be included to enhance security of Smartphone. This chapter discusses the components of a computer antivirus and Smartphone antivirus for mass market and enterprise users.
Conventional antivirus software used on PC and Laptops can be categorized on the type of users.
1. Home users: The antivirus software for home users or mass market users usually contains features concentrating on internet security. The antivirus software for home users combines the Antivirus, Antispyware and Internet security features. Norton also includes Backup feature in the antivirus software. The internet security feature usually checks for malicious websites. The antivirus vendors update the malicious website database regularly. The home user antivirus combines these features in one product so that users get multiple security features in one product.
2. Enterprise users: The Enterprise antivirus has the antivirus and antispyware features and additional features such as Application and device control, Host Integrity, System lock down, Application White listing and black listing, Network access control, etc. Usually enterprises have a proxy firewall to filter web traffic at the network level to reduce the load on the end computers. Enterprise antivirus is capable of allowing or blocking applications, allowing or blocking removable devices. As per the organization policy, organizations might want to restrict use of certain applications. In some instances of research or software development, computers are locked down to allow only certain application due to strict development or research environment. Even updates might not be allowed to be installed once the system is locked down. Enterprises have their own backup strategy so the backup is not coupled with the antivirus product.
Below are some of the components of conventional antivirus product used on computers
- Antivirus and Antispyware Protection5: It identifies and mitigates the threats that try to or have gained access to the computer by using the signatures. It looks for Virus, Trojan, Spyware, Adware, Key loggers, worms, and root kits. This feature also provides protection for email attachments.
- Proactive or Real Time Threat Protection6: It provides zero day protection for unknown threats based on anomaly. A threat might not get detected by the antivirus or antispyware feature if the product does not have the signature for the threat. Proactive scan has a process running at all times which looks for suspicious behaviour like key loggers, password stealers, etc.
- Intrusion Prevention System7: The intrusion detection engine uses deep packet inspection to check for port scans and denial-of-service attacks and protects against known buffer overflow attacks. Intrusion Prevention System also supports the automatic blocking of malicious traffic from infected computers to prevent further infection of computers in the network. Based on the Intrusion Prevention System alert information, administrators can review the logs and patch the systems to prevent intrusions and vulnerability exploits.
- Firewall8: The firewall contains the rules to allow or block traffic based on IP address, ports applications, services, protocol (e.g. TCP, UDP, ICMP, etc.), and direction (inbound or outbound) to allow or block traffic.
Some products offer additional features such as-
- Host Integrity9: It is a component that checks a host’s integrity that attempts to connect to a network based on the Host Integrity rules. A Host Integrity rule defines the required software and the version or patches a host should have before it connects to the network. If the host does not fulfil the host integrity policy requirements, it is assigned an IP address of quarantine VLAN (Virtual Local Area Network) and is flagged to the administrator’s attention to install the required software and patches.
- System Lock Down10: It is a feature that allows the administrators to restrict the files that can be executed on a computer. Administrators create an image of the operating system with a set of programs that are allowed to execute on the computer. A list of hash values of these programs is created and provided to the antivirus software that monitors all the programs. Any program whose hash value is not present in the list is not allowed to execute.
- Application white listing and black listing11: Administrators can add an application to the white list, so that antivirus does not detect programs that look like malicious to the antivirus software. There are some malicious applications like screenshot capturing tools that administrators use for monitoring. Even if the application is legitimate, administrators can black list applications if the use of application is not permitted by corporate policies.
- Application and device control: This feature allows the administrator to block applications based on hash vales from execution without having to do a complete lockdown. Device control is a feature that allows that allows blocking or allowing devices based on device class or can get even granular to block only a specific device of a particular class.
- Network Access control12: It allows controlling the network access of devices based on the IP address or the software running on the computer. Network Access control is usually used with Host Integrity to control network access at host or operating system level.
- Proactive removable device scanning: The antivirus software proactively displays a notification to the user to scan a removable devise such as USB pen drive whenever it is connected.
The table below compares some key features of a computer antivirus for some popular home user antivirus products.
illustration not visible in this excerpt
Table 1 Comparison of features of computer antivirus products for home users13 ]14 15 16
Smartphone antivirus has lesser components as compared to computer antivirus. One reason could be the operating system architecture of the Smartphone. Android and iOS are designed with security in mind so that users don’t have to rely too much on third party software’s for security. Computer antivirus concentrates more on malware, Trojan and Internet security. Smartphone’s antivirus application concentrates on features like - call/text blocking, Antitheft, parental control and Backup.
Below are some of the components of a typical Smartphone Antivirus.
- Antivirus: This component scans for known threats like, Malware, Trojan malicious code.
- Firewall: Monitors web traffic and filters malicious web pages.
- Antitheft17: This feature enables to get the phone location in case it is lost or stolen, using the GPS feature of the phone. It gives the GPS location of the device to the user which helps the user to track the phone. User can configure an action after maximum failed login attempts. The phone can be configured to reset itself to factory settings and wipe personal data like contacts, application settings, files from SD card. The phone can also be configured to lock itself if the SIM card is changed.
- Parental control18: This feature allows parents to monitor and block SMS or calls to unwanted numbers.
- Backup19: This feature allows to backup contacts and other data to the web, it also allows restoring data to new phones.
- Call/text Blocking20: A user can configure the antivirus to block phone calls like telemarketing and spam SMS messages from certain unwanted numbers.
- Application Audit 21: This feature is not found in many Smartphone antivirus products. It monitors activity of all the applications and maintains a list of the permissions the application has, it also maintains the details of the applications that can send sensitive data and could charge bill to the user for its services.
The below table shows a comparison of features for some products-
illustration not visible in this excerpt
Table 2 Comparison of features of Smartphone antivirus for home users22 23 24 25 26 27 28 29
While computer antivirus provide a wide array of security features, Smartphone antivirus have limited features. One reason could be the limited computing capabilities of the Smartphone as compared to computers and the battery life. If a Smartphone antivirus has too many features, clearly it would use too many resources and it could slow down the Smartphone which could result in bad end user experience. Thus, it is up to the end user to decide what kind of security features they are looking for and then choose a best antivirus that suite their needs.
Computer antivirus mainly focus on threats like Virus, Malware, Trojans, Spyware, Key loggers, Root kits, Zero day attacks, Intrusion Prevention, Firewall and Internet security. As Smartphones are designed with security in mind, most of the Smartphone antiviruses don’t have to worry about features like Malware, Spyware, key loggers, root kits, intrusion prevention. Smartphone antivirus mainly concentrates on security of the device in case the device is lost or stolen. Smartphone antivirus concentrates on features like Anti-theft, GPS tracking and Remote wipe. There two features that are not found in most of the antivirus software is ‘Backup’ and ‘Application Auditing’.
Many enterprises have accepted Smartphones to be used by employees to allow mobile access to corporate resources as organisations believe it increases in employee productivity. While Smartphones increase business productivity, businesses should also consider the risks associated to it. The reason is quite simple; there has been a rise in the number of attacks against Smartphones. Moreover, there are multiple platforms for Smartphones namely, Windows 7 mobile, iOS, Android, Symbian, Blackberry and HP web OS. Blackberry is designed for enterprise customer in mind whereas other phones are designed for multimedia and mass market customers in mind. Thus enterprises should treat Smartphones as corporate assets and include it under the umbrella of corporate policies. Enterprises must design an acceptable corporate usage policy for Smartphones. Enterprises should decide whether the employees could use their personal phone for work. Enterprises should create employee awareness regarding Smartphone usage and employees should be aware of the corporate Smartphone usage policies.
Below are some key points to improve Smartphone security for enterprises30.
a. Ensure password is configured to access the phone. Password policy should be simple so that it is easy for users to remember the password or else users might write the password on a paper.
b. Administrators should configure device remote wipe after certain attempts of failed logins.
c. Encrypt removable SD cards to prevent loss of data in case the phone is lost or stolen.
d. Configure the device to lock after certain time of inactivity (for example 30 seconds)
e. Prohibit jail broken phones from accessing enterprise networks.
f. Ensure the phone meets minimum requirements of software versions before it connects to the enterprise network.
g. Use host integrity and network access control for Smartphones before they connect to enterprise networks.
h. Encrypt corporate data that resides on the phone and limit the amount of data that could be stored on the phone.
i. Ensure Smartphones have Antivirus and firewall software installed.
j. Filter and log inbound and outbound traffic of the phones.
k. Irrespective of what platform the Smartphone uses ensure it has the latest firmware.
l. Quarantine compromised device to stop further infection.
m. Ensure that the device is wiped securely at the ‘end of life’ before it is disposed.
n. Use Smartphone management software to manage the Smartphones to enforce corporate policies are enforced to the devices.
Like there are specially designed computer antivirus products for home and enterprise users similarly, there are Smartphone antivirus products for mass market and enterprise customers. ‘Enterprise Mobile Management’ software provides a centralized management platform to manage all the Smartphones and enforce corporate security policies to all the devices. Below are some of the enterprise antivirus products.
Symantec: Symantec provides an array of mobile management solutions for Smartphones. Symantec’s “Endpoint Protection Mobile Edition” provides centralized management of mobile phones for Windows Mobile and Symbian. It can also include “Network Access Control Mobile Edition” to enforce Host integrity and network access control. The two products, “Endpoint Protection Mobile Edition” and “Network Access Control Mobile Edition” can be combined together. Symantec’s “Mobile Encryption powered by PGP” allows encrypting email and other data on the phones.
Kaspersky: ‘ Kaspersky Endpoint Security for Smartphone ’ supports four mobile platforms; Android, Blackberry, Windows Mobile and Symbian. It provides all the features available in a mass market antivirus for Smartphone with encryption as an additional feature for enterprise customers. While Kaspersky supports four mobile platforms, it does not provide host integrity and network access control.
McAfee: “ McAfee Enterprise Mobility Management ” supports all the four major mobile platforms iOS, Android, Windows Mobile and HP webOS. Like Kaspersky and Symantec, It provides all the features available in a mass market antivirus for Smartphone however, it does not provide encryption. On the other hand ‘ McAfee Enterprise Mobility Management ’ provides host integrity and network access control.
illustration not visible in this excerpt
Table 3 Summary of the key features of some enterprise antivirus products
The next chapter will discuss the various security features provided by Apple iOS and Google Android platforms.
[...]
1 Susan Hansche, John Berti, Chris Hare, Official (ISC) 2 Guide to CISSP Exam, Auerbach Publications, 2004, Page number 819
2 Susan Hansche, John Berti, Chris Hare, Official (ISC) 2 Guide to CISSP Exam, Auerbach Publications, 2004, Page number 231
3 Peter Szor, The Art of Computer Virus Research and Defense, 2005, Page 36
4 Susan Hansche, John Berti, Chris Hare, Official (ISC) 2 Guide to CISSP Exam, Auerbach Publications, 2004, Page number 301
5 Symantec Whitepaper, Symantec Endpoint Protection - A unified, proactive approach to endpoint security, July 2011, http://webobiects.cdw.com/webobiects/media/pdf/svmantec/Endpoint-Security-Whitepaper.pdf Page number 8
6 Symantec Whitepaper, Symantec Endpoint Protection A unified, proactive approach to endpoint security, July 2011, http://webobiects.cdw.com/webobiects/media/pdf/svmantec/Endpoint-Securitv-Whitepaper.pdf Page number 13
7 Susan Hansche, John Berti, Chris Hare, Official (ISC) 2 Guide to CISSP Exam, Auerbach Publications, 2004, Page 206
8 Susan Hansche, John Berti, Chris Hare, Official (ISC) 2 Guide to CISSP Exam, Auerbach Publications, 2004, Page 595-596
9 Symantec Administration guide, Symantec Network Access Control Policy Manager Administration Guide 5.1, December 2005 ftp://ftp.symantec.com/public/english us canada/products/symantec network access control/5. 1/manuals/SNAC 5 1 Policy Manager Administration Guide.pdf Page number 4
10 McAfee Whitepaper, Proactive Threat Protection: Reducing the “Window of Vulnerability”, Aug 2011, http://www.crswann.com/2- NetSecurity/ProactiveThreatProtection%28McAfee%29.pdf Page 4
11 McAfee Whitepaper, Proactive Threat Protection: Reducing the “Window of Vulnerability”, Aug 2011, http://www.crswann.com/2- NetSecurity/ProactiveThreatProtection%28McAfee%29.pdf Page 7 [ 12] Symantec Whitepaper, Symantec Endpoint Protection A unified, proactive approach to endpoint security, July 2011, http://webobiects.cdw.com/webobiects/media/pdf/svmantec/Endpoint-Security-Whitepaper.pdf Page number 14
13 Norton, Norton 360 Version 5,0 Premier Edition http://us.norton.com/360-premier-edition/ Aug 2011
14 McAfee, McAfee Total Protection 2011, http://home.mcafee.com/Store/PackageDetail.aspx?pkgid=275 Aug 2011
15 Kaspersky, Internet Security Special Ferrari Edition, http://www.kasperskv.co.uk/kasperskv-internet-securitv-special-ferrari-edition?blocknum2=2 Aug 2011
16 Webroot, Webroot Mobile Security for Android, http://www.webroot.com/En US/consumer-products-mobile-security-android-phone.html Aug 2011
17 Kaspersky user guide, Kaspersky Mobile Security 9.0, http://www.it2trust.com/pdf/Kaspersky.Mobile.Security.9.0.EN.pdf Aug 2011 Page number 7
18 Kaspersky user guide, Kaspersky Mobile Security 9.0, http://www.it2trust.com/pdf/Kaspersky.Mobile.Security.9.0.EN.pdf Aug 2011 Page number 7
19 McAfee, McAfee Mobile Security, https://www.mcafeemobilesecurity.com/default.aspx Aug 2011
20 Kaspersky user guide, Kaspersky Mobile Security 9.0, http://www.it2trust.com/pdf/Kaspersky.Mobile.Security.9.0.EN.pdf Aug 2011 Page number 7
21 Webroot, Webroot Mobile Security for Android, http://www.webroot.com/En_US/consumer-products-mobile-security-android-phone.html Aug 2011
22 Norton, Norton mobile security, http://us.norton.com/mobile-security/ Aug 2011
23 Kasperskt, Kaspersky mobile Security, http://www.kaspersky.co.uk/kmsppc?&THRU=&thru=reseller%3DSEM 43103%26mckv%3D mkwidls1awCZiOA|pcridl7040487203 |plid||kword|kapersky%2520mobile%26gclid%3DCJaSuK bx8aoCFdQNfAodsVCWlg Aug 2011
24 Webroot, Webroot for mobile security, http://www.webroot.com/En US/consumer- products-mobile-security-Android-phone.html Aug 2011
25 McAfee, MaCafee Mobile Security, https://www.mcafeemobilesecuritv.com/default.aspx Aug 2011
26 Bitdefender, Bitdefender Mobile Security, http://rn.bitdefender.com/features.html Aug 2011
27 BullGuard, BullGuard Mobile Security, http://www.bullguard.com/why/bullguard-mobile- security-10.aspx Aug 2011
28 Trend Micro, Trend Micro Security for Android, http://us.trendmicro.com/us/products/personal/titanium-maximum- security/index.html?tabCont0=3 Aug 2011
29 Lookout, Lookout Mobile Security, https://www.mylookout.com/features/management 2011 Aug 2011
30 Whitepaper by context information Security LTD - “Smartphones in the Enterprise”, http://www.contextis.co.uk/resources/white-papers/smartphones/Context-Smartphone- White Paper.pdf 13th December 2010
Der GRIN Verlag hat sich seit 1998 auf die Veröffentlichung akademischer eBooks und Bücher spezialisiert. Der GRIN Verlag steht damit als erstes Unternehmen für User Generated Quality Content. Die Verlagsseiten GRIN.com, Hausarbeiten.de und Diplomarbeiten24 bieten für Hochschullehrer, Absolventen und Studenten die ideale Plattform, wissenschaftliche Texte wie Hausarbeiten, Referate, Bachelorarbeiten, Masterarbeiten, Diplomarbeiten, Dissertationen und wissenschaftliche Aufsätze einem breiten Publikum zu präsentieren.
Kostenfreie Veröffentlichung: Hausarbeit, Bachelorarbeit, Diplomarbeit, Dissertation, Masterarbeit, Interpretation oder Referat jetzt veröffentlichen!
Kommentare