Now even telephones come with antivirus software.
Programs that flag viruses and keep out intruders have been fixtures for decades on desktop computers. On Wednesday, Samsung Electronics Co., the world’s largest smartphone maker by sales, is expected to announce that it will install security software from Lookout Inc. on all new phones running Android software from Google Inc.
Behind the move, say Samsung and some firms in the security industry, is a reality that phones have become a lot more like always-online computers, and now face thousands of their own viruses. Hackers have found ways to steal corporate data off of mobile devices, and Eastern European organized-crime rings scam users by charging them for premium text messages.
In theory, antivirus and other security software can stop people from downloading malicious apps or visiting dangerous pages, the companies say.
Samsung’s move isn’t targeted at protecting average consumers, but rather business users who bring their personal phone to work. The company recently introduced a new feature that is meant to wall off sensitive business data from the rest of the phone, which may feature downloaded movies and games. The Lookout add-on will be part of that package.
Security giants, including Symantec Corp., Kaspersky Lab ZAO and Trend Micro Inc. all have introduced their own mobile suites in recent years. Lookout counts 45 million users, the company says. Trend Micro counts more than 20 million users in the U.S. and Kaspersky counts one million downloads. Sprint Nextel Corp. and T-Mobile US Inc. have also started partnerships with Lookout.
Not everyone agrees there is a need for the mobile security industry, which has grown following complaints about the security of Google’s Android. The Internet giant has added security features to Android in recent years, including a way to scan new applications.
“There’s not really a significant amount of risk that users are being exposed to,” said Adrian Ludwig, Android’s lead security engineer. “It’s also, frankly, nothing like the risks they accept in their day-to-day lives.”
Samsung didn’t specify why it thought Android phones needed beefed-up defenses.
“Lookout is the leader in mobile threat protection and they are uniquely equipped to address business mobile security,” said Injong Rhee, a Samsung senior vice president, in a statement.
Trustwave Holdings Inc., a Chicago cybersecurity firm, found 200,000 pieces of malware for Google’s Android system in 2012, up from 50,000 the year before. Apple Inc.’s popular iPhone faces its viruses too, though not as many because it faces a smaller market and Apple maintains tighter control over which apps can run on the devices.
In 2012, 79% of mobile software threats targeted Android users, according to a memorandum from the Federal Bureau of Investigation and the Department of Homeland Security issued in July. Just 0.7% of the threats targeted iPhones.
An Apple spokesman declined to comment.
Mobile devices present security challenges unique from those for traditional computers. For one, as more companies ask employees to use their personal phones for work email, they can expose corporate networks to threats from a plethora of devices, some of which may not be running up-to-date software. And since employees use the phones for personal use as well as business, companies can face threats from software they haven’t approved.
“People don’t want to have two phones,” said Kevin Mahaffey, Lookout’s 28-year-old co-founder and chief technology officer. “Whether you buy it or the company buys, you want to play Angry Birds on it.”
This summer, some hackers put a counterfeit camera app on Google’s Play Store that would allow them to connect the phone to any website, according to a report from Symantec last month. Google has since removed the app from the Play Store, the report said.
Antivirus programs also have their downsides. Since they require communication with security-company servers to check for new threats, some can drain battery as they beam information over mobile networks.
Mobile operating systems don’t give security applications the same unfettered access to system files as computer platforms. This means most mobile antivirus programs can’t keep an eye on what is happening on the rest of the machine.
Companies have tried a variety of ways to get around the problem.
Lookout maintains data about known security threats in its servers. Its software then checks in with individual phones as they download Android apps and surf the Internet. The more users the service has, the more data it collects on cyberthreats. The process uses about 3% to 5% of a phone’s battery throughout the day, the company says.
This week, another company, viaForensics, based in Chicago, is launching software that attempts to track unusual behavior on smartphones—shortened battery life, text messages being sent when the phone is off—to see if they have been hacked.
Antivirus software has its limits. The programs often rely on a known list of security threats—meaning they often don’t detect viruses that haven’t been discovered. Security companies are increasingly building software that tries to spot programs that “act” like viruses on a machine, even if they have never been seen before.
But that appears to be a work in progress. Researchers at Northwestern University concluded in a report this spring that some of the leading mobile security apps, including Lookout, “are susceptible to common evasion techniques.”