Smartphones Get Trojans, Rogueware And PCs Get More Secure
Cisco's weekly Cyber Risk Report slipped in an interesting statistic: over the past two years, the number of security holes in software has declined. This is inspite of (or maybe because of?) the increased level of noise we in the media have made over security.
A constant barrage of news reports makes it seem like computers are growing less secure although the reverse is statistically true. The Cisco reports says: "... vulnerability and threat activity declined in the beginning of 2011. 2010 annual statistics reflect consistent activity levels that are slightly below those of 2009. 2008 remains the high point of activity over the past several years, as levels remained steadily lower for 2009 and 2010."
The report doesn't say why, but we can think of a number of reasons, at least for consumers. PC users have become more aware and are more apt to use and maintain anti-malware software. Decent, free anti-mailware software has become available, including Microsoft Security Essentials. Beloved, but chock-full-of-holes Windows XP is finally slowly being phased out in favor of more secure Windows 7. Likewise, Macs have risen in popularity. Macs are less vulnerable and less of a target for hackers. Perhaps software developers have become more savvy in designing safer software, too.
But what is given with one hand is taken away with the other. Smartphones, particularly Android, have become a growing target. Security experts predict that in 2011, one big problem will be smartphone rogueware -- apps that lure users into downloading while hosting a secret, malicious payload. Unlike Apple, the Android market is open to anyone. Developers pay a $25 registration fee and agree to the rules -- there isn't currently an app review process.
What could such malicious apps do? A lot of things, as demonstrated by the Android malware that has already surfaced in 2010. In December, security researchers discovered a new Android Trojan horse known as Troj/Geinimi-A (also known as "Gemini"). Prior to that, banking malware was found in Android Market. Plus, white hats have demoed Android rootkits spyware, and there have even been Android Trojans found that cause users to send SMS text messages to premium-rate numbers.
Like PC security, smartphone operating systems are starting to offer more security settings. Plus, smartphone security products are rising to the rescue. Obviously, this can't protect you from losing your phone. But they can limit the risk of a malware infection, or damage from leaving your phone at the bar.
With Android 2.2, for instance, users can set passwords to unlock the device, in addition to using pattern unlock. Third-party security apps can help, too, such as those that perform a mobile wipe, such as Lookout Mobile Security, or those that block malware like BlackBelt and Norton Mobile Security.