HI Kris, You might find this study by Imperva and Technion on effectivess of AV interesting: http://www.imperva.com/docs/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf
Sorry, we don't disclose the "secret sauce". Regards, Sumin | -----Original Message----- | From: Kristopher Micinski [mailto:[email protected]] | Sent: Tuesday, May 21, 2013 17:32 | To: Sumin Tchen | Cc: Android Security Discussions | Subject: Re: [android-security-discuss] Re: New Android vulnerability app | | On Sat, May 18, 2013 at 10:48 AM, sumin tchen <[email protected]> wrote: | > HI Kris, | > | > Good question! Anti-virus is based on signature files which identify | > the security threats. While this worked somewhat in the past, it's | > pretty ineffective against today's threats which can change their | > signatures much faster than AV products can update their signatures. | > | | This isn't my experience at all: most of the people I know doing antivirus on | Android (I've read a few) do things more like regular expressions style | matching on bytecode for apps. Lightweight static analysis is a key to | antivirus (though of course not the only option, it's all a numbers game): it's | way more than just signature files. | | > Belarc's Security Advisor is based on discovering and helping you | > update the existing vulnerabilities, both apps and operating system, | > and thereby not allowing the security threats to affect your Android | > device. This works no matter how often the threat signatures change. | > | | You still didn't really mention at all what techniques your tool employs. You | don't have to give any hint at how your "secret sauce" | is, of course, but I was more interested in what style of binary analysis | techniques you were using. | | > Naturally there are always new vulnerabilities being discovered, and | > this is why we are planning to release new updates to the Security | > Advisor on a regular schedule. We have a discussion of this topic, | > with links to security papers from the NSA and SANS, here: | > http://www.belarc.com/sa_full.html and here for mobiles :)) | > http://m.belarc.com/sa.html | > | | Sure, I agree completely that there are some device specific holes that need | to be checked against apps and other things, but I am still unable to find out | how this is working.. | | Kris -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
