Symantec vs. Lookout: Malware vs. Adware

The Cyber age opened us to a world full of malicious software, or malware, that harms our computing devices in various ways.  And these threats are now targeting mobile devices, particularly those that run on the Android platform.

Symantec Vs. Lookout

Symantec Corporation, the largest maker of security software for computers such as Norton, recently identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

Symantec stated that the malicious code was grafted on to the main application in a package called “apperhand” which, when executed, a service with the same name may be seen running on a compromised device or marked with the presence of the Search icon above on the home screen.  Symantec is further investigating the incident.

But Lookout Mobile Security disagrees with Symantec’s findings, stating that the Apperhand SDK is an aggressive form of ad network and not malware.  Lookout listed a few characteristics of the Apperhand SDK that makes it an ad ware and not a malware.

  1. It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
  2. The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
  3. The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe.  In this case, it is simply a link to a search engine.
  4. The SDK also has the capability to push bookmarks to the browser.  In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.

Malware Vs. Adware

The statements made by these two security companies now begs the question, “What’s the difference between adware and malware?”

According to Wikipedia, a malware or malicious software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems without consent and the most popular form of malware are computer viruses, worms, trojan horses, spyware, most rootkits and dishonest adware.

As for adware or advertising-supported software, Wikipedia defines it as any software package which automatically plays, displays, or downloads advertisements to a computer in the form of a pop-up, in the user interface of the software or on a screen presented to the user during the installation process.  Adware generates revenue for its author. Adware, by itself, is harmless but some may come with integrated spyware such as keyloggers and other privacy-invasive software much like the Carrier IQ incident in which Trevor Eckhart, an Android app developer, exposed Carrier IQ logging users’ mobile activity.

How can consumers tell the difference?

In short, malware is harmful while adware is just irritating.  But how do you know if something is just adware and not malware?  This is where it gets tricky.  If you’re a layman or a common person who has no expertise on techie matters, identifying which is which is headache-inducing.

The quickest way to avoid having problems with adware and malware is by installing products made to detect malware at the least.  To clarify, most anti-malware programs do not deflect adware to avoid lawsuits, since some anti-adware programs detect some legitimate products as adware, like the case of Kaspersky vs. Zango in 2009 though the 9th U.S. Circuit Court of Appeals sided with Kaspersky.

“Kaspersky contends that Zango’s software is adware, and possibly spyware. Spyware, which is often installed on a computer without the user’s knowledge or consent, covertly monitors the user’s activities and exposes the user to the risk that his or her passwords and confidential information may be stolen… As its software qualifies, Kaspersky is entitled to Good Samaritan immunity,” the court’s ruling stated.

In the same vein:

Article source: http://siliconangle.com/blog/2012/01/30/symantec-vs-lookout-malware-vs-adware/

View full post on National Cyber Security » Spyware/ Cyber Snooping