Light Reading

Battling Malware & Madware

Alan Breznick
Repost This

NEW YORK -- Mobile Network Security Strategies -- As bad as malware may be, it's not the only growing security problem with mobile networks today. There's also "madware."

Speaking at Light Reading's mobile network security conference on Thursday, Brian Witten, senior director of engineering for Symantec Corp. (Nasdaq: SYMC), explained that madware consists of mobile device apps that "do what customers don't like," such as tap into personal information. In a special presentation here, Witten estimated that about 40% of all mobile apps qualify as madware because they "touch and leak off personal information" from users' phones, tablets, and other mobile devices.

"It's a much bigger problem" than malware, Witten said. In contrast, he noted that the roughly 500,000 malicious apps in existence account for merely 7% of all mobile apps.

Further, Witten said, "the majority of apps out there" track their users' location and/or behavior. As in the case of malware, Android apps account for the bulk of the madware.

That's not to say, though, that malware isn't a serious, growing problem, Witten stressed. Presenting more stats from Symantec surveys, he said "the volume of malware" grew fourfold between June 2011 and June 2012, while "the volume of malware families" grew fivefold over the same period. Moreover, he said, the number of malware samples multiplied six times between June 2012 and June 2013.

"That curve is actually growing steeply," he said, displaying charts with nearly hockey-stick-like lines pointing up.

Witten also highlighted the security risks of lost phones. In a recent experiment called Project Honeystick, Symantec researchers deliberately left 50 cell phones in various locations throughout several large US cities -- Los Angeles, San Francisco, New York, and Washington. What they found after a week is that all of the lost phones were found, but half of the finders made no attempt to return the devices to their owners.

What was even more troubling, Witten said, is that 96% of the phones were accessed for some kind of information and 89% of them were accessed for personal data. In addition, the phone finders accessed 83% of the devices for corporate information. "And these were just average people, " he said, "not determined attackers."

Fortunately, Witten said, three recent developments -- data center virtualization, network function virtualization (NFV) and software defined networking (SDN), and mobile device virtualization -- offer much promise for improved mobile network security.

Citing stats from Forrester Research Inc. , Witten said "the majority of data center servers are already virtualized," with the proportion of virtualized centers expected to climb from 52% last year to 75% in 2014. He predicted that this virtualization process "will make it a lot easier to deploy security at scale" through the use of virtual security appliances.

Turning to NFV and SDN, Witten argued that virtual security appliances offer numerous advantages over physical security appliances. He ticked off five of those advantages, contending that virtual appliances are much quicker to deploy, less costly to deploy, need no physical cabling, can scale much bettering, and are much easier to either upgrade or replace entirely than their physical counterparts.

Witten also emphasized that the virtualization of mobile devices will make a big difference. He ran through several container models for improved security, including hypervisors, SDK-based solutions, trust and execute environment (TEE), and wraps. In particular, he sees promise in wraps, which wrap security features around apps without changing any of the app code.

"We have the technical ability to wrap an app," he said, noting that it can be done for both Android and iOS apps. He said Symantec is now pursuing agreements with app vendors for permission to wrap their apps.

— Alan Breznick, Cable/Video Practice Leader, Light Reading

(3)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
User Rank: Blogger
12/9/2013 | 10:46:48 AM
Re: Lotsa new jargon
Yeah, still doesn't make much sense though.
User Rank: Light Sabre
12/9/2013 | 9:56:18 AM
Re: Lotsa new jargon
But flash crowd is usually not usually planned, right? Meaning the surge was not intentional, when compared to malware.
User Rank: Blogger
12/6/2013 | 12:35:02 PM
Lotsa new jargon
I heard "flash crowd" as well, which seems to be when masses of people all download the same app at the same crowd, rather than massed dancing outside a Wal-Mart.
Flash Poll
LRTV Documentaries
Cable Eyes Big Technology Shifts

4|16|14   |   03:02   |   (4) comments

US cable engineers are facing a lot of heavy lifting in the coming years, notes Light Reading Cable/Video Practice Leader Alan Breznick.
LRTV Custom TV
Maximizing Customer Experience & Assuring Service Delivery in an IP World

4|15|14   |   4:57   |   (0) comments

Steven Shalita, VP of Marketing, NetScout Systems, Inc., discusses the challenges cable/MSO operators face in assuring the delivery of new IP-based services. Key points include the value of proactively managing performance, and using rich analytics and operational intelligence to better understand service and usage trends, make smarter business decisions and ...
LRTV Documentaries
Bye-Bye DVD: Consumers Embrace Digital Video

4|10|14   |   04:17   |   (6) comments

Veteran video analyst Colin Dixon, founder and principal analyst of nScreenMedia, says research shows 56% are using digital video already.
LRTV Documentaries
Video: TW Cable Puts Multicast Gateways to the Test

4|8|14   |   04:13   |   (1) comment

Tom Gonder, a chief architect at Time Warner Cable, explains how its trial of multicast gateways is impacting IP-based video plans.
LRTV Custom TV
Managing & Monetizing Big Data in Operator Environments

4|7|14   |     |   (1) comment

At Mobile World Congress, Gigamon's Director of Service Provider Solutions, Andy Huckridge, and Heavy Reading Analyst Sarah Wallace discuss the 'big data' issues facing carriers and operators today.
LRTV Huawei Video Resource Center
Data Center Energy – Build Your Data Center in a Modular Way

4|7|14   |   2:13   |   (0) comments

Dr. Fang Liangzhou, VP Network Energy Product Line, shared his thoughts about the challenges for data centers during CeBIT 2014.
LRTV Huawei Video Resource Center
Agile Network Solution – An Overview of Huawei's Agile Network Solution

4|7|14   |   2:31   |   (0) comments

Ajay Gupta, Director of Product Marketing, Networking Product Line, gives an overview of the Agile Network Solutions during CeBIT 2014.
LRTV Huawei Video Resource Center
Huawei’s eLTE Voice Trunking, Video and Data Applied for Railways

4|7|14   |   1:38   |   (0) comments

Gottfried Winter is the Sales Director at Funkwerk, a German specialist in GSM-r terminals and a long-time partner of Huawei. At CeBIT 2014, Winter talks to Light Reading about this partnership and the integration of enhanced voice trunking, video and data functions.
LRTV Huawei Video Resource Center
LeaseWeb Speaks Highly of Huawei's Datacenter Products

4|7|14   |   1:37   |   (0) comments

Rene Olde Olthof, Operations Director LeaseWeb, talks about the next data center transformation during CeBIT 2014.
LRTV Documentaries
Comcast: Reshaping the Cable Network Architecture

4|3|14   |   07:11   |   (8) comments

Shamim Akhtar, Comcast's architect and senior director of network strategy, explains why the cable company is moving to a more distributed network architecture.
LRTV Custom TV
VMware CEO Pat Gelsinger at Mobile World Congress

4|1|14   |   3:41   |   (0) comments

VMware CEO Pat Gelsinger speaks to Heavy Reading about the value of virtualization spanning from the data center to service provider networks to mobile devices.
LRTV Huawei Video Resource Center
Analysts' Impressions of Huawei SoftCOM at ONS 2014

4|1|14   |   1:11   |   (0) comments

After visiting the Huawei booth at ONS, Lee Doyle of Doyle Research gives his appraisal of Huawei's SoftCOM solution.
Hot Topics
BlackBerry's Chen: We're Not Dumping Devices
Dan Jones, Mobile Editor, 4/10/2014
BlackBerry Invests in Healthcare IT Startup
Sarah Reedy, Senior Editor, 4/15/2014
Cisco, Juniper Treating Gear Against Potential Heartbleed
Dan O'Shea, Managing Editor, 4/11/2014
Cisco & VMware Are Apple & Google of SDN
Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/14/2014
T-Mobile Petitions Operators to Kill Overages
Sarah Reedy, Senior Editor, 4/14/2014
Like Us on Facebook
Twitter Feed