• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Mobile Security LITE does not spot all the test viruses on Android Market

Hello all,

I'm using version 2.2.0.307 of Norton Mobile Security LITE and sadly it does not spot all the test viruses on Android Market.

The ones I've tested:

https://market.android.com/details?id=uk.co.extorian.EICARAntiVirusTest&feature=search_result
https://market.android.com/details?id=com.zoner.android.eicar&feature=search_result
https://market.android.com/details?id=com.ANTIVIRUS.TESTFILE&feature=search_result
https://market.android.com/details?id=com.eicar.test&feature=search_result

Only first one was spotted.

Does any one know why this happens?

Regards,

Mike

Replies

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Hi Mike1976,

An interesting post but all you give is a search string which produces a fairly lengthy list of apps and what is seem will vary from user to user.  So it would probably help Norton to respond if you could be a little more specific.  Which particular "viruses" from the Market does it not spot?

By the way I assume that any test virus on the market is benign at best or Google would have had it withdrawn.

Edit - Mike1976 amended his post to include a number of specific cases before my post hit the forum!  Well done Mike1976.

Mike
Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Hi Andmike,

I was probably editing my post when you were replying :)

The test viruses on Market are all safe and only have the purpose to test your scanner.

Would really expect Norton to spot them all, specially because they are all based on the EICAR test file.

Cheers!

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Unlike the PC and the Eicar test file used for testing, these apps aren't just the Eicar test file.  What happens is that a developer creates a small App that has the Eicar test file compressed inside.  What that means is that instead of just detecting Eicar, we have to create a new definition for each App that is posing as Eicar.  All we can do is keep finding these new apps and adding definitions for them.  The real eicar test file (eicar.com, eicar.txt, etc) will be detected when you run a manual scan. 

I hope this helps clarify things.

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Thanks Erik for the reply.

If these apps have the Eicar files inside, would it not be possible that Norton scans the inside of the APK?

Even after the APK is installed, no warning is given. And doing a manual scan would be no good I think, as one probably already has started the app after installing it. (as the real-time scan did not report anything)

You also stated "All we can do is keep finding these new apps", but these test apps were already available before newer versions of Norton Mobile Security LITE came out. For me this does not give a secure feeling that Norton will catch all known viruses. There are free scanners out there which do spot them all.

Regards,

Mike

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

I understand your point, but in order for NMS to do that we would first have to uncompress the App to look for the eicar test string.  When an App has been trojanized or hacked, the threat code would not be hidden in this fashion.  In real world threats, the app itself has been recompiled with the threat so as to not contain a nice simple "eicar.com" file within the APK like these apps do.  Putting a threat within a compressed file is a PC method that doesn't readily translate to smartphones.  If you have a list of test apps that aren't detected I can pass them along to the team that builds the definitions.  Most of our definitions efforts lately have been around adding malware definitions as opposed to adding more of the Eicar test apps in our definitions.  Does that make better sense?

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Ok thanks for the extra info. Please see post #1 for the test apps.

I understand your point, but expected to see better results from the latest NMS version.

Regards,

Mike

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

I've submitted those. 

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Thanks.

Hope to see some better results in the future ;)

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Erik, Please note that a manual scan does not spot them either. Regards, Mike
Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Since these apps do not decompress the Eicar file I wouldn't expect them to be found in a manual scan either.  If you had the actual Eicar test file then a manual scan should find those. 

Since these are apps we would still need to add definitions for them.  I hope I didn't cause any confusion in my earlier responses. 

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

Still am very surprised that simple tests as these are not spotted by NMS. Would expect the manual scan to scan a little deeper so the code is spotted. Maybe inside archive scanning could be added?

For now I'll stick to another scanner, which is totally free and catches all the tests out there.

Regards, Mike

Kudos0

Re: Norton Mobile Security LITE does not spot all the test viruses on Android Market

We will add the apps you found to the definitions set. 

Archive scanning is something that we're looking at in the future.  Since real world threats aren't actually using that as a delivery method I hope that it doesn't confuse the matter or give the impression of a difference in security.