An interesting post but all you give is a search string which produces a fairly lengthy list of apps and what is seem will vary from user to user. So it would probably help Norton to respond if you could be a little more specific. Which particular "viruses" from the Market does it not spot?
By the way I assume that any test virus on the market is benign at best or Google would have had it withdrawn.
Edit - Mike1976 amended his post to include a number of specific cases before my post hit the forum! Well done Mike1976.
Unlike the PC and the Eicar test file used for testing, these apps aren't just the Eicar test file. What happens is that a developer creates a small App that has the Eicar test file compressed inside. What that means is that instead of just detecting Eicar, we have to create a new definition for each App that is posing as Eicar. All we can do is keep finding these new apps and adding definitions for them. The real eicar test file (eicar.com, eicar.txt, etc) will be detected when you run a manual scan.
If these apps have the Eicar files inside, would it not be possible that Norton scans the inside of the APK?
Even after the APK is installed, no warning is given. And doing a manual scan would be no good I think, as one probably already has started the app after installing it. (as the real-time scan did not report anything)
You also stated "All we can do is keep finding these new apps", but these test apps were already available before newer versions of Norton Mobile Security LITE came out. For me this does not give a secure feeling that Norton will catch all known viruses. There are free scanners out there which do spot them all.
I understand your point, but in order for NMS to do that we would first have to uncompress the App to look for the eicar test string. When an App has been trojanized or hacked, the threat code would not be hidden in this fashion. In real world threats, the app itself has been recompiled with the threat so as to not contain a nice simple "eicar.com" file within the APK like these apps do. Putting a threat within a compressed file is a PC method that doesn't readily translate to smartphones. If you have a list of test apps that aren't detected I can pass them along to the team that builds the definitions. Most of our definitions efforts lately have been around adding malware definitions as opposed to adding more of the Eicar test apps in our definitions. Does that make better sense?
Since these apps do not decompress the Eicar file I wouldn't expect them to be found in a manual scan either. If you had the actual Eicar test file then a manual scan should find those.
Since these are apps we would still need to add definitions for them. I hope I didn't cause any confusion in my earlier responses.
Still am very surprised that simple tests as these are not spotted by NMS. Would expect the manual scan to scan a little deeper so the code is spotted. Maybe inside archive scanning could be added?
For now I'll stick to another scanner, which is totally free and catches all the tests out there.
We will add the apps you found to the definitions set.
Archive scanning is something that we're looking at in the future. Since real world threats aren't actually using that as a delivery method I hope that it doesn't confuse the matter or give the impression of a difference in security.