Mac security firm Intego launched an iOS version of its VirusBarrier malware scanner to protect the iPhone, iPad and iPod Touch.
The VirusBarrier iOS application scans the device for malicious content, Intego said July 12. Available for $2.99, the VirusBarrier iOS can’t scan other applications to ensure they aren’t malicious, but can scan files, such as email attachments, after they are downloaded.
The sandboxing technology used in iOS means the application can’t see the file system, which is why the VirusBarrier iOS is limited to scanning email attachments, other files already download from the Web or from cloud services such as MobileMe and Dropbox.
Noting that users can accidentally become “Typhoid Mary” and pass along Windows and Mac OS X malware to their home or work computers, the mobile scanner detects and eradicates those pieces of malware. The antivirus application can also scan for keyloggers, malicious zip files and spyware.
Due to the “secure design” of the iOS mobile platform, VirusBarrier iOS can’t scan files automatically or run scheduled scans, Intego said. Instead, it’s an “on-demand” system that users run whenever they think of it or before distributing files to others.
While there are many security applications for Android, BlackBerry and other mobile platforms, they have been conspicuously absent on Apple’s App Store. Apple has been resistant to requests from security companies interested in developing antivirus software for iOS devices, James Lyne, director of technology strategy at Sophos, told eWEEK. VirusBarrier iOS has the distinction of being the first security application for iPhone and iPad users.
Even though Apple’s rigid control over the App Store means attackers have not been able to push through malicious applications, the vulnerabilities uncovered by jail-breakers can result in mass attacks.
Apple has yet to patch the PDF flaw in mobile Safari that was recently uncovered by the developers behind the JailbreakMe Website. Several security researchers said because the exploit is public, attackers can potentially distribute malicious PDF files to compromise Apple’s mobile devices.
Up until now, users had the option of not accepting any PDF files or jail-breaking the device and installing the patch available on the site. VirusBarrier iOS will at least allow them to scan files that may be malicious.
It’s important for mobile users to start thinking about security. The only reason there hasn’t been a bigger push into mobile malware is because cyber-criminals don’t see a lot of money in the market yet.
“The number of users who bank online from their mobile devices is still relatively low,” Mickey Boodaei, Trusteer’s CEO, wrote on the company’s blog July 11.
Boodaei called Google’s Android platform a “fraudster’s heaven” because it is easy to develop and distribute malicious applications through the Android Market.
“Compared to Apple’s App Store, the Android Market is the Wild West. You can’t always trust applications you download from it,” Boodaei said.
Despite the harsh words for Android, Boodaei also criticized Apple’s iOS platform. While the App Store is far more secure than the Android Market, the fact that a zero-day vulnerability that allows users to jail-break their iPhones and iPads can potentially be used to download malware is a serious problem, according to Boodaei.
Attacking mobile bankers is not yet an effective fraud operation, but that will change in the next year or two as more customers go online, Boodaei said. Trusteer predicted that within 12 to 24 months, more than one in 20 Android phones and iOS devices could become infected by mobile malware exploiting zero-day vulnerabilities. Cyber-criminals will also start packaging exploits for zero-day vulnerabilities into attack kits, Boodaei said.