Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That’s far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn’t work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that’s often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

That’s why I found a new report from Comparitech so alarming. Not only are free antivirus filled with adware and engage in lots of privacy violations, but they are often not even very good at detecting viruses, which is supposed to be their whole raison d’être. Indeed, the Comparitech testing showed that almost half (47%) of the 21 free antivirus products that it tested (all on Android, for this report) failed.

“We found serious security flaws in three of the apps we tested and found seven apps that couldn’t detect a test virus. In total, 47% of the vendors we tested failed in some way,” Comparitech said in a blog post. But the specifics is where things got frightening — and unlike some others in this space, Comparitech named names.

Seven free Android antivirus couldn’t detect the presence of a known virus. “The Metasploit payload we used attempts to open a reverse shell on the device without obfuscation. It was built for exactly this sort of testing. Every Android antivirus app should be able to detect and stop the attempt,” the blog post said. The apps that couldn’t detect Metasploit, according to Comparitech, were AEGISLAB Antivirus Free, Antiy AVL Pro Antivirus & Security, Brainiacs Antivirus System, Fotoable Super Cleaner, MalwareFox Anti-Malware, NQ Mobile Security & Antivirus Free, Tap Technology Antivirus Mobile, and Zemana Antivirus & Security.

“People are enticed by free,” said Paul Bischoff, a lead researcher with Comparitech, in a Computerworld interview.

Copyright © 2019 IDG Communications, Inc.


Leave a Reply

Your email address will not be published.