Android处境凶险，威胁并非苹果

    移动恶意软件的威胁正日益增长，但同时也给手机杀毒软件生产厂商，特别是针对Android设备的厂商带来巨大商机。

    位于旧金山的新创企业Lookout移动安全公司最近发布报告指出，今年，30%的Android手机用户将会遭遇网络安全威胁。报告同时指出，目前Android用户遭遇恶意软件的几率是6个月前的2.5倍之多。据估计，2011年上半年，大约50万到100万Android用户遭遇恶意软件袭击。

    Lookout联合创始人兼首席技术官凯文•马哈菲称：“在PC平台，黑客入侵必须破解他人的账号，或是设法取得他们的信用证书。而在移动平台，犯罪分子攫取钱财的难度要低得多。他们可以直接从用户的手机话费中非法获利。” Lookout的主要业务是出售安全应用程序，它能在用户手机丢失或被盗窃的情况下保护手机，还能防御钓鱼网站和恶意网站的侵袭。

    当然，Android并不是唯一一款成为犯罪分子目标的移动操作系统，而瞄准手机安全领域滚滚商机的也并非只有Lookout一家公司。苹果（Apple）的iOS以及其它平台同样受到恶意软件困扰，不过Lookout等公司指出，针对谷歌Android系统的恶意软件最为常见。Android是一款流行的操作系统，谷歌（Google）宣称已占据全球智能手机市场的几乎半壁江山。Lookout称，今年上半年，Android恶意应用程序数量从80激增到400。上周，企业软件供应商CA Technologies的研究人员称，他们发现一种新的Android恶意软件能对感染手机的通话直接录音。

    美国电话电报公司（AT&T）首席安全官爱德华•阿莫鲁索说：“苹果是封闭的生态系统，但谷歌不一样。谷歌向市场开放Android系统，而一旦选择开放，面临的安全威胁也会随之大增。”

    那么解决移动安全问题的有效途径是什么呢？答案并不意外，美国电话电报公司称，解决该问题的有效途径是从网络入手。在曼哈顿，阿莫鲁索带领着一个由40名研究人员组成的实验室，他们正在开发一款移动安全产品，美国电话电报公司希望能将其销售给企业和个人用户。

    阿莫鲁索表示：“在移动领域，设备只占据（用户）体验的很小部分，网络则占据了（用户）体验的大部分。坏处是，一旦体验不佳，我们就成了众矢之的；好处是，它使我们有机会提高设备的安全性。”

    当然，美国电话电报公司并非惟一进军移动安全市场的运营商。在最近举办的《财富》科技头脑风暴大会上（Fortune Brainstorm TECH conference），威瑞森无线（Verizon Wireless）宣布将与Lookout合作，检测旗下V Cast应用程序商店的恶意移动应用。与此同时，迈克菲（McAfee）和赛门铁克（Symantec）等知名公司也纷纷推出了手机安全应用，这些公司在上世纪90年代都曾在PC机领域杀毒软件领域创造过佳绩。

    接下来是谷歌，该公司表示为了将“Android平台的安全威胁降到最低”，已花费大量精力对层出不穷的应用程序扫描恶意软件。谷歌还与硬件厂商和运营商积极合作，一旦确定安卓市场（Android Market）出现恶意软件，他们将及时发布安全补丁。

    去年3月，在安卓市场出现多款恶意应用程序之后，谷歌在博客上发文称：“安全是Android团队的首要任务。我们将致力于开发新的防护措施，以避免将来再遭遇类似攻击。”

    与此同时，Lookout的报告还指出，攻击者正在使用“恶意广告”等新技术，而且他们的破坏力也在不断升级，他们能控制用户的手机、个人数据和资金。马哈菲表示：“解决安全问题没有万全之策。恶意软件问题非常严峻，整个生态系统中的所有人都必须参与其中。”

    恐怕更可能出现的局面是生态系统中的所有人都会加入竞争，但无论如何，移动安全软件现在才刚刚起步。

    译者：项航

    Mobile malware is on the rise, and so is the market for companies that develop anti-virus software for cell phones -- particularly Android devices.

    According to a recent report from San Francisco-based startup Lookout Mobile Security, three out of 10 Android phone users will encounter a web-based threat on their device this year. The report also says that Android users are 2.5 times more likely to encounter malware today than they were six months ago. An estimated half million to one million people were affected by Android malware in the first half of 2011.

    "On the PC, you have to hack someone's account or get access to their credentials," says Kevin Mahaffey, co-founder and CTO of Lookout, which sells a security app that protects your phone if it's lost or stolen and blocks phishing and malware sites. "On mobile it's much easier for the bad guys to make money. They can directly monetize by charging to a user's phone bill."

    Of course, Android is not the only mobile operating system that the "bad guys" are targeting, and Lookout isn't the only company trying to capitalize on the growing security threats on cell phones. Apple's (AAPL) iOS and other platforms are not immune to malware, though reports like Lookout's suggest malicious applications have been most common on Google's (GOOG) popular Android OS. It now claims almost 50% of the worldwide smartphone market. According to Lookout, the number of Android apps infected with malware rose from 80 to 400 in the first half of this year. Just this week, researchers at enterprise software vendor CA Technologies said they uncovered new Android malware that can actually record conversations on infected phones.

    "Apple is a closed ecosystem, but Google's different," says Ed Amoroso, chief security officer at AT&T (T). "Google opened up the marketplace and once you open things up the security threat increases significantly."

    So what's the right approach to mobile security? Not surprisingly, AT&T says the answer to the security problem is in the network. Amoroso heads up a Manhattan-based lab of about 40 researchers who are working on a mobile security product that AT&T hopes to sell to both enterprise customers and consumers.

    "With mobility, the device is a small part of the experience and the network is a big part of the experience," says Amoroso. "That's bad in the sense that when the experience is lagging we take it on the chin, but it's also great because it gives us the opportunity to enhance the security."

    Naturally, AT&T's not the only carrier hoping to get into the mobile security market. At the recent Fortune Brainstorm TECH conference, Verizon Wireless (VZ) announced it would partner with Lookout to detect mobile threats on its V Cast App Store. Big-name security companies like McAfee and Symantec—who made their mark selling antivirus software for PCs in the 90s—have also come out with security features for phones.

    And then there's Google, which says it has made significant efforts to "minimize the security risks on Android" by scanning incoming applications for malware. It also works with its hardware and carrier partners to push security patches when a malicious app does make it into the Android Market.

    "Security is a priority for the Android team," Google said in a blog post last March, after a number of malicious apps became available in the Android Market. "And we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future."

    In the meantime, Lookout's recent report says attackers are using new techniques like "malvertising" and upgrade attacks to take control of users' phones, personal data, and money. "There's no silver bullet in security," says Lookout's Mahaffey. "The malware problem is so hard, that it will take participation from everyone in the ecosystem."

    Competition from everyone in the ecosystem may be more like it, but either way it's still early days for mobile security software.