AVG for Windows Phone 7 is a Farce

There’s not much in the way of security software on Windows Phone 7 partially because the operating system already does a good job sandboxing third party app. However, AVG released a scanner this week for Windows Phone 7 which sought to fill a perceived gap in virus security for the platform.

Unfortunately, it seems like it doesn’t do much to protect your phone (not that it needed much protection in the first place).

In a nutshell, all it does is scan music and image files (which can be accessed from third party apps) for antivirus test strings and the word “Hebrew” in Hebrew according to some analysis done by Rafael Rivera. EICAR test strings are used by AV developers to test the detection engines without having to implement actual viruses. This approach has been likened to setting a fire in a bin under a smoke alarm to test out an EWIS (Early Warning and Intercommunication System) in commercial buildings.

So really, AVG does nothing to protect you from nasties.

The real threat to Windows Phones are sideloaded apps (or XAP files) which can be loaded on developer unlocked devices without going through the Marketplace. A malicious crafted app that gets onto a phone using this method could potentially cause some problems. Unfortunately again, AVG cannot scan for these files leaving this attack vector unprotected (although one may argue that people with unlocked phones would probably know when something was up).

So if you have been thinking about using AVG then you might want to think again.

Leave a Reply

Your email address will not be published.