McAfee offers whitelisting solution for Android

Most security software for the Android operating system renders devices vulnerable to system-level threats because they work only on the user level.

A security solution recently launched by McAfee Inc. can be embedded in the operating system to provide protection for devices against the installation of or execution of malicious applications, according to the company.

“McAfee Embedded Control closes the security gap because it is embedded in directly in the Android kernel,” according to Rishi Bhragava, vice-president of product management for embedded security at McAfee. “The product’s whitelisting capability blocks unauthorized applications or changes to a wide range of devices.”

The software runs transparently on fixed-function systems and enables the entire point-of-service infrastructure to be monitored. It manages whitelists and supports multiple configurations for business needs.

Embedded Control provides continues detection of unauthorized or out-of-policy setting changes. It verifies these events against set policies, time windows and approved changed tickets. Changes outside these policies are blocked.


Security appliances plagued by flaws: Researcher
How security and privacy should merge

With the growing popularity of Android powered mobile devices among consumers and business users, the OS has become a preferred platform of embedded solution engineers.

For instance, a recent study of the embedded software market by EBM electronics show that 13 per cent of embedded software developers reported using Android in their 2012 projects. About 34 per cent of respondents also indicated that they are considering working with Android in 2013.

“Unfortunately, this growing attention (to) Android is also drawing new attacks on the mobile OS,” said Bhargava.

For example, McAfee’s threats report for the fourth quarter of 2012 found that there was an 85 per cent increase of new Android-focused malware from the previous quarter.

The survey also found that 96 per cent of tablets and smart phones worldwide lacked security software.

Bhargava said that prior to McAfee Embedded Control, embedded software engineers only had Security Enhanced Linux (SELinux) if they wanted to have enforceable security capabilities for their embedded systems. SELinux, which was produced by the United States National Security Agency, security companies and open source developers, extended the Linux kernel to include a mandatory access control system. This made it more difficult for a rogue program to take control of files and devices.

He foresees, Embedded Control being used on machines other than mobile devices.

“Today we see Android on myriad devices such as point-of-sales machines and office equipment,” Bhargava said. “Embedded control has potential application on retail, medical equipment, industrial control systems, gaming industry, security, automotive, military and aerospace industries.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now