Other issues in this category (79)
A fish rots from the head down, and a smartphone from the root
Wednesday, May 25, 2016
It’s human nature to never be satisfied and to always want to experience and learn more. This wonderful quality induced our ancestors to explore the seas and distant lands; it made them seek explanations for natural phenomena, and allowed them to understand what was in the depths of the universe long before the invention of spacecraft.
In the Android coordinate system, the pursuit of something greater means obtaining root privileges in the operating system. This gives you almost unlimited access to take advantage of all this OS's features.
The user account named “root” is a special user who can do anything on an Android-powered device. The user who receives root privileges becomes the root user.
One of the ways to acquire root privileges is to install a special application for rooting the device.
The Dr.Web anti-virus considers such utilities to be potentially dangerous or hacking programs. However, Dr.Web does not block such applications by default; the anti-virus just displays a warning. For this reason, in places where such programs are distributed, you may come across a message that tells you that, to avoid interference, you must disable your anti-virus before downloading and installing the rooting utility.
And do you think cybercriminals don’t know this?
As you know, prior to their installation, Android applications ask the user for permission to engage in various actions in the system. Once some malicious programs get administrative privileges, they remove all traces of how they got into the system, and — voilà! — it is harder for both the user and the anti-virus to remove them!
Why can’t anti-viruses always detect Trojans that can install themselves into system directories of the OS?
In rooting devices, Dr.Web will remove such a Trojan, but only if the database entry for it is marked by Doctor Web's security researchers as being safe for removal, i.e., so that after the removal procedure, your mobile won’t become a useless object.
In non-rooting devices (i.e., in the overwhelming majority of them) Dr.Web for Android operates with the privileges of a standard application. In this mode the anti-virus can detect malicious programs that get into the Android system directory, but it is not authorized to remove them.
When such a Trojan infects a non-rooting device, the user’s choices are limited: either elevate the anti-virus’s privileges — root the device, or contact the developer of the device and demand that they release new firmware minus the Trojan.
The Anti-virus Times recommends
If you suspect that your smartphone or tablet is infected, and it’s not protected with Dr.Web products for home users, and you aren’t able to take advantage of the free full version—Dr.Web Security Space for Android, download the free version of Dr.Web for Android Light from Google Play to determine whether rootkits have infected your device.
Important! The free version has limited features, allowing you to detect only malware that has been installed in the system directories or malware that has been injected into system processes. You can neutralise and remove such malware only with Dr.Web Security Space for Android. Proceed with the following steps:
- Perform a full system scan
Once Dr.Web is installed, go to the ‘Scanner’ section and click on ‘Full scan’. This will launch a scan of the smartphone’s memory, as well as built-in and remote storage media (SD card).
- Send suspicious files to the Doctor Web Virus Monitoring Service for analysis
If Dr.Web has detected a suspicious file in the memory area, you can either skip over it or send it to the Doctor Web anti-virus laboratory by clicking the ‘False positive’ button.
- Cure or remove
If Dr.Web has detected malware in a critical area of the OS, don’t rush to remove it because doing so could damage the operating system and put the device out of operation. Two variants are possible in such cases.
- Follow the instructions.
- Remove the virus.
If the anti-virus you use informs you that it’s safe to remove the virus and you have root privileges, click on the ‘Delete’ button.
As a side note, we want to warn you about the risks involved when rooting a device
Obtaining root privileges may mean that you lose the right to contact the manufacturer for technical support. Before performing the above-mentioned steps, familiarize yourself with the device usage policy.
If it is impossible for you to acquire root privileges, make a backup of all user data, do a reset to factory settings, and install new manufacturer-provided firmware that has had the Trojan removed from it.