Enterprise Mobile Device Security: Virtual Device Antivirus Solutions

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

One of the defenses used to provide mobile device antivirus security is the ‘virtual device’ architecture. A “virtual” antivirus solution doesn’t run on the device itself; instead, the main program runs elsewhere on the Internet, making its features available through a small software agent running on the device.

Here’s how it works: The user downloads an antivirus agent to the device, and the bulk of the intensive antivirus processing takes place on a remote server (either locally hosted by you or by a hosted cloud service). The client collects information about the mobile device it resides on, and delivers a certificate of authority.

In this model, you maintain a clone of the actual phone in the enterprise as a virtual machine; the agent informs you of any changes to the end device — such as new applications installed, SMSs received, and so on — and then syncs with the virtual phone in the enterprise.

Any virus-based attack that is launched is actually targeted at the virtual device, and the heavy burden of detection and cleansing is all performed in the virtual server. The device itself, for all intents and purposes, is oblivious to the attack.

You do need significant restrictions on the device itself, such as not opening up any other interfaces (like the Bluetooth interface) because the only conduit from the device needs to lead to the virtual device and nowhere else. Opening up other interfaces on the mobile device could lead to directed attacks on the device, which renders such a “virtual” solution useless.

This is not real-time protection of the actual device, true, but it’s reasonably close. And it has the advantage of not dragging down the mobile device’s performance or draining battery at one gulp. In addition, because the capability is hosted on a server, you have a lot more processing power available for antivirus checking.