Design and Development of Mobile Antivirus Application

Transcription

1 Design and Development of Mobile Antivirus Application Summer Internship Project Report Submitted By Ramveer Singh B.Tech (3 rd Year Completed) Roll no Indian Institute of Technology Indore(MP) July 2013 Under The Supervision of Dr. V. N. Sastry Professor Institute for Development and Research In Banking Technology(IDRBT), Hyderabad (AP)

2 Table of Contents 1. Introduction Mobile Security Classification of Malwares Project Description Objective of the Project Anti-Malware Technology Our Approach for Malware Detection Design and Implementation of Proposed Application Minimum Software and Hardware requirements for proposed application Design of Proposed Application Use Case Reports Activity Diagrams Implementation Tools and Technologies Used Important Algorithms Screen shoots Installation of Application in Mobile device Supported Mobile Phones Conclusion References 41 Appendixes 1. Malware Report Antivirus Solutions P a g e

3 1. Introduction 1.1 Mobile Security Mobile phones are most widely used in every aspect of our life including personal, political, social and professional as well as. That is the reason mobile phones are used not only for making calls, but also making important business decisions in professional life, internet services like online shopping, online ticket booking. There are number of apps available for various mobile operating systems to these services. Internet banking is one of the most increasing areas where mobile devices are widely used now days. Mobile Security deals with the techniques to secure the mobile devices from malicious files and applications. There are three main properties of security based on how the data can be secure. 1. Confidentiality is about preventing the data from unauthorized users. The data stored in mobile device must not be used by anyone except mobile user. 2. Integrity is about prevention of unauthorized modification of information or data. Mobile data must not be modified by unauthorized users. 3. Availability is about preventing unauthorized withholding of information or data. Mobile s applications and services must be available and accessible to the authorized mobile user. Use of mobile phones for sensitive and important services like mobile net banking, are increasing so Mobile security is must needed. Mobile security is challenging job since the malicious applications are created every day. So basic understanding about various viruses and malwares for mobile user is must necessary. 1.2 Classification of Malwares Malware or malicious software is a software program or mobile application which exhibits malicious behavior. This is a general term used to refer to a variety of intrusive applications and are characterized into virus, botnets, worm, Spyware, Adware, Rootkit and Trojan horse based on their behavior of affecting the mobile device. Malwares are most widely used by black hat hackers to 2 P a g e

4 access the personal data and sensitive information of a mobile device. They can also use the malwares to gather the sensitive data of a corporate or government websites. Malwares can be written in programming languages like Perl, 1. Virus A virus is a software program that can destroy the personal data, applications of mobile device. It hide itself in documents, files storage devices etc. Target files are chosen randomly. It comes through boot devices, USB and other storage devices, spam s and other network applications. Viruses have the properties of self-modification, encryption which makes its detection very difficult to an antivirus application. Duts (WinCE.Duts.a) is the first known virus for the PocketPC platform, It infects all executable files in current directory that are bigger than 4096 bytes. This virus is an ARM program of 1520 bytes in size and display the message box with heading WinCE4.Dust by Ratter/29A. Conformation of message will infect the files from current directory which has extension.exe and has size more than 4096 bytes. But the virus will not infect any program if No is selected. A file infected by Duts.A will have the four character string atar located at offset 0x4C within the PE header. The body of virus contains plain text string This code arose from the dust of Permutation City This is proof of concept code. Also, i wanted to make avers happy. The situation when Pocket PC antiviruses detect only EICAR file had to end Botnets A Botnet is the most severe threat to the information society at present. It is a collection of internet connected programs that can communicate with other similar programs in order to perform any kind of tasks. It can control Internet Relay Chat (IRC) or can also send spam s. Botnet was created to keep IRC channels free from unwanted users but after that illegal botnets can in existence to perform illegal tasks. Firstly it will install a malware which comes through attachment, to control the activities of infected computers through communication channels formed by standards based network protocols such as 3 P a g e

5 HTTP (Hyper Text Transfer Protocol) and IRC (Internet Relay Chat). Botnets are named after the malware used to create them. Many botnets can use the same malware but can be operated by different entities. Botnets are used to thief information data from a computer such as different login IDs, application serial number, financial information such as credit cards number etc. The BredoLab Botnet created on May 2009 was involved in viral spam. Its main form of propagation was through sending malicious s that included malware attachments. When the attachment is opened the malware install into the computer and infect the computer. The botnet controller then can control the infected computer. The botnet was capable of sending 3.6 billion viral s every day. According to National Computer Network Emergency Response Technical Team / Coordination Center of China (CNCERT/CC), around 12 million IPs in China were controlled by botnets in 2006 that was 2.5 million in The biggest botnet contained 1.29 billion infected devices. 3. Worms Worms are the stand alone software applications that can run without a host and have the capacity to self replicate and propagate around in the network. Worms are usually transmitted via text messages SMS or MMS. They can also be transmitted due to technical and management vulnerabilities in the system. Worms are used mostly to consume the network bandwidth. Many of them are design to spread and do not attempt to change the system. Worms are also used by the botnets to control the computers connected to internet which are used by spam sender for sending junk s. Cabir also known as Caribe, SymbOS/Cabir, Symbian/Cabir and EPOC.cabir was the computer worm (program) that was developed in 2004 and designed to infect the mobile phones which run on Symbian OS. Cabir replicates over Bluetooth with a file named caribe.sis that contains the worm's main executable caribe.app, system recognizer flo.mdl and resource file caribe.rsc. The worm can only reach mobile device that support bluetooth and are in discoverable mode. Cabir cannot send the Caribe.sis until the user gives permission to store it in device. If the user does not select yes, Cabir will keep displaying the message again and again. The user must click the SIS file in order to install it. It contains auto start settings that will automatically execute Caribe.app. After the execution of Caribe.app the worm activates and starts looking for new devices 4 P a g e

6 via bluetooth if any device finds it will send the Caribe.sis file to other device. The worm is harmless because it does not perform any malicious activity but due to the continuous searching for other bluetooth device, it reduces the battery life. 4. Spywares A spyware is a software program that gathers person and organization information and can also send the information to another entity without the permission of user. Spywares can collect any type of data such as personal information like Internet surfing websites, user login IDs and passwords, bank and credit account information. Sometime Spywares install additional software that can also interfere with user control of a computer. They can also change the computer setting which leads to slow internet connection, can also change the web browser setting according to their requirement which may not be possible for user to restore. Keylogger is Spyware software which is used to store the key struck on a keyboard. It stores all key interactions without the permission of user. Hackers use this software to get passwords and usernames of a computer. 5. Adware Adware is a category of Spywares that is related to unwanted advertisements. Generally these advertisements come in form of pop up menu. Not all the adware are malicious, such as windows version of internet telephony application Skype, Amazon kindle 3 family of e-book readers. The kindle with special offers displays advertisements on the home page. 6. Rootkits Rootkits are the software programs that can hide files, registry entries, network traffic, and information about software installed in computer and the currently running processes in computer. This helps the attackers to access the system easily. Rootkits tools are used by botnets to hide processes and for spam attack. 5 P a g e

7 Detection of rootkits is very much difficult because they hide all information about malicious software. If user views the list of running processes in task manager, the rootkits may not be visible, so user can think that the system is running normally. Also when the task manager ask the operating system the list of currently running processes and applications, rootkit can hide itself from the list. This way rootkit can be used to hide many malwares. 7. Trojan Horses Trojan horse is a category of Spyware that can reach a computer system via online games, internet driven applications. User may download an important application or software but there may be some malicious software that install with or without the permission of user. The term Trojan horse comes from the ancient Greek history of Trojan War. The Greek pretended to sail away, and constructed a huge wooden horse after defeating from Trojan. The opposition (Trojan) pulled the horse into their city as a victory trophy. In the night the Greek force crept out of the horse and opened the gate for rest of the Greek force. The Greek army destroys the city of Troy. Trojan horses work the same way to destroy the infected computer device. It can give the access of targeted computer to a hacker that can use the machine as a part of botnet, can theft the sensitive data, can download any malicious files, and can upload any file into target machine. It can also control the whole computer system remotely. GingerMaster is the first Android Trojan Horse malware that utilizes a root and exploit against Android platform 2.3. The malware is repackaged into legitimate apps. These apps come with the screen photos of models. It will silently launch a service in the background. The background service will accordingly collect various information including device id, phone numbers and other sensitive information and upload them to remote server. It contains the GingerBreak root exploit which is packed into the infected app in the form of a regular file named gbfm.png. The extension png makes it less suspicious. It can silently download any application or apk file from remote server and can install this application without user s awareness. 6 P a g e

8 1.3 Project description Securing mobile devices is a challenging task. People use mobiles for net banking, online shopping and many other works. Security of mobile devices is very much important since, if a device has infected file(virus), its data will no longer be safe, virus files can control the mobile data, also can send the critical data while connected to net. In this project we have developed an Antivirus application to detect the infected files. The application is in two modes, first is a standalone application, user can download this application from the internet and can install it in mobile device. This application has two versions, one is developed in J2SE and another is in J2ME. Mobile devices can use the version based on the application requirements and compatibility with mobile device. Both versions provide the facility to scan the device. J2SE version has more facilities than J2ME. The second mode of application is a web based client - server application. The application can be used when the device is connected to internet. User can register his/her device, can scan file online, can report a file as thread, and can also download updates for Antivirus application. We have also studied various antivirus solutions available in literature and have made an analysis based on the Operating Systems and detected virus files for each antivirus solution. 1.4 Objective of the Project 1. To study various antivirus solutions available in the literature. 2. To design and develop an application to detect the infected files (virus) in a mobile device using J2SE and J2ME. 3. Extend the application as a web application that will provide the facility for user to scan the mobile files online, other services to report a file as thread. 7 P a g e

9 2. Anti - Malware Technology Malware detection is a challenging job to IT Professionals. So it is very much important to understand the overall malware landscape, so that anti malware technology can be developed. A holistic multi-tiered approach is needed to detect the malwares effectively. That includes a research team and a reliable update infrastructure. Anti - Malware software or application is responsible for detecting and removing the malwares. The Anti-Malware application performs three important tasks: Scanning The application must be responsible to monitor and examine the various computer locations including hard disk, registry and computer memory and if any change is found that should be reported. Detection After Scanning, the suspected directory must be checked against the malware definitions which contain the signature of classified Malwares. If any definition file matched to the directory s file, the file must be reported as the appropriated classified malware. Removal - Once we have detected a malware file, the final step is to take action for the file. The application can remove such file and can also take permission from user to take action. Deletion will be the default option but action can also be set by user. 8 P a g e

10 2.1 Our Approach for Malware detection Detection of Malwares needs the deep understanding about the Malwares including their malicious behaviors, part of the system which they infect, their characteristics and working. Based on these factors solutions will be suggested to detect the malwares. Three important Malware detection methods are given: Signature Based Detection This was one of the prevalent approaches of Malware detection. It is based on the assumption that every Malware has a unique signature sample that can be checked at the time of scanning a file. Every file will be checked against a signature database or updates. If any update file matched to files of directory, that file will be reported as Malware. The approach is purely based on the updates or the Malware definitions. For effective detection Malware definitions must be up to date. 9 P a g e

11 The approach has many limitations for Malware detection, one of them is the detection rate. Detection rate on mobile device is poor. Reasons for this are the limited capacity of mobile devices, runtime complexity and long update database. Other deficiencies of signature base detection are any small change in Malware definition may create a new Malware that may not be detected by old definitions of Malwares. The change can be done in two ways: string changes and replacing some machine code instructions by semantically equivalent instructions. When the Malware sample is not encrypted in any form, machine code instructions can be replaced by semantically equivalent instructions. These simple changes lead to Malware variations with the same behavior as the original Malware sample, but they cannot be detected by signature based detection. Although signature based Malware detection has many deficiencies yet it is the main component of many Malware scanners today. Behavioral Based Detection Due to rapid increment in number of Malwares and limitations of signature based detection, the Behavioral based detection is very efficient approach to detect the Malware files in mobile device. Based on the behavior of a suspected file or application the detection will be performed. The approach collects behavior data at some level e.g. system calls, physical data. The data is classified based on the Malware type and is used to distinguish malicious behavior of files and applications. The approach performs four important plans for any file or application to detect malicious behavior: 1. Pre-Execution plans Before the execution of a process all the running processes and applications must be monitored. Also the system calls, and memory used by every process or application must be monitored. 10 P a g e

12 2. Execution Execute a process or install an application. 3. Post-Execution plans After the execution of a process or application again monitor all the running processes and applications, including system calls, CPU uses and memory uses for every process or application 4. Analyze the Behavior - The behavior of executed process can be analyzed based on the pre and postexecution behavior data. We can recognize the application which uses all the resources of a mobile device including physical memory, also runs any new process or copies any files or folders in device directory. We can also apply signature based detection to detect any particular process created by an application with specific memory size. Malware.SymbOS-Commwarrior creates a process name AdobeFP.exe with physical memory size bytes which can be detected by behavioral based detection. Heuristic Based Detection - The approach is based on some pre-defined rules, experiences and observations. The file is examined for some suspicious characteristics to detect Malwares. The characteristics may include following rules: If any currently running process is taking a large amount of memory, and consuming battery power, the availability of other applications will be affected by such process and user may not be able to run all the applications due to low amount of memory and battery power. These type of processes is detected by Heuristic based detection. These types of attacks are called battery exhaustion or sleep deprivation torture. 11 P a g e

13 Troj/Agent-R that affects windows operating system makes the device very slow If a file having same name as its parent folder and having the extension exe, apk or sis, these types of files are created in the folder by malicious applications. Sometimes these files may be found hidden or memory size 499kb. The file must be reported as Malware. Worm Commwarrior.B operates on Symbian Series 60 devices creates commwarrior.exe file which is a malicious file and spreads using bluetooth. Any application or file which copies its files into root directory of device or makes new directory while user may not be aware about it, is Malware application. There are many other heuristic rules to report a suspicious file as Malware. Number of Malwares are created, modified and edited every day which makes their detection difficult. So it is not easy task to detect all the malicious applications of a device. 12 P a g e

14 3. Design and Implementation of Proposed Antivirus Application Proposed application is in two modes A. J2SE version B. J2ME version J2SE version refers to the Java Standard Edition and J2ME for Java Mobile Edition. The extended web application is integrated with both the versions. 3.1 Minimum Software and Hardware requirements for proposed application For J2SE Version The J2SE version is compatible with the devices which supports Standard Edition of Java. The Edition should support Abstract Windows Toolkit (AWT), Swing components including java file system. Also it requires at least 100MB RAM, 2 GB external memory (Memory card). Device should provide supports for GPRS services. Following web browsers are compatible with web application Internet Explorer 8 or advance Google Chrome Mozilla Fire-fox Safari Also the web server Apache Tomcat and data base server MySQL community Edition is used. SavaJe is a new generation advanced mobile operating system which support both J2SE and J2ME versions of Java For J2ME Version This version of application is compatible with the devices which supports the Micro Edition of Java including file system. It requires 100MB RAM, 2GB external memory. The device must be compatible with reading and writing in text files. The GPRS support must be provided by device. 13 P a g e

15 The device browser must have the facility of uploading and downloading the files from server. 3.2 Design of Proposed Application Use Case Reports The whole application can be divided into two phases, for phase 1 user has to register his/her device to the service provider s website and can download application version compatible with the device. Phase 1 use case Report Fig. 1 Use case diagram for Phase 1 Once the user has the application in his/her device user can use it for various purposes. 14 P a g e

16 Phase 2 use case Report Fig. 2 Use case diagram for Phase 2 Whole application provides two types of services, standalone application services and web application services. Standalone application services includes Local Scan (Quick and Full), Update application while web application services includes report a file as thread, remote scan and download updates and new version of application. 15 P a g e

17 Use Case for web application services Report a thread Fig 3 Use case diagram to report a thread 16 P a g e

18 Use Case Description Use Case Description Submit Details User has to submit required details like his/her name, operating system of mobile, RAM, Processor and Hard disk size, id etc. Submit User has to submit the malicious behavior of suspected file. It Behavior will help the application to understand and to perform test cases on file quickly Upload File After submitting details and behavior, user can upload a file, should be less than 5MB Show Result If the file does not required to apply many test cases and can easily be determined as malicious file, the result will be shown weather the file is safe or not. Also other information related to file like file size, extension of file will be shown. Add File to If the file is reported as malicious, the file will be added in Updates update database of web application Send Result Result of uploaded file will be send to the user via id 17 P a g e

19 Remote Scan Fig 4 Use case diagram for remote scan Use Case Description Use Case Upload File Perform Scan Print Result Send Result Description User can choose any file to scan online, the file should be less than or equal 5MB If the file is correctly uploaded, web application will perform scan Scan result of the file will be shown on the web page If the User has valid account, and logged in from the account, the result can be send to his/her id 18 P a g e

20 3.2.2 Activity Diagrams Registration Activity Registration is very first activity which mobile user needs to do in order to use our application. User will register his/her device to MBSL AV which is the application provider. All the required details like user s name, id, phone number, and device name must be filled and a password must be chosen to complete the registration. Fig 5 Activity diagram representing Device registration Activity 19 P a g e

21 Login Activity Registered user can login to download the application. User has to fill the username ( id) and password to complete the login activity. If login successful the user will automatically be redirected to personal home page of user, otherwise error message will be displayed and ask to retry. User can download the compatible version of application by login. Fig 6 Activity diagram representing Login Activity 20 P a g e

22 Standalone application Activities 1. Quick Scan Activity Standalone application provides quick scan option. To perform quick scan user will select Quick from combo box list. User can select single file, single directory and multiple directories to perform scan. If no directory/file is selected the application will return to starting position and user can again select directory. All the files from selected directory/directories will be stored and signature based detection will be applied to detect malware files. If any file is reported as malware, path of that file in device will be stored. Behavior based detection will be applied for those files which are not detected as malware in signature based detection. If any application or process is reported as malware, it will be stored and the count of number of processes will be made. The result of quick scan will be displayed in non-editable text box, which contains the path of the files which are reported as malware. It will also contain the malicious processes reported during behavioral based approach. Malware file and process count will be shown as number of malwares found in scan. If at least one malware is found, device status will be set as At Risk otherwise device status remain as Protected. 21 P a g e

23 Fig 7 Activity diagram representing Quick Scan Activity 22 P a g e

24 2. Full Scan Activity Full scan is similar to quick scan the only difference is in the approaches used to detect malware files. Signature based approach is still used, the additional approach which we use here is heuristic based. Files which are not reported as malicious by signature based detection will be scan using heuristic based detection. Malware reported files by both the approaches will be stored and the count to determine the number of malware files will be made. Based on the number of malwares device status will be maintained. The result of scan will be displayed in similar form as quick scan. 23 P a g e

25 Fig 8 Activity diagram representing Full Scan Activity 24 P a g e

26 Web application Activities 1. Report a thread Web application part of the antivirus application provides various facilities. Report a thread a one of the most important among them. User can submit any sample file to the application for that the user thinks that it must be a malware files. User has to submit the behavior of that file, based on submitted behavior the file will be scan and test cases will be applied. First user will login if he/she is not a registered user the page will redirect to the registration page. User will provide username and password to login, if he/she will successfully sign in the use need to choose option to report a thread. All required details must be filled by user. If details are valid user will be asked to upload a file, the file must be less than or equal to 5MB otherwise user will be redirected to error message page. If uploaded file is valid, it will be checked based on the behavior submitted by user. If the file is reported as malware it will be added to update database so that other user can have the updates about this file. Result of scan will also be send to the user via P a g e

27 Fig 9 Activity diagram representing activity of reporting a thread 26 P a g e

28 2. Update application Activity Updates are very much important for any antivirus application. Based on the updates application will determine whether any file or application is malicious or not. Proposed application will also provide the facility of update. To update the application user will select update option, it will redirect the application to MBSL AV s website. If connection establishes successfully user needs to choose the operating system of the mobile device (in case he/she has not registered device otherwise it will automatically be taken by user s account). After that user can download the updates and can choose to save in specific folder. The location of the folder will be provided before download. After the completion of download the application will read the update files from that location and if a file is not already present in update database that file will be saved in database. This will be done with all the files. If all downloaded files are already there in database no knew update message will be shown. Update portion will be maintained in separate window and the status will be shown using progress bar. If user closes the update window before the completion of update, message wait till update completes will be displayed. For J2ME version one additional option of update update yourself is given. User should choose this option to update the application only if he/she is confident enough about the files. 27 P a g e

29 Fig 10 Activity diagram representing Update Activity 28 P a g e

30 3.3 Implementation Tools and Technologies used in the development and implementation of Proposed Application 1. J2SE It refers to Java standard Edition which is widely used in development and deployment of desktop applications. It uses object oriented java programming language. It provides many GUI development kits and components. AWT and java swing are the examples for that. 2. J2ME It is Micro edition of java designed for embedded systems including mobile phones. It is designed by Sun Microsystems and later acquired by Oracle Corporation. Although it is not used on some of the today s newest mobile platform like iphone, windows phone, Android still it continue to be very popular in most of the Nokia series 40 phones. The Connected Limited Device Configuration (CLDC) contains a strict subset of the Java class libraries, and is the minimum amount needed for the Java virtual machine to operate. CLDC is basically used for classifying myriad devices into a fixed configuration. We are using CLDC 1.1 Mobile Information Device Profile (MIDP) includes a GUI and a data storage API and MIDP 2.0 includes a basic 2D gaming API. Applications written for this profile are called MIDlets. We have used MIDP 2.0 with our application. 3. J2EE Enterprise Edition of Java provides an API and runtime environment for developing and running network and web services. It uses an application server to run the web applications. The proposed application s (MBSL AV) web application is designed using J2EE. J2EE s web applications are developed in Java or variation of Java (JSP). 4. JSP JSP or Java Server Pages is a technology which is used to develop dynamic web pages based on HTML or XML. It uses Java programming language. To run the 29 P a g e

31 web pages developed on JSP a compatible web server with servlet container is required. We have used Apache Tomcat web server. Fig 11 Architecture of JSP 5. Netbeans IDE 7.3 It is an Integrated Development Environment to develop desktop and web application using Java by Oracle Corporation. It is compatible with windows, OS X, Linux and Solaris. The latest version of Netbeans is 7.3 which provides supports for other languages like PHP,C & C++ and HTML MySQL Database community Edition It is an open source relational database management system by Oracle Corporation. It is used for database management using Structure Query Language. Many high profile web sites including Google, Wikipedia and Facebook. 7. Java Script 30 P a g e

32 It is a dynamic computer programming language which used to control web browsers. It is also used with HTML to handle the validation of HTML forms. 8. Apache Tomcat It is an open source web server which required to run the JSP pages in web application development. It is developed by Apache Software Foundation. It also includes many third party libraries for file systems in JSP. 9. Rational Software Architecture by IBM version 7.0 It is a designing tool for developing J2EE or web application and is built in Eclipse open source software framework. It uses Unified Modeling Language to design diagrams Important algorithms used in implementation of Proposed Application Algorithm to get all the files of a directory which has one or more sub-directories 1. Initialize a file stack 2. Take a directory and push it into stack 3. While loop until stack is Empty 4. Pop this directory from stack and check (a) If it has sub-directory/directories, push all subdirectories into stack (b) Else if it has a file, store the file in array 4. End of While loop The above algorithm can be used for all the directories to get files of that directory. 31 P a g e

33 Algorithm to compare to string arrays The algorithm can be used for signature based detection in J2ME version. The entire files/processes name will be stored in one string array and update definitions in another array. 1. Initialize two String arrays 2. Store files name in one array and updates in another array 3. Sort both the arrays using merge sort in alphabetical order 4. Get the length of arrays (m for first array and n for second array& m>n) 5. While loop until every element of first array is less than L1 6. While loop until every element of second array is less than L2 7. Check the every element of first array to every element of second array, if a. Both are same, increment the index of both arrays and print element of array. b. First is less than second one, increment the index of first array c. First is greater than second, increment the index of second array 8. Do this for all elements (strings) of both arrays 9. End of while loops The algorithm will take [(m-1) +n]-(no of same strings) when we have two sorted arrays. The sorting of array will take O (nlogn) if we use merge sort to sort array in alphabetical order. 32 P a g e

34 3.3.3 Screen shoots 1. Standalone Application As discussed in previous pages standalone application is in two versions J2SE version Quick Scan Screen shoot Full Scan result Screen shoot 33 P a g e

35 Update Screen shoot J2ME version In J2ME version the application first lists the directories your mobile device has, after that you have to put the directory which you want to scan in next GUI part.you can also select a directory as default, in that case application will not ask next time. Mostly mobile phone has two types of memories phone and memory card. You can scan any one of them. But both in same time scan is not possible. List root directories Screen shoot 34 P a g e

36 Scan, Update and GUI Screen shoot 35 P a g e

37 2. Web Application Remote scan Screen shoot Errors in file uploading Screen shoot Scan result Screen shoot 36 P a g e

38 Report thread Screen shoot Successfully reported thread Screen shoot 37 P a g e

39 3.3.4 Installation of Application in mobile device For J2ME The application can be installed in our mobile device only if it satisfies the minimum requirements listed in previous pages. A jar file will be downloaded when you download the application from MBSL AV s website. The following steps need to be follow while installing the application 1. Go to the downloaded file and click open, if you have the application on your pc you can copy it into your phone. It is just 1MB size application does not take much time to copy then you go to your memory card you will find an application named MBSL AV. You can open it. 2. You must copy a file named update.txt into same location where you have installed the application. 3. If your mobile shows a message regarding untrusted application choose yes. 4. When you click yes the application will list all the root directories of your mobile device. You can use any of them to perform scan clicking ok. 5. Now the main interface part of application will be opened on your mobile screen. It will ask you to enter the directory which you have seen in the previous step. You must enter the exact directory name which shown in last step. Now click Next 6. Now you can choose Menu to select option Scan or Update. Scan result will be printed when scan completes. For web application you just need to register your device and you will be able to use all services. 38 P a g e

40 3.3.5 Supported Mobile Phones The proposed application is supported by mobile devices which supports J2ME. Newly mobile operating systems like IOS, Android and windows phone do not support J2ME. Based on the data provided on Wikipedia.org we have done estimation it shows most of the Nokia Phones supports J2ME, while very few of Samsung, HTC and Siemens phones are compatible with J2ME. SavaJe is new generation mobile operating system which supports J2SE. Some of the characteristics of SavaJe are listed here: Write once, run any where A Rich Graphical and user interface Experience(AWT, Swing support) File system Some of Nokia phones provide support for J2SE AWT components e.g. S80 series 9210, 9210i and P a g e

41 4. Conclusion The application Design and Development of Mobile Antivirus Application is successfully designed using UML diagrams. The J2Me version of application is successfully implemented on Nokia 7230 and Oracle Emulator having specifications, device profile MIDP-2.0 and configurations CLDC 1.1.The J2SE version is also successfully implemented on Windows 7 platform using Netbeans IDE 7.3 and MySQL database. The extended web application is also successfully designed, developed and implemented using web server Apache Tomcat and web browser Google Chrome and Firefox. We have also studies various malwares and done an analysis on the basis of their behavior, characteristics, types, place of origin, infected operating system and the part of mobile device infected by malwares. The analysis report for 30 malwares is attached with the report. We have also studies various available Antivirus solutions and done an analysis on the basis of some factors e.g. supported operating system for Pc and mobile, web protection, firewall, cloud security, type of malware which the detect, any malware detected by particular Antivirus. This analysis report is done for 30 Antivirus solutions and is attached with this report. 40 P a g e

42 5. References [1] Mobile Security by Wikipedia [2] Understanding Mobile Malwares by UMU mobile security [3] Various Thread reports by Thread Expert c629 [4] Understanding Anti-Malware Technology white paper by Microsoft Corporation published in 2007 [5] Security of Smartphones at the Dawn of their Ubiquitousness by Michael Becher published on [6] Java Micro Edition Technology by Oracle Corporation dex.html [7] Java Server Page Technology by Oracle Corporation [8] Java IO File System by Oracle Corporation [9] Beginning J2ME from Novice to Professional by Jonathank Knudsen and Sing Li Third Edition, ISBN (pbk): , Publisher Apress Year of publishing 2005 [10] J2ME: The Complete Reference by James Keogh, ISBN , Publisher McGraw-Hill/Osborne USA, Year of publishing [11] Connected Limited Device Configuration (CLDC) Specifications by Sun Microsystems, Inc. released on March 4, P a g e