The year started with Intel, AMD and their OEM partners announcing that they would soon release PCs that run both Android and Windows 8.1 at the same time. The pilot device shown at CES 2014 was Asus Tranformer Book Duet, a hybrid laptop with a detachable screen that functions independently as a tablet. It lets you jump from one operating system to the other with the press of a button.
We can say with full certainty that there will be other devices supporting more than one operating system: this is the way manufacturers of desktops and notebooks are working to try to revive their market that has suffered so much from the invasion of smartphones and tablets. Transformer laptops have many advantages, but moreover, serious players like Lenovo and HP already showed Android based monoblocks at CES, which are oriented for home use and SMB market.
Thereby, Android is no longer a purely mobile operating system because it’s entering the previously extraneous habitat of personal computers.
By and large, the idea of launching Android and its applications on a Windows PC is not very new. Back in 2012, the company Bluestacks released a virtual machine for Windows, which let you run Android and all its applications, but no one was strongly impressed by that.
Nevertheless, the concern is that what if PCs (desktops, laptops and ultrabooks) with two operating systems suddenly become widely used? Will it bring negative side effects to IT security?
The fact is that the (until recently purely mobile) Android operating system today is in the same position now that Windows was in the mid-1990s to the mid-2000s. Windows was the most popular as well as the most vulnerable and targeted operating system for the dominant class of devices. The vast majority of malicious software for personal computers is still written for Windows, the vast majority (98.05% in 2013) of mobile malware today is targeted at Android. The spread of the banking mobile Trojans of ZitMo is especially frustrating, because they act in conjunction with the Trojans on PCs and allow a bypassing of two-step verification used by banks and payment services to prevent frauds.
The threat of countless malicious programs for Android adding to existing PC security problems (namely the malware for Windows) is a major concern. How will it affect the overall landscape of threats and how much of a headache will it give to users and administrators of corporate networks?
It generally depends on the architecture of hybrids and their settings, particularly on Android: either running inside a virtual machine under Windows or being installed on par with Windows, and on the extent of the free data exchange between the two operating systems, as well as between them and the local network that a hybrid device is connected to.
It is all about the human factor. As with malware for PCs, mobile malicious programs infect devices with the help of users installing applications infected by Trojans because of ignorance or negligence.
Intel’s plans are certainly encouraging. The giant promised to improve Android’s security as much as possible, but users should have an idea about the basics of mobile security. And system administrators need to take the new vector of information threats into account. In 2013 Kaspersky Lab’s experts repeatedly observed situations when Android devices were infected via personal computers. The opposite cases were registered, too, when mobile devices connected to PCs via USB ports in the external drive emulation mode became sources of personal computers’ infection. That is, the interpenetration of malware between Android and Windows already exists anyway.