AI-Powered Cyberattacks: How to Detect, Prevent & Defend Against Intelligent Threats

Read Now
We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.

Linux, Android, Windows, Mac - Gears Does it All

Share this Post

OPSWAT is proud to announce that Gears clients are now available for AndroidTM and Linux operating systems! These new clients feature a streamlined registration process and IP reputation scanning options, and position Gears to provide enterprise-wide device visibility to organizations securing an increasingly mobile workforce. Read on for more information on the new clients, and a few other improvements we made along the way!

Code Name: Michigan

Overview

Gears is used around the world to monitor and manage the security state of Windows and Mac devices, no matter where they are or how they connect or which software they have installed. Gears is the single pane of glass that allows IT security professionals to unify their endpoint posture policies and seamlessly integrate into secure access solutions for enforcement. This release marks a huge step forward as we are adding support for Linux and Android devices with the same ease of use and unique features that our Gears customers love, in addition to some new unique features as well.

Gears for Android is not an MDM. It is an app freely available in the Google Play Store, requires no administrative rights on the phone, and no complicated MDM provisioning. Any Android user can download and install the app. Scanning is done on-demand when the app is opened and only takes a few seconds. By inputting your Gear's account registration code, their report results will automatically be sent to Gears servers and associated with your account, providing you with MDM-like visibility without the cost or complex deployment. This is ideal for true BYOD scenarios, ad-hoc security assessments, NAC integrations and more.

Gears for Linux is a lightweight service that runs in the background, easily installs via Yum or Apt-get, and supports auto-update for CentOS/RHEL and Ubuntu. This initial release is command-line only and will work equally well on workstations, laptops and servers -- on-premises, remote or cloud. An open source version is in progress and will be available soon as well.

Download the New Clients

The guest device download page for Gears has been redesigned and now includes tabs for Android and Linux. The link to the download page hasn't changed so you don't have to change your existing integrations.


Click to Enlarge

The Add Devices window has been updated with icons representing the supported operating systems.


Click to Enlarge

The guest device download page has been redesigned for easier use. It auto-detects the operating system of the client and displays the appropriate tab. For auto-configured agents like Windows and Mac the download and install is unchanged. The Linux client installation requires the user to copy and paste several lines of commands. These commands are automatically customized so the Linux device will report to your account. The instructions for Android are just as easy and will be improved even more in the next few weeks with one-click onboarding.

Gears for Linux and Android -- Feature Comparison

Now that clients are available for four different operating system families, we thought it might be helpful to provide a side-by-side comparison of the features available for each OS. This chart does not cover the Gears management console features, only the client-related features. Take a look at the table below, and let me know if there are features you would like to see added to the roadmap for the OS of your choice!

AndroidLinuxWindowsMac OS X
General Features
Register to Gears CloudVia registration codeVia license key
Managed DevicesRoadmapYes
Guest DevicesYes*Yes*Yes
Persistent AgentRoadmapYesYes
Dissolvable/On-Demand AgentYesRoadmapYes
Supported OSAndroid 4.4+VariousWindows XP-10, Server 2003-2012OS X 10.8+
Supported PlatformsPhone, TabletDesktop, Laptop, Server, VM
Attended InstallationVia Google Play storeYesYesYes
Remote/Auto InstallationNoYesYesYes
Auto UpdateYesYes 1Yes (Optional)
Tamper ResistenceNativeLimitedYesYes
GUIUser and Pro ModeRoadmapYes (Optional)Yes (Optional)
CLIn/aYesYesYes
GUI Rebranding/CustomizationBy RequestRoadmapBy CustomerBy Customer
SDK AvailableYesYesYesYes
Detailed Features
Infections: 40+ Engine Malware ScanRoadmapReport & EnforceReport & EnforceReport & Enforce
Infections: Repeated ThreatsNoRoadmapReport & EnforceReport & Enforce
Infections: IP Reputation ScanReport & EnforceReport & EnforceRoadmapRoadmap
Detect Current Usern/aReport OnlyReport OnlyReport Only
Detect HostnameYesReport OnlyReport OnlyReport Only
Detect Network AdaptersRoadmapReport OnlyReport OnlyReport Only
Detect MAC Address & IPsReport OnlyReport OnlyReport OnlyReport Only
Detect System LanguageReport OnlyReport OnlyReport OnlyReport Only
Detect System ArchitectureRoadmapReport OnlyReport OnlyRoadmap
Detect Kernel VersionRoadmapReport OnlyRoadmapRoadmap
Detect Installed Software/Apps/PackagesReport OnlyReport OnlyReport OnlyReport Only
Detect PUAs & Risky SoftwareRoadmapRoadmapReport & EnforceReport & Enforce 4
Detect Running ProcessesRoadmapReport OnlyRoadmapRoadmap
Remote (silent) application removaln/aRoadmapYesRoadmap
4-Step Lost & Found CheckReport Only 2n/an/an/a
Security ScoreReport Only 2RoadmapReport Only 2Report Only 2
Device Health ScoreReport Only 2RoadmapRoadmapRoadmap
Detect Ad Tracking StatusReport Only 2n/an/an/a
Detect Rooted StatusReport & Enforcen/an/an/a
Report Disk Encryption Softwaren/an/aReport & EnforceReport & Enforce
Report Disk Encryption StateReport & EnforceReport & EnforceReport & Enforce 3Report & Enforce
OS VersionReport & EnforceReport OnlyRoadmapRoadmap
Antivirus InstalledRoadmapReport & EnforceYesYes
AV Definition AgeRoadmapReport & EnforceYesYes
Personal FirewallRoadmapReport & EnforceYesYes
Screenlock & PasscodeReport & EnforceRoadmapYesYes
Detect Antiphishing Softwaren/aRoadmapReport & EnforceReport & Enforce
Detect AV Real-Time Protection StateRoadmapRoadmapReport & EnforceReport & Enforce
Detect AV Last System Scan TimeRoadmapRoadmapReport & EnforceReport & Enforce
Detect AV Detected Threat HistoryRoadmapRoadmapReport & EnforceReport & Enforce
Detect Backup SoftwareRoadmapRoadmapReport & EnforceReport & Enforce
Detect Backup StateRoadmapRoadmapReport & EnforceReport & Enforce
Remediate personal firewalln/aRoadmapYesYes
Detect patch management softwaren/aRoadmapReport & EnforceReport & Enforce
Detect patch management agent staten/aRoadmapReport & EnforceReport & Enforce
Detect missing OS patches and service packsRoadmapRoadmapReport & EnforceReport & Enforce
Detect OS auto update staten/aRoadmapReport & EnforceReport & Enforce
Detect lock screen timeoutRoadmapRoadmapReport & EnforceReport & Enforce
Detect available disk spaceReport Only 2RoadmapReport & EnforceReport & Enforce
Detect battery charge and stateReport Only 2n/an/an/a
Detect location services stateReport Only 2n/an/an/a
Detect total and available RAMReport Only 2RoadmapRoadmapRoadmap
Detect reboot recencyReport Only 2RoadmapRoadmapRoadmap
Detect hardware performance levelReport Only 2RoadmapRoadmapRoadmap

Survey/questionnaire integration

NoNoYesYes
Adjustable reporting intervalOn-DemandYesYesYes
Integration
NAC for SaaS: Browser CookieNoNoYesRoadmap
NAC for SaaS: Client CertificateRoadmapRoadmapYesYes
LocalNoNoVia RegistryVia P-List
REST APIYesYesYesYes
Privacy / Personal Information ControlsYesYesYesYes
Auto-trigger remediation pageNoRoadmapYesYes
Pre-tag/group devicesNoRoadmapManaged OnlyManaged Only
Restrict app uninstallationNoRoadmapRoadmapRoadmap
  1. Auto update supported on CentOS 7+ and Ubuntu 14+
  2. Data reported in client GUI, not in the Gears console yet
  3. Windows includes optional encryption algorithm and key length check
  4. Mac supports public file sharing and toolbar categories only
  • Yes: Supported now
  • No: Not supported, not planned
  • n/a: Not available or not relevant
  • Report Only: Data is collected by the endpoint and reported to Gears servers
  • Report and Enforce: Same as report only, plus the ability to create Gears policies on that data
  • Roadmap: Feature is planned

Feature Spotlight: Rooted Device Status for Android

Most of the biggest threats with mobile devices come from those that are rooted. Rooted devices are a threat to secure networks because they have disabled built-in security measures in order to utilize blocklisted or unsafe applications and alter the operating system, causing both the device and the connected network to become more vulnerable to malware infections. Rooted devices allow for applications to affect each other, as well as the operating system in uncontrolled ways. Administrators should be highly suspicious and concerned with rooted devices lingering within their network. This reporting feature is now available via Gears for Android.

Feature Spotlight: Storage Encryption Detection for Android and Linux

Storage encryption is available by default on many mobile devices as well as most Linux distros, and is an important part of many organization's security policies. Without storage encryption, the risk of leaking PII increases exponentially as more and more employees handle more information -- a single device theft or loss can be catastrophic. Gears has been a leader in disk encryption monitoring and enforcement for Windows and Mac, and now extends the same functionality to Linux and Android. You can now monitor and create policies to check the actual encryption state of Android internal storage and Linux /home and /root mount points. With these encryption options being free and built-in to the operating system you can benefit greatly simply by monitoring and enforcing its usage. Try it out on a few Android and Linux devices and let me know what you think.

Revocable Registration Codes

Adding devices to your Gears account has always been easy. The installers and executables are pre-configured to automatically connect to your Gears account. Traditionally this association is done using your Gears license key. The situation is more complex with mobile devices so we had to rethink this process -- it would be unreasonable to ask a user to type in a long license key using a mobile keyboard. So we created a revocable registration code, only 8 characters long, that is easier to share and type, without worrying about distributing your license key to the masses.

Initially, this new registration code is used for on-boarding Linux and Android devices. It will eventually be used for Windows and Mac as well. You can find your registration code on the Android and Linux tabs of the guest device download page, as well as in your account settings in the Gears console.


Click to Enlarge

Should you ever wish to reset your registration code for security reasons or convenience you can do so quite simply from the Gears account settings. Having this capability will help administrators maintain control over what devices are reporting to their account.

Metascan-powered Malware Scanning for Linux

In a recent survey we performed we found that the vast majority of Linux users do not have an antivirus product installed, and among those who did very few used real time protection or file system monitoring. The most common response from survey participants was that they run a free antivirus program occasionally, usually weekly, to perform a system scan. Many of the responses also included that they would feel better about their security if they were able to perform a quick system scan using the 40+ anti-malware engines provided by Metascan Online. Gears for Linux now makes this possible!

Once installed, the Gears for Linux daemon will perform a daily malware scan of all running processes and their linked libraries. This is the same feature we already provide for Windows and Mac devices and is responsible for detecting countless infections and potentially unwanted applications like keyloggers and rogue antivirus products. We're really excited to offer this feature to all of our Gears users immediately.

IP Reputation Scanning for Linux and Android

Not all malware and riskware can be caught with traditional antivirus products. Gears utilizes Metascan Online for malware scanning with over 40 commercial antivirus and anti-malware engines. To further increase detection rates we are introducing IP reputation scanning, also powered by Metascan Online.

Initially available for Linux and Android, Gears will analyze the reputations of all connected IP addresses using 12 large IP reputation databases in order to detect any blocklisted IP addresses. Connections to suspicious IP addresses can be an indicator of potential malicious intent, including data theft and unwanted tracking.

The IP reputation service provided by Metascan Online will classify the type of bad IP that was seen according to how it was detected -- including botnets, malware, phishing, spammers and more.

As with any multi-scanning technology, we have to be careful about false positives. For IP reputation scanning we mitigate false positives in three ways:

  • We use only high quality IP reputation sources, focusing on accuracy over quantity
  • IP addresses are cycled-out if not seen by the scanning sources after a period of time
  • Suspicious IPs are assigned a confidence rating that combines four different weighting factors

The Android app even includes a map showing where all of the active IP connections are located! Get it from Google Play today for free.

Metascan-powered Mobile App Scanning Coming Soon!

There are millions of apps available for Android devices. Sorting through them all to find the 'good ones' while avoiding knock-offs and malware is becoming increasingly difficult. It is hard enough to stay safe if you only download apps from Google Play; if you download apps from untrusted or third-party sources your risk of infection increases dramatically.

A multi-scanning solution like Metascan Online is one of the most effective ways to detect malware and riskware. Currently provided by Gears for Windows, Mac and Linux we are excited to soon introduce the same powerful scanning and detection functionality to Android as well. Once available Gears for Android will scan all installed apps and classify any detected malware, adware, riskware and more. No single mobile antivirus solution can compare to the power and efficacy of 40+ engines running in parallel. Stay current with our OPSWAT Gears Roadmap to find out when we will be rolling out this important feature.

Stay Up-to-Date With OPSWAT!

Sign up today to receive the latest company updates, stories, event info, and more.