Contacts
home

Vulnerability management. Identifying Affected Software on Client Computers Vulnerable Software How to Fix

At startup intelligent scan Avast will scan your PC for the following types of problems and then suggest solutions.

  • Viruses: files containing malicious code which can affect the security and performance of your PC.
  • Vulnerable software: programs that require updating, which can be used by intruders to access your system.
  • Bad Reputation Browser Extensions: Browser extensions that are usually installed without your knowledge and have an impact on system performance.
  • Weak passwords: Passwords that are used to access more than one Internet account and can be easily hacked or compromised.
  • Network Threats: vulnerabilities in your network that could make it possible for attacks on your network devices and a router.
  • Performance issues: objects ( unnecessary files and applications, settings related issues) that may interfere with the operation of the PC.
  • Conflicting antiviruses: Antivirus software installed on your PC along with Avast. The presence of several antivirus software slows down your PC and reduces the effectiveness of antivirus protection.

Note... A separate license may be required to resolve certain issues found during smart scan. Detection of unnecessary problem types can be disabled in.

Solving the problems found

A green check mark next to the scan area indicates that no problems were found with it. A red cross means the scan has identified one or more related problems.

To see specific information about the issues found, click Solve all. Intelligent scan shows details of each issue and offers the option to fix it immediately by clicking the item Decide, or do it later by pressing Skip this step.

Note... Antivirus scan logs can be seen in the scan history, which can be accessed by selecting Protection Antivirus.

Managing Smart Scan Settings

To change smart scan settings, select Settings General Smart Scan and indicate which of the listed types of problems you want to perform smart scan for.

  • Viruses
  • Outdated software
  • Browser add-ons
  • Network Threats
  • Compatibility issues
  • Performance issues
  • Weak passwords

All problem types are enabled by default. To stop checking for a specific issue while performing smart scan, click the slider Included next to the problem type so that it changes state to Turned off.

Click Settings next to the inscription Scanning for viruses to change the scan settings.

In some cases, the emergence of vulnerabilities is due to the use of development tools of various origins, which increase the risk of sabotage defects in the program code.

Vulnerabilities appear due to the addition of third-party components or free code (open source) to the software. Foreign code is often used "as is" without careful analysis and security testing.

One should not exclude the presence of insider programmers in the team, who deliberately add additional undocumented functions or elements.

Classification of software vulnerabilities

Vulnerabilities arise from errors in the design or writing phase program code.

Depending on the stage of emergence, this type of threat is divided into design, implementation and configuration vulnerabilities.

  1. Design mistakes are the hardest to spot and fix. These are inaccuracies of algorithms, bookmarks, inconsistencies in the interface between different modules or in the protocols of interaction with the hardware, the introduction of sub-optimal technologies. Their elimination is a very time-consuming process, also because they can appear in non-obvious cases - for example, when the specified volume of traffic is exceeded or when a large number of additional equipment is connected, which complicates the provision of the required level of security and leads to the emergence of ways to bypass the firewall.
  2. Implementation vulnerabilities appear at the stage of writing a program or introducing security algorithms into it. This is a flawed organization computing process, syntactic and logical defects. However, there is a risk that the flaw could lead to buffer overflows or other problems. Finding them takes a long time, and elimination means fixing certain parts of the machine code.
  3. Hardware and software configuration errors are common. Their common reasons are insufficient quality development and lack of tests for correct operation. additional functions... This category can also be attributed too simple passwords and the default accounts left unchanged.

According to statistics, vulnerabilities are especially often found in popular and widespread products - desktop and mobile. operating systems, browsers.

Risks of using vulnerable programs

The programs in which the largest number of vulnerabilities are found are installed on almost all computers. There is a direct interest on the part of cybercriminals in finding such flaws and writing for them.

Since it takes quite a long time from the moment a vulnerability is discovered to the publication of a patch (patch), there is a fair amount of opportunity to infect computer systems through security holes in the code. In this case, the user only needs to open once, for example, a malicious PDF file with an exploit, after which the attackers will gain access to the data.

Infection in the latter case occurs according to the following algorithm:

  • The user receives by e-mail a phishing email from a credible sender.
  • The letter contains a file with an exploit.
  • If the user attempts to open the file, the computer becomes infected with a virus, trojan (ransomware) or other malicious program.
  • Cybercriminals gain unauthorized access to the system.
  • Valuable data is being stolen.

Research carried out by various companies (Kaspersky Lab, Positive Technologies) shows that there are vulnerabilities in almost any application, including antiviruses. Therefore, the probability to establish software, containing flaws of varying degrees of criticality, is very high.

To minimize the number of holes in the software, it is necessary to use the SDL (Security Development Lifecycle). SDL technology is used to reduce the number of bugs in applications at all stages of their creation and support. So, when designing software, information security specialists and programmers simulate cyber threats in order to find vulnerabilities. During programming, automatic tools are included in the process, immediately reporting potential flaws. The developers seek to significantly limit the functionality available to unverified users, which helps to reduce the attack surface.

To minimize the impact of vulnerabilities and the damage from them, it is necessary to follow some rules:

  • Promptly install developer-released patches for applications or (preferably) enable auto mode updates.
  • If possible, do not install questionable programs, whose quality and technical support raise questions.
  • Use special vulnerability scanners or specialized functions antivirus products that allow you to search for security errors and, if necessary, update the software.

Currently developed a large number of tools designed to automate the search for program vulnerabilities. This article will cover some of them.

Introduction

Static code analysis is software analysis that is performed on the source code of programs and is implemented without actually executing the program under study.

Software often contains various vulnerabilities due to errors in the program code. Errors made in the development of programs, in some situations, lead to a program failure, and, consequently, the normal operation of the program is disrupted: in this case, data change and corruption, the program or even the system stop, often occurs. Most of the vulnerabilities are associated with incorrect processing of data received from outside, or insufficient verification of them.

To identify vulnerabilities, various tools e.g. static analyzers source code programs, an overview of which is given in this article.

Classification of security vulnerabilities

When the requirement for the correct operation of the program on all possible input data is violated, the appearance of so-called security vulnerabilities becomes possible. Security vulnerabilities can lead to the fact that one program can be used to overcome the security limitations of the entire system as a whole.

Classification of protection vulnerabilities depending on software errors:

  • Buffer overflow. This vulnerability arises from the lack of control over the out-of-bounds of an array in memory during program execution. When a data packet that is too large overflows a buffer of limited size, the contents of the foreign memory cells are overwritten and the program crashes and exits. Based on the location of the buffer in the process memory, there are buffer overflows in the stack (stack buffer overflow), heap (heap buffer overflow) and static data area (bss buffer overflow).
  • Tainted input vulnerability. Spoiled input vulnerabilities can arise when user input is passed without sufficient control to the interpreter of some external language (usually the Unix shell or SQL). In this case, the user can specify the input data in such a way that the launched interpreter will execute a command that is completely different from the one intended by the authors of the vulnerable program.
  • Errors format strings(format string vulnerability). This type security vulnerability is a subclass of tainted input vulnerability. It occurs due to insufficient parameter control when using the format I / O functions printf, fprintf, scanf, etc. standard library C language. These functions take as one of the parameters a character string that specifies the format for the input or output of subsequent arguments to the function. If the user is able to specify the type of formatting, then this vulnerability can arise as a result of unsuccessful use of string formatting functions.
  • Vulnerabilities as a consequence of timing errors (race conditions). Problems associated with multitasking lead to situations called "race conditions": a program that is not designed to run in a multitasking environment may think that, for example, the files it uses cannot be changed by another program. As a result, an attacker who replaces the contents of these working files in time can force the program to perform certain actions.

Of course, besides the listed ones, there are other classes of security vulnerabilities.

Overview of existing analyzers

The following tools are used to detect security vulnerabilities in programs:

  • Dynamic debuggers. Tools that allow you to debug a program during its execution.
  • Static analyzers (static debuggers). Tools that use information accumulated during the static analysis of a program.

Static analyzers indicate those places in the program where the error may be found. These suspicious code snippets may contain an error or be completely safe.

This article provides an overview of several existing static analyzers. Let's take a closer look at each of them.

Another way to look at this problem is that companies need to react quickly when an application has a vulnerability. This requires the IT department to be able to definitively track installed applications, components and patches using automation and standard tools. There are industry efforts to standardize software tags (19770-2), which are XML files installed with an application, component, and / or patch that identify the installed software and in the case of a component or patch, which application they are part of. Tags have authoritative publisher information, version information, file list with filename, secure file hash and size, which can be used to confirm that the installed application is on the system and that binaries have not been modified by a third party. These labels are signed digitally signed the publisher.

When a vulnerability is known, IT departments can use their asset management software to immediately identify systems with vulnerable software and can take steps to update systems. Tags can be part of a patch or update that can be used to verify that the patch is installed. In this way, IT departments can use resources such as the NIST National Vulnerability Database as a tool to manage their asset management tools, so that once a vulnerability is submitted by the company to NVD, IT can immediately compare the new vulnerabilities with theirs. by now.

There is a group of companies working through a non-profit organization IEEE / ISTO called TagVault.org (www.tagvault.org) with the US government on a standard implementation of ISO 19770-2 that will enable this level of automation. At some point, these tags corresponding to this implementation are likely to be mandatory for software sold to the US government at some point in the next couple of years.

Therefore, in the end, it is good practice not to post about which applications and specific software versions you are using, but this can be difficult, as stated earlier. You want to ensure that you have an accurate, up-to-date software inventory, that it is regularly compared against a list of known vulnerabilities such as NVID from NVD, and that IT can take immediate action to reminder the threat.This is along with the latest detection intrusions, antivirus scans and other methods of blocking the environment, at the very least, it will be very difficult to compromise your environment, and if / when it does, it will not be detected for a long period of time.

Vulnerability management is the identification, assessment, classification and selection of a solution to remediate vulnerabilities. Vulnerability management is based on vulnerability information repositories, one of which is the Prospective Monitoring Vulnerability Management System.

Our solution controls the emergence of information about vulnerabilities in operating systems (Windows, Linux / Unix-based), office and application software, hardware software, information security tools.

Data sources

The Vulnerability Management System database of the Prospective Monitoring software is automatically updated from the following sources:

  • Information Security Threats Databank (BDU BI) FSTEC of Russia.
  • National Vulnerability Database (NVD) NIST.
  • Red Hat Bugzilla.
  • Debian Security Bug Tracker.
  • CentOS Mailing List.

We also use an automated method to replenish our vulnerability database. We have developed a web page crawler and unstructured data parser, which are analyzed every day by more than a hundred different foreign and Russian sources for a number of keywords- groups in social networks, blogs, microblogs, media dedicated to information technology and ensuring the security of information. If these tools find something that matches the search criteria, the analyst manually checks the information and enters the vulnerability database.

Control software vulnerabilities

Using the Vulnerability Management System, developers can monitor the presence and status of detected vulnerabilities in third-party components of their software.

For example, in Hewlett Packard Enterprise's Secure Software Developer Life Cycle (SSDLC) model, third-party library control is central.

Our system monitors for vulnerabilities in parallel versions/ builds of one software product.

It works like this:

1. The developer gives us a list of third-party libraries and components that are used in the product.

2. We check daily:

b. whether there are methods to eliminate previously discovered vulnerabilities.

3. We notify the developer if the status or scoring of a vulnerability has changed in accordance with the specified role model. This means that different development teams of the same company will receive alerts and see the status of vulnerabilities only for the product they are working on.

The frequency of the Vulnerability Management System alerts is customizable, but if a vulnerability with a CVSS score greater than 7.5 is found, developers will receive immediate alerts.

Integration with ViPNet TIAS

The ViPNet Threat Intelligence Analytics System hardware and software complex automatically detects computer attacks and detects incidents based on events received from various sources information security... The main source of events for ViPNet TIAS is ViPNet IDS, which analyzes incoming and outgoing network traffic using the AM Rules decision rule bases developed by "Perspective Monitoring". Some signatures are written to detect exploitation of vulnerabilities.

If ViPNet TIAS detects an information security incident in which a vulnerability was exploited, then all information related to the vulnerability is automatically entered into the incident card from the CMS, including methods of eliminating or compensating for the negative impact.

The incident management system also helps in the investigation of information security incidents, providing analysts with information about indicators of compromise and potential information infrastructure nodes affected by the incident.

Monitoring of vulnerabilities in information systems

Another use case for the vulnerability management system is on-demand scanning.

The customer independently generates a list of installed on the node (AWP, server, DBMS, PAK SZI, network hardware) system and application software and components, transfers this list to the CMS and receives a report on detected vulnerabilities and periodic notifications about their status.

Differences between the System and common vulnerability scanners:

  • Does not require installation of monitoring agents on the nodes.
  • Does not create a load on the network, since the very architecture of the solution does not provide agents and scan servers.
  • Does not create a load on the equipment, since the list of components is created system commands or a lightweight open source script.
  • Eliminates the possibility of information leakage. “Prospective monitoring” cannot reliably know anything about the physical and logical location or functional purpose of a node in an information system. The only information that leaves the customer's controlled perimeter is a txt file with a list of software components. This file is checked for content and uploaded to the CMS by the customer himself.
  • For the system to work, we do not need Accounts on controlled sites. Information is collected by the site administrator on his own behalf.
  • Safe exchange information on ViPNet VPN, IPsec or https.

Connection to the Prospective Monitoring vulnerability management service helps the customer to fulfill the ANZ.1 requirement "Identification and analysis of vulnerabilities information system and prompt elimination of newly identified vulnerabilities "of orders of FSTEC of Russia No. 17 and 21. Our company is a licensee of FSTEC of Russia for activities related to technical protection confidential information.

Price

The minimum cost is 25,000 rubles per year for 50 nodes connected to the system with a valid contract for connecting to



Did you like the article? Share it
Recommended related articles
How to update iPad: instructionsHow to update iPad: instructions
How Do Not Disturb mode works on iPhoneHow Do Not Disturb mode works on iPhone
Nokia 3310 when it came out. How they find usNokia 3310 when it came out. How they find us
Visitors are now discussing
History of computer graphics in Russia 1 history of development of computer graphicsHistory of computer graphics in Russia 1 history of development of computer graphics Wireless
Complete order: How to organize icons on a smartphone Complete order: How to organize icons on a smartphoneComplete order: How to organize icons on a smartphone Complete order: How to organize icons on a smartphone Android
Xiaomi Huami Amazfit Bip is the best smartwatch without any but even ifXiaomi Huami Amazfit Bip is the best smartwatch without any but even if LG TVs
What is Jailbreak and what is it for?What is Jailbreak and what is it for? Useful