Vulnerable software found. Identifying vulnerable software on client computers. Software vulnerability monitoring

On startup smart scanning Avast will check your PC for the following types of problems and then suggest solutions for them.

Viruses: files containing malicious code, which may affect the security and performance of your PC.
Vulnerable software: Programs that require updating and can be used by attackers to gain access to your system.
Browser extensions with a bad reputation: Browser extensions that are usually installed without your knowledge and affect system performance.
Weak passwords: Passwords that are used to access more than one online account and can be easily hacked or compromised.
Network threats: Vulnerabilities in your network that could allow attacks on your network devices and router.
Performance issues: objects ( unnecessary files and applications, problems related to settings) that may interfere with the operation of the PC.
Conflicting antiviruses: antivirus programs installed on your PC with Avast. Availability of several antivirus programs slows down your PC and reduces the effectiveness of anti-virus protection.

Note. Certain issues detected by Smart Scan may require a separate license to resolve. Detection of unnecessary problem types can be disabled in .

Solving detected problems

A green check mark next to the scan area indicates that no problems were found with that area. A red cross means the scan has identified one or more related problems.

To view specific details about detected issues, click Solve everything. Smart Scan shows details of each issue and offers the option to fix it immediately by clicking the item Decide, or do it later by clicking Skip this step.

Note. Antivirus scan logs can be seen in scan history, which can be accessed by selecting Protection Antivirus.

Manage Smart Scan Settings

To change Smart Scan settings, select Settings General Smart Scan and specify which of the following problem types you want to smart scan for.

Viruses
Outdated software
Browser add-ons
Network threats
Compatibility issues
Performance issues
Weak passwords

By default, all problem types are enabled. To stop checking for a specific issue when running a Smart Scan, click the slider Included next to the problem type so that it changes the state to Turned off.

Click Settings next to the inscription Virus scanning to change scan settings.

Currently, a large number of tools have been developed to automate the search for program vulnerabilities. This article will discuss some of them.

Introduction

Static code analysis is analysis software, which is produced on the source code of programs and is implemented without the actual execution of the program under study.

Software often contains various vulnerabilities due to errors in the program code. Errors made during program development in some situations lead to program failure and, therefore, the normal operation programs: this often causes changes and damage to data, stopping the program or even the system. Most vulnerabilities are associated with incorrect processing of data received from the outside, or insufficiently strict verification of it.

Various methods are used to identify vulnerabilities tools, for example, static analyzers source code programs, an overview of which is given in this article.

Classification of security vulnerabilities

When the requirement for a program to operate correctly on all possible input data is violated, the appearance of so-called security vulnerabilities becomes possible. Security vulnerabilities can mean that one program can be used to overcome the security limitations of an entire system.

Classification of security vulnerabilities depending on software errors:

Buffer overflow. This vulnerability occurs due to a lack of control over array out-of-bounds in memory during program execution. When a packet of data that is too large overflows the limited-size buffer, the contents of the extraneous memory locations are overwritten, causing the program to crash and exit. Based on the location of the buffer in process memory, buffer overflows are distinguished on the stack (stack buffer overflow), heap (heap buffer overflow) and static data area (bss buffer overflow).
Tainted input vulnerability. Spoiled input vulnerabilities can occur when user input is passed to the interpreter of some external language (usually a Unix shell or SQL) without sufficient control. In this case, the user can specify input data in such a way that the launched interpreter will execute a completely different command than was intended by the authors of the vulnerable program.
Format string vulnerability. This type Security vulnerabilities are a subclass of the "tainted input" vulnerability. It occurs due to insufficient parameter control when using the format I/O functions printf, fprintf, scanf, etc. standard library C language. These functions take as one of their parameters a character string that specifies the input or output format of subsequent function arguments. If the user can specify the type of formatting, this vulnerability could result from unsuccessful use of string formatting functions.
Vulnerabilities as a result of synchronization errors (race conditions). Problems associated with multitasking lead to situations called "race conditions": a program that is not designed to run in a multitasking environment may believe that, for example, the files it uses cannot be changed by another program. As a result, an attacker who replaces the contents of these working files in time can force the program to perform certain actions.

Of course, in addition to those listed, there are other classes of security vulnerabilities.

Review of existing analyzers

The following tools are used to detect security vulnerabilities in programs:

Dynamic debuggers. Tools that allow you to debug a program during its execution.
Static analyzers (static debuggers). Tools that use information accumulated during static analysis of a program.

Static analyzers point to those places in the program where an error may be located. These suspicious pieces of code may either contain an error or be completely harmless.

This article provides an overview of several existing static analyzers. Let's take a closer look at each of them.

Vulnerability management is the identification, assessment, classification and selection of a solution to address vulnerabilities. The foundation of vulnerability management is repositories of information about vulnerabilities, one of which is the “Forward Monitoring” Vulnerability Management System.

Our solution controls the appearance of information about vulnerabilities in operating systems(Windows, Linux/Unix-based), office and application software, equipment software, information security tools.

Data sources

The database of the Perspective Monitoring Software Vulnerability Management System is automatically updated from the following sources:

Data Bank of Information Security Threats (BIS) FSTEC of Russia.
National Vulnerability Database (NVD) NIST.
Red Hat Bugzilla.
Debian Security Bug Tracker.
CentOS Mailing List.

We also use an automated method to update our vulnerability database. We have developed a web crawler and unstructured data parser that every day analyzes more than a hundred different foreign and Russian sources across a number of keywords- groups in social networks, blogs, microblogs, media dedicated to information technology and ensuring information security. If these tools find something that matches the search criteria, the analyst manually checks the information and enters it into the vulnerability database.

Software vulnerability monitoring

Using the Vulnerability Management System, developers can monitor the presence and status of detected vulnerabilities in third-party components of their software.

For example, in Hewlett Packard Enterprise's Secure Software Developer Life Cycle (SSDLC) model, control of third-party libraries is central.

Our system monitors the presence of vulnerabilities in parallel versions/builds of the same software product.

It works like this:

1. The developer provides us with a list of third-party libraries and components that are used in the product.

2. We check daily:

b. whether methods have appeared to eliminate previously discovered vulnerabilities.

3. We notify the developer if the status or scoring of the vulnerability has changed, in accordance with the specified role model. This means that different development teams within the same company will receive alerts and see the vulnerability status only for the product they are working on.

The Vulnerability Management System alert frequency is configurable, but if a vulnerability with a CVSS score greater than 7.5 is detected, developers will receive an immediate alert.

Integration with ViPNet TIAS

The ViPNet Threat Intelligence Analytics System software and hardware system automatically detects computer attacks and identifies incidents based on events received from various sources information security. The main source of events for ViPNet TIAS is ViPNet IDS, which analyzes incoming and outgoing network traffic using the AM Rules decision rule base developed by Perspective Monitoring. Some signatures are written to detect exploitation of vulnerabilities.

If ViPNet TIAS detects an information security incident in which a vulnerability was exploited, then all information related to the vulnerability, including methods for eliminating or compensating for the negative impact, is automatically entered into the incident card from the management system.

The incident management system also helps in the investigation of information security incidents, providing analysts with information about indicators of compromise and potential information infrastructure nodes affected by the incident.

Monitoring the presence of vulnerabilities in information systems

Another scenario for using a vulnerability management system is on-demand scanning.

The customer independently generates, using built-in tools or a script developed by us, a list of what is installed on the node (workstation, server, DBMS, information security software package, network hardware) system and application software and components, transmits this list to the control system and receives a report on detected vulnerabilities and periodic notifications about their status.

Differences between the System and common vulnerability scanners:

Does not require installation of monitoring agents on nodes.
Does not create a load on the network, since the solution architecture itself does not provide scanning agents and servers.
Does not create a load on the equipment, since the list of components is created system commands or a lightweight open source script.
Eliminates the possibility of information leakage. “Prospective monitoring” cannot reliably learn anything about the physical and logical location or functional purpose of a node in the information system. The only information that leaves the customer’s controlled perimeter is a txt file with a list software components. This file is checked for content and uploaded to the control system by the customer himself.
For the system to work we do not need Accounts on controlled nodes. The information is collected by the site administrator on his own behalf.
Secure information exchange via ViPNet VPN, IPsec or https.

Connecting to the Perspective Monitoring vulnerability management service helps the customer fulfill the ANZ.1 requirement “Identification and analysis of vulnerabilities information system and prompt elimination of newly identified vulnerabilities" of FSTEC of Russia orders No. 17 and 21. Our company is a licensee of FSTEC of Russia for activities on technical protection confidential information.

Price

Minimum cost - 25,000 rubles per year for 50 nodes connected to the system if there is a valid contract for connection to