Found vulnerable software. Intelligent scanning. Intelligent Scan Settings Management

When starting intellectual scanning avast. Check the PC for the presence of the following types of problems, and then offer options for eliminating them.

  • Viruses: Files containing malicious codewhich may affect the safety and performance of your PC.
  • Vulnerable to: programs requiring updates that can be used by attackers to access your system.
  • Browser expansion with bad reputation: Extensions of the browser, which are usually installed without your knowledge and affect system performance.
  • Unreliable passwords: Passwords that are used to access more than one account on the Internet and can be easily hacked or compromised.
  • Network threats : vulnerabilities of your network that can make possible attacks on your network devices and router.
  • Problems with performance: Objects ( unnecessary files and applications, configuration problems) that may prevent PC operation.
  • Conflicting Antivirus: Antivirus programs installed on a PC with Avast. The presence of several antivirus software Slows down the work of the PC and reduces the effectiveness of anti-virus protection.

Note. Solving certain problems detected during intellectual scanning may require a separate license. Detection of unnecessary types of problems can be disabled in.

Solving problems detected

The green checkbox next to the scan area shows that the problems associated with it are not detected. Red Cross means scanning revealed one or more related problems.

To view specific information about discovered problems, click Element Solve everything. Intelligent scan shows information about each problem and offers the ability to fix it immediately by clicking the element Decideor do it later by clicking Skip this step.

Note. Anti-virus scanning logs can be seen in the scan history, go to which you can by choosing Antivirus protection.

Intelligent Scan Settings Management

To change the intelligent scan settings, select Settings Common Intelligent Scanning And specify, for what of the listed types of problems you want to perform an intelligent scanning.

  • Viruses
  • Outdated by
  • Browser add-in
  • Network threats
  • Compatibility issues
  • Problems with performance
  • Unreliable passwords

By default, all types of problems are included. To stop checking for a specific problem when performing an intelligent scan, click the slider Included Next to the type of problem so that it changes the state to Turned off.

Click Settings Next to the inscription Scanning for virusesTo change the scan settings.

Another way to look at this problem is that companies must respond quickly when the application has a vulnerability. It requires that the IT department be able to finally track installed applications, components and patches using automation and standard tools. There are sectoral efforts to standardize software tags (19770-2), which are XML files installed with an application, component and / or patch that identify the installed software, and in the case of a component or patch, which application they are part. Tags have reputable publisher information, version information, file list with file name, secure file hash and size that can be used to confirm that the installed application is in the system, and that binary files have not been changed by a third party. These labels are signed digital signature publisher.

When a vulnerability is known, IT departments can use their asset management software to immediately detect systems with vulnerable software and can take steps to update systems. Tags can be part of a patch or update that can be used to verify that the patch is installed. Thus, IT departments can use resources such as a national NIST vulnerability database as a means of managing their asset management tools, so that as soon as the vulnerability is sent by the company in NVD, the IT department may immediately compare new vulnerabilities with their To date.

There is a group of companies working through the Non-Profit Organization IEEE / ISTO called TagVault.org (www.tagvault.org) with the US Government, to the standard implementation of ISO 19770-2, which will allow this level of automation. At some point, these tags corresponding to this implementation are likely to be mandatory for the software sold by the US government at some point in the next couple of years.

Therefore, in the end, good practice is not a publication about which applications and specific software versions you use, but this may be difficult, as indicated earlier. You want to make sure that you have an accurate, modern software inventory that it is regularly compared with the list of known vulnerabilities, such as NVID from NVD, and that the IT department can take immediate action to reminicate a threat, it is along with the latest detection intrusions, anti-virus scanning and other medium blocking methods, at least, it will be very difficult to compromise your environment, and if / when it happens, it will not be detected for a long period of time.

Currently, a large number of tools designed to automate the search for program vulnerabilities are developed. This article will consider some of them.

Introduction

Static code analysis is an analysis of the software that is performed above the source code of programs and is implemented without the real execution of the program under study.

Software often contains a variety of vulnerabilities due to errors in program code. Errors made by program development, in some situations, lead to a failure of the program, and therefore, the normal operation of the program is violated: it often occurs a change and damage of data, stop a program or even system. Most vulnerabilities are associated with improper processing of data obtained from the outside, or not sufficiently strictly verified.

To identify vulnerabilities, various tools are used, for example, static analyzers of the source code of the program, the overview of which is given in this article.

Classification of security vulnerabilities

When the requirement of the correct operation of the program on all possible input data is broken, becomes possible appearance So-called security vulnerabilities (Security Vulnerability). Protection vulnerabilities can lead to the fact that one program can be used to overcome restrictions on the protection of the entire system as a whole.

Classification of protection vulnerabilities depending on program errors:

  • Buffer overflow (Buffer Overflow). This vulnerability arises due to the lack of control over the output of the array in memory during the execution of the program. When a large data package overflows a limited buffer, the contents of foreign memory cells is overwritten, and fails and emergency exit From the program. At the location of the buffer in the process of the process, the buffer overflows in the stack (Heap Buffer Overflow) and the Static Data Area (BSS Buffer Overflow) are distinguished.
  • Tainted Input Vulnerability (Tainted Input Vulnerability). The vulnerability of "spoiled input" may occur in cases where the data entered by the user without sufficient control is transmitted to the interpreter of some external language (usually this is a UNIX Shell or SQL language). In this case, the user may thus set the input data that the launched interpreter will fulfill the wrong command that was assumed by the authors of the vulnerable program.
  • Errors format string FORMAT STRING VULNERABILITY). This type Protection vulnerabilities is a subclass of the vulnerability of "spoiled input". It occurs due to insufficient control of the parameters when using the format I / O functions of the PrintF, FPRINTF, SCANF, etc. standard Language Library. These functions are taken as one of the parameters a character string specifying the input format or output of the subsequent function arguments. If the user itself can set the formatting type, this vulnerability may occur as a result of the unsuccessful application of row formatting functions.
  • Vulnerabilities as a result of synchronization errors (Race Conditions). Multitasking problems lead to situations called "Race Status": a program that is not designed to perform in a multi-tasking environment, it may assume that, for example, the files used by it cannot change the other program. As a result, an attacker, on time, replacing the contents of these working files, can impose a program to perform certain actions.

Of course, in addition to the listed, there are other classes of protection vulnerabilities.

Overview of existing analyzers

The following tools apply to detect protection vulnerabilities in programs:

  • Dynamic debuggers. Tools that allow you to debug the program in the process of execution.
  • Static analyzers (static debuggers). Tools that use information accumulated during the static analysis of the program.

Static analyzers indicate those places in the program in which the error is possible. These suspicious snippets of the code can, both contain an error and turn out to be completely safe.

This article proposes an overview of several existing static analyzers. Consider more each of them.

Vulnerability management is identification, assessment, classification and selection of solutions to eliminate vulnerabilities. The fundrament of vulnerabilities is the repository of information about vulnerabilities, one of which is a system of management of vulnerabilities of "prospective monitoring".

Our decision controls the emergence of information about vulnerabilities in operating systems (Windows, Linux / Unix-based), Office and Applied Software, on Equipment, Information Protection Means.

Data sources

The database of the vulnerability management system of "promising monitoring software" is automatically replenished from the following sources:

  • The data bank of the security threats of information (BDA BDI) FSTEC of Russia.
  • National Vulnerability Database (NVD) NIST.
  • Red Hat Bugzilla.
  • Debian Security Bug Tracker.
  • Centos Mailing List.

We also use an automated method of replenishing our vulnerabilities. We have developed a web page traver and a parser of unstructured data that every day analyze more than a hundred different foreign and Russian sources for a number. keywords - Groups in social networks, blogs, microblogging, media dedicated to information technologies and ensuring information security. If these tools find something that satisfies the search terms, the analyst manually checks the information and enters into the base of vulnerabilities.

Control of software vulnerabilities

With the help of the vulnerability management system, developers can monitor the presence and state of detected vulnerabilities in third-party components of their software.

For example, in the Secure Software Developer Life Cycle (SSDLC - Secure Software Development) Company Hewlett Packard ENTERPRISE Control of third-party libraries occupies one of the central places.

Our system tracks the presence of vulnerabilities in parallel versions / builds of one software product.

It works like this:

1. The developer sends us a list of third-party libraries and components that are used in the product.

2. We check daily:

b. Whether the methods of eliminating previously detected vulnerabilities appeared.

3. We notify the developer if the status or scoring has changed, in accordance with the specified role model. This means that different groups of the developers of one company will receive alerts and see the status of vulnerabilities only for the product over which they work.

The frequency of alerts of the vulnerability control system is adjusted arbitrarily, but when vulnerability is detected with CVSS-scoring, more than 7.5 developers will receive an immediate alert.

Integration with ViPnet Tias

The software and hardware complex VIPNET Threat Intelligence Analytics System automatically detects computer Attacks and reveals incidents based on coming from various sources of events information security. The main source of events for VIPNET Tias - VIPNET IDS, which analyzes the incoming and outgoing network traffic using the databases of the decisive rules of Am Rules developing "promising monitoring". Some signatures are written to detect the exploitation of vulnerabilities.

If ViPNet Tias detects an IB incident in which the vulnerability was opened, then all information associated with vulnerability is automatically entered into the incident incident card, including methods for eliminating or compensating for negative impact.

The incident management system helps in the investigations of IB incidents, providing analysts information about compromising indicators and potential affected information infrastructure assembly.

Monitoring availability of vulnerabilities in information systems

Another scenario of using the vulnerabilities management system is to check on demand.

The customer independently forms the scope of the system installed on the node (ARMS, server, DBMS, PAK SHI, network equipment) of system and applied software and components, and receives a report on the vulnerabilities and periodic alerts to the vulnerabilities and periodic alerts about their vulnerabilities. Status.

Differences of the system from common vulnerabation scanners:

  • Does not require the installation of monitoring agents on nodes.
  • Does not create a network load, since the architecture itself does not provide agents and scan servers.
  • Does not create a load on equipment, since the list of components is created by system commands or an open source lightweight script.
  • Eliminates the possibility of leakage information. "Perspective monitoring" cannot learn anything to reliably on the physical and logical location or functional purpose of the node in the information system. The only information that leaves the limits of the controlled perimeter of the customer is the TXT file with a list of software components. This file is checked for maintenance and loaded into the Suu by the customer.
  • We do not need to work the system accounts on controlled nodes. The information is collected by the node administrator on his own behalf.
  • Secure information on VIPNET VPN, IPSec or HTTPS.

Connecting to the management service of vulnerabilities "Perspective Monitoring" helps the Customer to fulfill the requirement of ANZ.1 "Detection, Vulnerability Analysis information system and the operational elimination of newly identified vulnerabilities "orders of the FSTEC of Russia No. 17 and 21. Our company is a licensee of FSTEC of Russia on the technical protection of confidential information.

Cost

The minimum cost is 25,000 rubles per year for 50 nodes connected to the system if there is an existing contract for connecting to