Contacts      About the site
home Mozilla Firefox

Vulnerable programs. Intelligent Scan. Managing Smart Scan Settings

At startup intelligent scanning Avast will check your PC for the following types of problems and then offer suggestions to fix them.

  • Viruses: files containing malicious code that can affect the security and performance of your PC.
  • Vulnerable software: Programs that need to be updated and can be used by attackers to gain access to your system.
  • Browser extensions with a bad reputation: Browser extensions that are usually installed without your knowledge and affect system performance.
  • Weak passwords: passwords that are used to access more than one online account and can be easily hacked or compromised.
  • Network Threats: Vulnerabilities in your network that could allow attacks on your network devices and router.
  • Performance Issues: objects ( junk files and applications, settings related issues) that may prevent your PC from working.
  • Conflicting antiviruses: antivirus software installed on the PC with Avast. Having multiple antivirus programs slows down your PC and reduces the effectiveness of your antivirus protection.

Note. Certain issues detected by Smart Scan may require a separate license to resolve. Detection of unnecessary problem types can be disabled in .

Solving problems found

A green check next to the scan area indicates that no issues were found related to it. A red cross means that the scan has identified one or more related issues.

To view specific details about the issues found, click solve everything. Smart Scan shows details of each issue and offers the option to fix it immediately by clicking the item Solve, or do it later by clicking Skip this step.

Note. Antivirus scan logs can be seen in the scan history , which can be accessed by selecting Protection Antivirus.

Managing Smart Scan Settings

To change the Smart Scan settings, select Settings General Smart Scan and specify which of the listed types of problems you want to run a Smart Scan for.

  • Viruses
  • Outdated Software
  • Browser add-ons
  • Network Threats
  • Compatibility Issues
  • Performance Issues
  • Weak passwords

By default, all types of issues are enabled. To stop checking for a specific problem when performing a smart scan, click the slider Included next to the issue type so that it changes the status to Turned off.

Click Settings next to the inscription Scanning for viruses to change scan settings.

In some cases, the occurrence of vulnerabilities is due to the use of development tools of various origins, which increase the risk of sabotage-type defects in the program code.

Vulnerabilities appear due to the addition of third-party components or freely distributed code (open source) to the software. Other people's code is often used "as is" without thorough analysis and security testing.

It should not be ruled out that there are insider programmers in the team who deliberately introduce additional undocumented functions or elements into the product being created.

Classification of software vulnerabilities

Vulnerabilities arise as a result of errors that occur during the design or writing of program code.

Depending on the stage of appearance, this type of threat is divided into design, implementation and configuration vulnerabilities.

  1. Design errors are the most difficult to detect and correct. These are inaccuracies of algorithms, bookmarks, inconsistencies in the interface between different modules or in protocols for interacting with the hardware, the introduction of suboptimal technologies. Their elimination is a very time-consuming process, also because they can appear in non-obvious cases - for example, when the amount of traffic is exceeded or when a large amount of additional equipment is connected, which complicates the provision of the required level of security and leads to the emergence of ways to bypass the firewall.
  2. Implementation vulnerabilities appear at the stage of writing a program or introducing security algorithms into it. These are incorrect organization of the computational process, syntactic and logical defects. However, there is a risk that the flaw will lead to buffer overflows or other kinds of problems. Their discovery takes a long time, and the elimination involves fixing certain sections of the machine code.
  3. Hardware and software configuration errors are very common. Their common causes are insufficient quality development and the lack of tests for the correct operation of additional functions. Passwords that are too simple and left unchanged can also be included in this category. Accounts default.

According to statistics, vulnerabilities are most often found in popular and widespread products - desktop and mobile. operating systems, browsers.

Risks of using vulnerable programs

The programs in which the largest number of vulnerabilities are found are installed on almost all computers. On the part of cybercriminals, there is a direct interest in finding such flaws and writing for them.

Since quite a long time passes from the moment a vulnerability is discovered to the publication of a fix (patch), there are a fair number of opportunities to infect computer systems through security holes in the program code. In this case, the user only needs to open, for example, a malicious PDF file with an exploit once, after which the attackers will gain access to the data.

Infection in the latter case occurs according to the following algorithm:

  • The user receives e-mail a phishing email from a trusted sender.
  • The file with the exploit is attached to the letter.
  • If the user attempts to open a file, then the computer is infected with a virus, trojan (encryptor) or other malware.
  • Cybercriminals gain unauthorized access to the system.
  • Valuable data is being stolen.

Research conducted by various companies (Kaspersky Lab, Positive Technologies) shows that there are vulnerabilities in almost any application, including antiviruses. Therefore, the probability of setting software, containing flaws of varying degrees of criticality, is very high.

To minimize the number of gaps in the software, it is necessary to use SDL (Security Development Lifecycle, secure development life cycle). SDL technology is used to reduce the number of bugs in applications at all stages of their creation and support. Thus, when designing software, information security specialists and programmers model cyber threats in order to find vulnerabilities. During programming, automatic tools are included in the process, immediately reporting potential flaws. Developers aim to significantly limit the features available to unverified users, which helps to reduce the attack surface.

To minimize the impact of vulnerabilities and damage from them, you must follow some rules:

  • Quickly install developer-released fixes (patches) for applications or (preferably) enable automatic update mode.
  • If possible, do not install dubious programs whose quality and technical support are questionable.
  • Use special vulnerability scanners or specialized functions of antivirus products that allow you to search for security errors and update software if necessary.

Another way to look at this problem is that companies need to respond quickly when an application has a vulnerability. This requires that the IT department be able to definitively track installed apps, components and patches using automation tools and standard tools. There is an industry effort to standardize software tags (19770-2), which are XML files installed with an application, component, and/or patch that identify the installed software, and in the case of a component or patch, which application they are part of. The tags have publisher authority information, version information, a list of files with a filename, a secure file hash, and a size that can be used to confirm that the installed application is on the system and that the binaries have not been modified by a third party. These labels are digitally signed by the publisher.

When a vulnerability is known, IT departments can use their asset management software to immediately identify systems with vulnerable software and can take steps to update systems. Tags can be part of a patch or update that can be used to verify that a patch has been installed. In this way, IT departments can use resources such as the NIST National Vulnerability Database as a means of managing their asset management tools so that once a vulnerability is submitted by a company to NVD, IT can immediately compare new vulnerabilities with theirs. by now.

There is a group of companies working through an IEEE/ISTO non-profit called TagVault.org (www.tagvault.org) with the US government on a standard implementation of ISO 19770-2 that will enable this level of automation. At some point these tags corresponding to this implementation will most likely be mandatory for software sold to the US government at some point in the next couple of years.

So in the end, it's good practice not to post what apps and specific software versions you're using, but that can be difficult, as previously stated. You want to make sure you have an accurate, up-to-date software inventory, that it is regularly compared against a list of known vulnerabilities such as NVD's NVID, and that the IT department can take immediate action to remediate the threat. This, along with the latest discovery Intrusions, anti-virus scanning, and other medium blocking methods will at the very least make it very difficult to compromise your environment, and if/when it does, it won't be detected for a long period of time.

Currently, a large number of tools have been developed to automate the search for software vulnerabilities. This article will discuss some of them.

Introduction

Static code analysis is a software analysis that is performed on the source code of programs and is implemented without actually executing the program under study.

The software often contains various vulnerabilities due to errors in the program code. Errors made in the development of programs, in some situations, lead to a crash of the program, and therefore, the normal operation of the program is disrupted: in this case, data is often changed and corrupted, the program or even the system stops. Most of the vulnerabilities are related to incorrect processing of data received from the outside, or insufficiently strict verification of them.

To identify vulnerabilities, various tools are used, for example, static analyzers of the source code of the program, an overview of which is given in this article.

Classification of security vulnerabilities

When the requirement for the correct operation of the program on all possible input data is violated, the emergence of so-called security vulnerabilities (security vulnerability) becomes possible. Security vulnerabilities can cause one program to be used to overcome the security limitations of the entire system as a whole.

Classification of security vulnerabilities depending on software errors:

  • Buffer overflow. This vulnerability occurs due to the lack of control over the out-of-bounds array in memory during program execution. When a data packet that is too large overflows the limited buffer, the contents of extraneous memory cells are overwritten, and the program crashes and crashes. By the location of the buffer in the process memory, buffer overflows are distinguished on the stack (stack buffer overflow), heap (heap buffer overflow) and static data area (bss buffer overflow).
  • Vulnerabilities "tainted input" (tainted input vulnerability). Corrupted input vulnerabilities can occur when user input is passed without sufficient control to an interpreter of some external language (usually a Unix shell or SQL language). In this case, the user can specify input data in such a way that the launched interpreter will execute a completely different command than that intended by the authors of the vulnerable program.
  • Format string vulnerability. This type The security vulnerability is a subclass of the "corrupted input" vulnerability. It arises from insufficient parameter control when using the format I/O functions printf, fprintf, scanf, etc. of the C standard library. These functions take as one of the parameters a character string that specifies the input or output format for subsequent function arguments. If the user can set the formatting type himself, then this vulnerability could result from a failed application of string formatting functions.
  • Vulnerabilities as a result of synchronization errors (race conditions). Problems associated with multitasking lead to situations called "race conditions": a program not designed to run in a multitasking environment may believe that, for example, the files it uses when running can not be changed by another program. As a result, an attacker who replaces the contents of these working files in time can force the program to perform certain actions.

Of course, in addition to those listed, there are other classes of security vulnerabilities.

Overview of existing analyzers

The following tools are used to detect security vulnerabilities in programs:

  • Dynamic debuggers. Tools that allow you to debug a program while it is running.
  • Static analyzers (static debuggers). Tools that use the information accumulated during the static analysis of the program.

Static analyzers indicate those places in the program where an error might be found. These suspicious code snippets can either contain a bug or be completely harmless.

This article provides an overview of several existing static analyzers. Let's take a closer look at each of them.

Share with friends or save for yourself:

Loading...
Recommended related articles
What is an EFI system or UEFI partition?
What is an EFI system or UEFI partition?
What happened to Linkedin?
What happened to Linkedin?
What is Skype Who invented Skype
What is Skype Who invented Skype