IPB

Welcome Guest ( Log In | Register )

> Vulnerabilities and Wizards
Lucian Bara
post 11.05.2008 21:31
Post #1


True legend
***************

Group: Moderators
Posts: 53521
Joined: 28.01.2006
From: Timisoara, Romania




Vulnerabilities
One thing that should be cleared up before we start: These are not malware and these are not false positives.

So what are they?
Starting with the 2009 series Kaspersky Products include a new feature which allows scanning for vulnerable applications. Vulnerable applications are applications with security holes. There are two situations where you can encounter such applications:
  • outdated software (Office, Java, Flash, Quick Time are likely candidates)
  • vulnerable versions of a program dropped by malware to use as a backdoor (but that's in probably 1 case out of 10000, mostly it's just because you haven't updated them).
The vulnerability scan runs during the full scan and at the end the vulnerabilities are displayed in the Detected list together with an URL for details and a threat level. you can access the detected list by clicking the button in the lower right corner of the main window. This will bring up the detected list.
By right clicking the entry and choosing "Go to description" you can visit the viruslist web page which has details on that vulnerability including download links for the product. If the page is unavailable or if the download link isn't good, don't hesitate to open a new topic on the forum and ask.

Mostly you can just install that on top of the existing application. An exception to that rule is Java which you should remove through Add/Remove programs before installing the new version (it may appear more then once in the list).
After you update your application you need to run another scan to make sure the vulnerability is gone. A popup will ask you if you want to clear the list of vulnerabilities when running a full scan. So far there is no such think as a quick scan for the singular application, it may be implemented later.

Why update?
There are a lot of security holes in programs you use on your pc, these can range from moderate ones to highly critical ones which allow malicious remote users to access your PC. The producers create patches or updates to fix those security holes however not all users want to install them (they ignore the update now messages or the application doesn't have an update capability or a way to notify the user that a new version is available).

I am still getting detection, but i updated the program
First take a look if the detection didn't change (does it still go to the same page when you choose to view the description?). Second, where is the file located?
In some cases Temporary files or installer caches maybe detected. If it's the first you can clean your temporary folder. If, however, it is a installer cache or install kit you should leave it alone. You can create an exclusion for the package.

Exclude an application from a vulnerability
If you want to do that for some particular reason you can do it by right clicking the entry and choosing "add to exclusions", in the next window click ok. This is shown in this example:



However excluding it isn't recommended, you should update it.

This post has been edited by Lucian Bara: 5.03.2009 23:53


--------------------
Go to the top of the page
 
+Quote Post

Posts in this topic


Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 9.02.2010 16:49