Things I would look for in a new vulnerability detection program
-
Most of my wish list comes from PSI v2
- Categorize programs that have security vulnerabilities separately from those that are just bug fixes and feature updates. Best would be a simple filter. I could look at just security vulnerabilities normally, but would flip a switch to see bug fixes/ feature updates
- scan entire system by default, not just installed programs ( in order to pick up things like portable apps, apps not yet installed, etc)
- ability to scan only selected parts of the file system, should I choose to
- ability to exclude anything signed by Microsoft (or any certificate of my choosing) based on the idea that Microsoft will make any fixed programs available through Windows Update anyway, so I don't really need to be bothered by a vulnerability detection program
- group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want
- flag programs that have built-in auto-update capabilities. I could then choose to white-list them if I wanted to configure them properly to receive updates by themselves.
- ability to see exactly where any program is located in the file system
- ability to "white-list" or ignore any program I want
- ability to send details of any program not currently being monitored to the vulnerability detection company for possible inclusion in an update
- ability to query the vulnerability system to see if any program is included in their detection
- option of having updates installed automatically.
- when an update cannot be installed automatically, guidance in where to go / how to install the required update
- report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.
- automatic scanning once a week with ability to manually call for a scan
- tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"
-
This is awesome suggestions. Much appreciated
-
@ctaylor said in Things I would look for in a new vulnerability detection program:
tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"
Yes, and with changes of colour depending on status.
One thing I liked about PSI, was the system score. A nice big green 100% when all patched. This was a great feature for the non-techies that I help, prompting them to take action when a program had a update required...
-
Below are the key items I would like to see in a security checker replacing PSI:
- Focus on security and end of life status, if you decide to include bug fixes and updates please provide a toggle to filter in/out the bug fixes and updates so security and end of life can be viewed together by themselves
- If initialization takes longer than a few seconds, show a progress bar to indicate program is still initializing and not hung
- Provide security score, it motivates user to get the security fixes installed
- Have a colored ICON in the taskbar that reflects status, ie green is 100% secure, yellow/red security needs attention, grey scan is needed
- Provide a listing of all programs and their status: Program Name, Number Installed, Installed Version, Secure Version, Security Criticality, Status (all similar to PSI v3)
- UI should be GUI not line
- Provide an ignore capability to exclude programs from reporting and put them at the bottom of the program list
- Provide ability to ignore reporting on Microsoft security patches
- Provide ability to have program install security patches as individually requested
- Provide a log of patches installed by the program
- Provide weekly scans automatically and manual scans as requested by user
-
In addition to all the great suggestions above I would like to add the following:
- Secunia keeps things simple by listing items by Program name. I think that is far superior to Sumo's approach which overly complicates matters by listing individual files.
- Some of the files Sumo discovers are drivers. While having VulnDetect discover drivers might be nice in the future, I think a focus on programs in the near term should be the priority
- Secunia includes both an Installed version number and (if different), a Secure version number of each program. The latter is useful for when I need to find the update myself.
- The size of the database of programs VulnDetect can discover will be very important. PatchMyPC's database is far too small to be of any value to me. Secunia detects ~60 items of importance to me (excluding the 32 bit duplicates), whereas PatchMyPC only covers 20.
- Secunia keeps things simple by listing items by Program name. I think that is far superior to Sumo's approach which overly complicates matters by listing individual files.
-
As mentioned by others, my wish is another vote to concentrate on programs where the current version has a security vulnerability. There are many other update managers that list any program with a newer version where many times that newer version is a PAID upgrade), but I'm perfectly happy with the current version and don't see any need to update unless there's a security issue.
And if my version has a security issue, I'd prefer being pointed to the next secure version rather than the newest version, in case that version doesn't require a paid update. (This may be more difficult to automate, so I'm not making it a major priority, just a nice to have.)
-
@VulnDetect su support. I just got here and all my posts are rejected. WTF?
-
@WacoJohn My apologies for this.
Please see this response:
https://vulndetect.org/post/6673