Windows vulnerability scanners?

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
hello friends:)
I'm searching for Windows Vulnerability Scanner tools...
I know some but they are outdated or useless(Protector Plus, Secunia psi, Heimdal free,...)
I'm searching for smth like Vulnerability Scan in Kaspersky Total Security but can't find any:/
i found one:
Nessus Home
anyone know about this tool?

if you know more please tell me.:p
 
Last edited:
  • Like
Reactions: ZeroDay

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Vulnerability scanners are good, but at the end of the day, if you follow just these 3 rules, they're useless for the regular user:
  1. Always update your software (OS, firmware, apps, etc.)
  2. Limit your internet footprint and internet facing software as much as you can
  3. Before allowing inbound access to anything, google search for security best practices for that something you allowed
Vulnerability scanners will almost always find something vulnerable in your system(s) from any scanning direction, and you will almost always get alerts. If you follow these 3 rules, those alerts will me extremely subjective in most of the cases. Besides this, the scanner's database has to be updated regularly, and only commercial and extremely expensive ones are somehow valuable (but still subjective).

Vulnerability scanners are used mostly in enterprise environments with a very well defined scope, not in particular for fixing vulnerabilities, but mostly for regulatory compliance and certification. Anything else is just marketing in most cases.

They have an advantage though: you can learn a lot of things while using them.
 
Last edited:

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
hello thnx for your explanations:)
I know about these 3 rules but I wanted more:p
you are right they are expensive.
I found some... but as u said its not for home users
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
@public enemy Heimdal prevents vulnerabilities and doesn't not scan them (except that it looks after the vulnerable programs).
If you are looking for just a vulnerability 'scanner', here's one you'll like:
Kaspersky Security Checker. It made its debut a few months back and scans for everything the Vulnerability scanner in KIS does (including a quick system scan).
However, it will only product the report and list the findings. The fixes are to be carried out on your own.
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
Vulnerability scanners are used mostly in enterprise environments with a very well defined scope, not in particular for fixing vulnerabilities, but mostly for regulatory compliance and certification. Anything else is just marketing in most cases.

+1
These tools are useless for a regular user.
Just keep your OS updated and your AV signatures up-to-date.
 

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
I know Heimdall (free) is only software updater that's why I said it's useless
thank yo very much mate:)that's what I wanted.
I will DW it
 
  • Like
Reactions: MWNu72 and Parsh

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
I know Heimdall (free) is only software updater that's why I said it's useless

Software updaters are not useless my friend :)
Actually, they are the most valuable anti-vulnerability tools a user can have.

Updates mean (from a security pov):
  1. Fix or disable known vulnerabilities
  2. Postpone the exploit of new possible vulnerabilities introduced (even old ones) and hopefully they get fixed by the time they are discovered with a new update
I do highly recommend the use of such tools!
 

Sunshine-boy

Level 28
Thread author
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
I'm using Secunia psi for updating vulnerability software's like adobe,... I said useless cuz they only update your software's ..and path them
but I wanted different thing and that's Kaspersky Security Checker:D
and that's why(results from Kasper):
Process response timeout is out of admissible values

If a timeout is too brief, it will cause applications to appear frozen. Too lengthy a timeout will prevent truly frozen applications from being recognized as such. This may lead to data loss or malfunction of applications in the future.

This problem is usually caused by active malware.

Fixed

Autorun from hard drives is allowed

Some malware replaces the autorun.inf file and copies itself to all available hard disks. This allows an attacker to gain control over the system and user data. When one of the disks is connected to the computer where autorun from the disk is enabled, the malware is executed.

Fixed

Autorun from network drives is enabled

Some types of malware reproduce by copying network drives using the autorun.inf file. This allows an attacker to gain control over the system and user data.

Fixed

CD/DVD autorun is enabled

Some malware and adware is executed automatically from CDs or DVDs when these discs are inserted. This allows an attacker to gain control over the system and user data.

Fixed

Removable media autorun is enabled

Due to the proliferation of removable media, many malicious programs use autorun for distribution and infection. Thus, removable media refers not only to flash drives, but also mobile phones, cameras, card readers, and other devices that use memory cards that connect to a USB port.

Fixed

Microsoft Internet Explorer: caching data received via protected channel is enabled

An attacker that takes control of a system can access confidential user data stored in the cache (email messages, personal data, information from Internet banking websites, and so forth), as well as find out the sites visited by the user.

Fixed

Microsoft Internet Explorer: sending error reports is enabled

In addition to reporting error information, information about user computers can also be reported. Interception of this information can allow a successful attack on a user computer.

Fixed

Microsoft Internet Explorer: some websites saved cookies on your computer

An attacker that takes control of a system can access confidential user data stored in cookies (email messages, personal data, information from Internet banking websites, and so forth), as well as find out the sites visited by the user.

Fixed

Microsoft Internet Explorer: cache autocleanup is disabled on browser exit

An attacker that takes control of a system can access confidential user data stored in the cache (email messages, personal data, information from Internet banking websites, and so forth), as well as find out the sites visited by the user.
 
Last edited by a moderator:
  • Like
Reactions: MWNu72

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I know Heimdall (free) is only software updater that's why I said it's useless
thank yo very much mate:)that's what I wanted.
I will DW it
@Amelith Nargothrond says the most neglected security truth!
What AVs can't do, patching with updates does.
But if your concern is more than just application vulnerabilities, scanners like KSC can help once (because most of the things it detects are one time setting, except that some important configurations are altered after the scan.. Then a scan once in some weeks/months is fine).
Rest lies in prevention based on care and knowledge of these things.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Thank You for mentioning KSC,
it is a Nice tool indeed and I have not tried it before! :)
I also like AVZ a lot, have You tried it before? :
Download / Скачать
It looks like an anti-spyware plus an anti-trojan ware with more features than basic scanning. Still, a lot of the basis of different provisions mentioned here is based on known signatures/Detections, the site rank (1.6M), and the utility ain't much known. I think a lot of what AV suites do internally is explicitly mentioned in the AVZ description.
How effective has this been for you? I'll give it a try.
 
  • Like
Reactions: MWNu72

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top