Things I would look for in a new vulnerability detection program

  • Most of my wish list comes from PSI v2

    • Categorize programs that have security vulnerabilities separately from those that are just bug fixes and feature updates. Best would be a simple filter. I could look at just security vulnerabilities normally, but would flip a switch to see bug fixes/ feature updates
    • scan entire system by default, not just installed programs ( in order to pick up things like portable apps, apps not yet installed, etc)
    • ability to scan only selected parts of the file system, should I choose to
    • ability to exclude anything signed by Microsoft (or any certificate of my choosing) based on the idea that Microsoft will make any fixed programs available through Windows Update anyway, so I don't really need to be bothered by a vulnerability detection program
    • group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want
    • flag programs that have built-in auto-update capabilities. I could then choose to white-list them if I wanted to configure them properly to receive updates by themselves.
    • ability to see exactly where any program is located in the file system
    • ability to "white-list" or ignore any program I want
    • ability to send details of any program not currently being monitored to the vulnerability detection company for possible inclusion in an update
    • ability to query the vulnerability system to see if any program is included in their detection
    • option of having updates installed automatically.
    • when an update cannot be installed automatically, guidance in where to go / how to install the required update
    • report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.
    • automatic scanning once a week with ability to manually call for a scan
    • tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"

  • As mentioned by others, my wish is another vote to concentrate on programs where the current version has a security vulnerability. There are many other update managers that list any program with a newer version where many times that newer version is a PAID upgrade), but I'm perfectly happy with the current version and don't see any need to update unless there's a security issue.

    And if my version has a security issue, I'd prefer being pointed to the next secure version rather than the newest version, in case that version doesn't require a paid update. (This may be more difficult to automate, so I'm not making it a major priority, just a nice to have.)

  • In addition to all the great suggestions above I would like to add the following:

    • Secunia keeps things simple by listing items by Program name. I think that is far superior to Sumo's approach which overly complicates matters by listing individual files.
      • Some of the files Sumo discovers are drivers. While having VulnDetect discover drivers might be nice in the future, I think a focus on programs in the near term should be the priority
    • Secunia includes both an Installed version number and (if different), a Secure version number of each program. The latter is useful for when I need to find the update myself.
    • The size of the database of programs VulnDetect can discover will be very important. PatchMyPC's database is far too small to be of any value to me. Secunia detects ~60 items of importance to me (excluding the 32 bit duplicates), whereas PatchMyPC only covers 20.

  • Below are the key items I would like to see in a security checker replacing PSI:

    • Focus on security and end of life status, if you decide to include bug fixes and updates please provide a toggle to filter in/out the bug fixes and updates so security and end of life can be viewed together by themselves
    • If initialization takes longer than a few seconds, show a progress bar to indicate program is still initializing and not hung
    • Provide security score, it motivates user to get the security fixes installed
    • Have a colored ICON in the taskbar that reflects status, ie green is 100% secure, yellow/red security needs attention, grey scan is needed
    • Provide a listing of all programs and their status: Program Name, Number Installed, Installed Version, Secure Version, Security Criticality, Status (all similar to PSI v3)
    • UI should be GUI not line
    • Provide an ignore capability to exclude programs from reporting and put them at the bottom of the program list
    • Provide ability to ignore reporting on Microsoft security patches
    • Provide ability to have program install security patches as individually requested
    • Provide a log of patches installed by the program
    • Provide weekly scans automatically and manual scans as requested by user

  • @ctaylor said in Things I would look for in a new vulnerability detection program:

    tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"

    Yes, and with changes of colour depending on status.

    One thing I liked about PSI, was the system score. A nice big green 100% when all patched. This was a great feature for the non-techies that I help, prompting them to take action when a program had a update required...

  • This is awesome suggestions. Much appreciated 😄

Log in to reply