Things I would look for in a new vulnerability detection program

CTaylor

Most of my wish list comes from PSI v2

• Categorize programs that have security vulnerabilities separately from those that are just bug fixes and feature updates. Best would be a simple filter. I could look at just security vulnerabilities normally, but would flip a switch to see bug fixes/ feature updates
• scan entire system by default, not just installed programs ( in order to pick up things like portable apps, apps not yet installed, etc)
• ability to scan only selected parts of the file system, should I choose to
• ability to exclude anything signed by Microsoft (or any certificate of my choosing) based on the idea that Microsoft will make any fixed programs available through Windows Update anyway, so I don't really need to be bothered by a vulnerability detection program
• group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want
• flag programs that have built-in auto-update capabilities. I could then choose to white-list them if I wanted to configure them properly to receive updates by themselves.
• ability to see exactly where any program is located in the file system
• ability to "white-list" or ignore any program I want
• ability to send details of any program not currently being monitored to the vulnerability detection company for possible inclusion in an update
• ability to query the vulnerability system to see if any program is included in their detection
• option of having updates installed automatically.
• when an update cannot be installed automatically, guidance in where to go / how to install the required update
• report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.
• automatic scanning once a week with ability to manually call for a scan
• tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"

VulnDetect

This is awesome suggestions. Much appreciated :D

nimo

@ctaylor said in Things I would look for in a new vulnerability detection program:

tray icon that has different states such as "scan not performed in xx days", "programs with zero-day vulnerability detected", "programs with feature updates / bug fixes available"

Yes, and with changes of colour depending on status.

One thing I liked about PSI, was the system score. A nice big green 100% when all patched. This was a great feature for the non-techies that I help, prompting them to take action when a program had a update required...

Alex.Connolly

Below are the key items I would like to see in a security checker replacing PSI:

• Focus on security and end of life status, if you decide to include bug fixes and updates please provide a toggle to filter in/out the bug fixes and updates so security and end of life can be viewed together by themselves
• If initialization takes longer than a few seconds, show a progress bar to indicate program is still initializing and not hung
• Provide security score, it motivates user to get the security fixes installed
• Have a colored ICON in the taskbar that reflects status, ie green is 100% secure, yellow/red security needs attention, grey scan is needed
• Provide a listing of all programs and their status: Program Name, Number Installed, Installed Version, Secure Version, Security Criticality, Status (all similar to PSI v3)
• UI should be GUI not line
• Provide an ignore capability to exclude programs from reporting and put them at the bottom of the program list
• Provide ability to ignore reporting on Microsoft security patches
• Provide ability to have program install security patches as individually requested
• Provide a log of patches installed by the program
• Provide weekly scans automatically and manual scans as requested by user

HempOil

In addition to all the great suggestions above I would like to add the following:

• Secunia keeps things simple by listing items by Program name. I think that is far superior to Sumo's approach which overly complicates matters by listing individual files.
  • Some of the files Sumo discovers are drivers. While having VulnDetect discover drivers might be nice in the future, I think a focus on programs in the near term should be the priority
• Secunia includes both an Installed version number and (if different), a Secure version number of each program. The latter is useful for when I need to find the update myself.
• The size of the database of programs VulnDetect can discover will be very important. PatchMyPC's database is far too small to be of any value to me. Secunia detects ~60 items of importance to me (excluding the 32 bit duplicates), whereas PatchMyPC only covers 20.

BillT52

As mentioned by others, my wish is another vote to concentrate on programs where the current version has a security vulnerability. There are many other update managers that list any program with a newer version where many times that newer version is a PAID upgrade), but I'm perfectly happy with the current version and don't see any need to update unless there's a security issue.

And if my version has a security issue, I'd prefer being pointed to the next secure version rather than the newest version, in case that version doesn't require a paid update. (This may be more difficult to automate, so I'm not making it a major priority, just a nice to have.)

WacoJohn

@VulnDetect su support. I just got here and all my posts are rejected. WTF?

Tom

@WacoJohn My apologies for this.

Please see this response:
https://vulndetect.org/post/6673