KSC
This is the continuation of the previous blog about the Kaspersky Security Center functionality, and Software Assistant feature, in particular. The first part is available here.
Vulnerability search in the installed software
Vulnerability search includes listing installed software. After this list is compiled, Network Agent checks the versions of the installed software’s executable files. Version numbers are compared against the constantly updated vulnerability database and a report on the known vulnerabilities is compiled. Besides that, KSC is able to update the operational system via a Windows Update.
After receiving the report, the administrator can launch a task to install updates.
Updating software
After the list of applications and their executables is compiled, an administrator can set the task to update all of the vulnerable software or those for which updates exist.
The database contains information and links to all released updates and patches. The download and installation process consists of several stages:
– EULA check. KSC will download and display EULA for an updated application which the administrator should read and agree to its terms by pressing “Accept All” button.
– Choosing update files. There are different ways to update an application: sometimes one has to download a chain of consecutive updates, sometimes it is possibile to use a cumulative collection of the required fixes. By default KSC chooses the shortest chain which contains the maximum numbers of cumulative patches. This can be useful if a new vulnerability, absent from older versions of the software, is discovered in the lastest version.
– Silent mode settings. In a case of installing updates to a multitude of software or PCs the traditional method – with the installation window displayed on the endpoint device, choosing options, users pressing keys to continue – will be less than comfortable. The best option here is ‘silent mode’ with installation passing undetected for the end user and requiring no action from him or from administrator. In some cases silent mode is launched by special installation keys or an administrator can write a script which would execute all the actions necessary for the installation. KSC also acquires this information from the database.
– Process halting. In most cases programs being updated need to be halted. KSC must know the program’s process name. Information about it is acquired from the database or administrator enters the process’ name by hand. A Network Agent informs the user that the process is going to be terminated in order to install updates.
– Error codes identification. After installation is completed the installation package may return an error code, which KSC uses to determine the update results. This information is acquired from the database.
– Identifying update rollback settings and deinstallation keys. Administrators may have to rollback updated software to an earlier version (in case there is a critical vulnerability discovered in the newer one). This information is acquired from the database.
– Installation of the updates and results verification. KSC provides an administrator with a report of the ultimate results.
Kaspersky Security Center’s possibilities are not restricted to network software management alone. KSC is also capable of managing mobile devices (Mobile Devices Management functions) we wrote earlier, and remote OS Deployment, which will be soon described here: http://securelist.com.
Tips