Death Inc

Came across this software this morning.

It is supposed to check for software that is vulnerable to malicious attacks.

Does anyone have any experience with it or recommendations?


http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Sorry Bageled - no experience with this one. Reminds me a bit like Kaseya though at a quick glance.

it's just patch manangement, knows what software is installed on a network patches for you if it can tell you what you need to do if it can't... works in large corps, possibly not necessary for a small business like yours.

Yeah I wouldn't worry about this for a small company, just keep your antivirus and microsoft/java/flash/acrobat/web browser patches up to date from the internet and you'll be right. I assume a business of your size isn't running any publicly accessible services from its office internet connection.

Do you have any PLC's to control your printers or other industrial equipment attached to your network? They're a bigger worry as they are usually never updated or patched, ever, for fear it will break something. This thing will probably just go berserk when it sees those.

PLC's are normally not updateable the software version is fixed in rom. and only respond to very specific commands and not to broad cast requests. most companies dont have people with skills to work on them so yes they would be terrified of causing a crash because they don't have program backups or the passwords and could not load them if they did. the guys that do charge a lot, and rewriting a machine program can take ages, but programs can not be changed if they are password protected. a lot of the time even the manufacturer can not extract a password from a protected file. very annoying programs with password

I use secunia PSI on my machines since its free and pretty good at autopatching outdated software.

While this is true, if the PLC talks TCP/IP and its on the network then it can be molested in a variety of ways. If it has a 10 year old TCP/IP stack then it vulnerable to a variety of exploits regardless of whatever control protocol it uses.

I've seen machines crash when scanned with a vulnerability scanner program, and obviously on a factory floor that could spell disaster if that machine is controlling something important on a busy day.

Stuff like that should really be on a segregated network (preferably with an air gap) but in reality this doesn't happen as much as it should.

Look up the stuxnet virus if you want to read about some malware that specifically targets certain types of PLCs and SCADA systems.