Scanning prompt method and device for software vulnerabilities

Abstract

The invention discloses a scanning prompt method and device for software vulnerabilities. The method comprises the steps of setting vulnerability information and a software name and a version number corresponding to the vulnerability information in a software vulnerability database; monitoring a software installing event of a client operation system registry by a monitoring module, and reading the software name and version number when the monitoring module monitors the installation of the software; comparing the software name of the installed software obtained by read with the software name in the software vulnerability database by a vulnerability scanning module; if the software name of the installed software is in the software vulnerability database, comparing the version number of the installed software obtained by read with the version number corresponding to the software in the software vulnerability database; if the version number of the installed software is in the software vulnerability database, determining the corresponding vulnerability information of the version number; and prompting the vulnerability information determined by the vulnerability scanning module on the client by a prompt module. By using the method and device disclosed by the invention, the security of the newly installed software can be improved, and the calculated amount of vulnerability scanning is reduced.

Description

technical field [0001] The invention relates to the technical field of computer data processing, in particular to a scanning prompt method and device for software loopholes. Background technique [0002] Nowadays, in the computer network environment where viruses are rampant and hackers are everywhere, software security has become a technical issue that has attracted much attention. One of the important problems is the vulnerability in the software system. Often in a seemingly unbreakable software system, just because of a small loophole, the entire security system is easily broken by hackers, and the control of the entire system is completely lost. [0003] The so-called loopholes usually refer to some errors (bugs), defects, etc. in the software, but such bugs and defects are different from bugs in ordinary software testing. Bugs in general software testing refer to functional or logical errors, such as dialog box pop-up errors, system failure to execute certain function...

AI Technical Summary

Problems solved by technology

[0006] But, utilize the security assistant software of prior art, after software is installed on client computer, user can't be informed in time whether this third-party software has loophole

The user can only trigger the scanning and prompting of the software vulnerabilities of the client computer after manually opening the security assistance software and clicking buttons such as vulnerability scanning, or the software vulnerabilities of the client computer are scanned and prompted after the operating system is restarted. Vulnerability scanning prompts for newly installed software have a certain delay, and it is often discovered that the software has vulnerabilities after a long period of time after the newly installed software has been used, and there are many security risks

[0007] In addition, because the timing of the existing security auxiliary software scanning prompts for software vulnerabilities is not timely and accurate, it has no specificity for the scanned objects. Once the scanning prompt function for vulnerabilities is triggered, for the sake of security, it is necessary to All software vulnerabilities on the client are scanned, which consumes a lot of computing resources

Images