Dr.Web uses a special component—Security Auditor—to diagnose the security of your device and helps resolve the detected problems and vulnerabilities. The component is enabled automatically when the application is launched for the first time and after registering the license.
Resolving security problems
Dr.Web detects the following security problems:
•System settings that affects the device security.
•Applications exploiting Fake ID vulnerability.
To open the list of the detected problems, select Security Auditor on the Dr.Web main screen.
Figure 45: Security Auditor
Vulnerability is a weakness in the source code which allows cybercriminals to impair the correct operation of a system.
Security Auditor detects the following vulnerabilities in the device system: BlueBorne, EvilParcel, Extra Field, Fake ID, Janus, ObjectInputStream Serialization, OpenSSLX509Certificate, PendingIntent, SIM Toolkit, Stagefright, and Stagefright 2.0.
The vulnerabilities allow adding malicious code to some applications, that may result in performing of dangerous functions by these applications and damage the device.
If one or more of these vulnerabilities are detected on your device, check for operation system updates on the official website of your device manufacturer. Recent versions may have these vulnerabilities fixed. If there are no available updates, you are recommended to install applications only from trusted sources.
The device may become vulnerable to different types of threats if it is rooted, i.e. the procedure of rooting has been performed to attain control (known as root access) over the device system. It results in the ability to modify and delete system files, which may potentially damage the device. If you rooted your device yourself, it is recommended that you roll back the changes for security reasons. If root access is an integral feature of your device or you need it for your everyday tasks, be extra cautious when installing applications from unknown sources.
Security Auditor detects the following system settings that affect the device security:
•Debugging enabled. USB debugging is intended for developers and allows to copy data from a computer to the Android-powered device and vice versa: install applications on the device, view their logs, and delete them in some cases. If you are not a developer and do not use the debug mode, it is recommended to turn this mode off. To open the corresponding device settings section, select Settings on the screen with detailed information on the problem.
•Installation of apps from unknown sources is enabled. Installation of applications from unknown sources is one of the main reasons devices running Android get infected. Applications downloaded from elsewhere other than the official market are likely to be unsafe and become a threat to device security. To mitigate the risks of installing unsafe applications, it is recommended to disable installation of applications from unknown sources. To open the corresponding device settings section, select Settings on the screen with detailed information on the problem. All applications you install on your device should be scanned for threats. Before scanning, make sure the Dr.Web virus databases are up to date.
•Dr.Web notifications are blocked. In this case, Dr.Web cannot immediately inform you on detected threats. This compromises the security of your device. That is why it is recommended to enable Dr.Web notifications in the settings of your device.
•User certificate installed. If any user certificates are found on your device, Security Auditor detects and displays them. Certificates may be used by a third party to monitor your network activity. If you do not know why these certificates are installed on your device, it is recommended to remove them.
Applications exploiting Fake ID vulnerability
If applications exploiting the Fake ID vulnerability are detected on the device, they will be displayed in a separate Security Auditor category. These applications can be malicious, which is why it is recommended that you delete them. To delete the application, select Delete on the screen with the detailed information on the problem related to this application, or use the standard OS tools.