You can be practicing perfect online security—using the best VPN as well as top-rated antivirus software—and still need vulnerability scanning. There’s no way that you can keep up with all the malware and computer viruses out there on your own.
Vulnerability scanning apps will automate your security auditing for you by searching for thousands of different security risks. Here are four free vulnerability scanning apps to choose from.
Free vulnerability scanning: Retina CS Community
Retina CS Community from BeyondTrust can handle vulnerability scanning for Microsoft and its third-party applications such as Firefox and Adobe. It supports finding vulnerabilities on:
- Mobile devices
- Private clouds
- Web applications
- Virtual applications.
You can do all these for up to 256 IPs for free.
To use it, you will need:
- Windows Server 2008 or more recent
- Microsoft SQL 2008 or more recent
- The .Net framework 3.5
- IIS servers enabled
You should also know that Retina CS Community does not support installation on small business servers for domain controllers. One of the most useful things about it is that it will support different user profiles. This allows you to change the assessment to suit your job. You can also choose to specify an IP range to be scanned.
This is a free offering from a commercial vendor. If you enjoyed this free version, know that BeyondTrust offers a full version as well. It is not open source like other vulnerability scanning software talked about here. But it will patch and scan up to 256 IPs for free, all while supporting many different devices. Not bad for no money.
Free vulnerability scanning: SecureCheq
You can use Tripwire’s SecureCheq to perform local scans on your Windows servers or desktops. It will identify a number of unsecured advanced Windows settings. This will include COBIT, ISO, and CIS. Its primary role is to focus on the common configuration errors related to:
When you use the free version, you can only do 24 settings at once. The full version though can do four times this number. You will also receive your results and a pass or fail mark. You’ll have to click a link to be sent the references about the vulnerability as well as a summary and repair suggestion.
It is best to use Microsoft Baseline Security Analyzer for basic vulnerabilities and then follow this up with SecureCheq for more advanced threats.
Free vulnerability scanning: OpenVAS
OpenVAS stands for Open Vulnerability Assessment System. This free network security scanner has most of its components licensed under the GNU General Public License. The scanner doesn’t work on Windows machines—only Linux—but it does offer clients for Windows if you need one. Its main component is delivered through a number of Linux packages, or it can be downloaded as a virtual appliance if you want to test it.
OpenVAS’ main component is the security scanner. This is the part that is going to actually scan and receive an updated Network Vulnerability Test feed on a daily basis. At this time, it has more than 33,000 tests to scan your computer.
— Linode (@linode) February 24, 2017
While this vulnerability scanning software is not the quickest to use, it does have the most features, which is particularly notable since it is free. You can:
- Schedule your scans
- Do multiple scans at once
- See false positive management results as well.
The main drawback is that Linux is required for the main component. If you like it, it is part of the Greenbone Network of products so you can upgrade to a more comprehensive paid version.
UPDATE: Microsoft Baseline Security Analyzer has been ended 🙁
You can use this tool to perform remote or local scans on Windows servers and desktops. Microsoft Baseline Security Analyzer can identify:
- Any missing security patches
- Missing service packs
- Common security misconfigurations.
The new Version 2.3 will support:
- Windows 8
- Windows 8.1
- Windows Server 2012
- Windows Server 2012 R2
- Everything down to Windows XP
Microsoft designed this tool to be easy to use and understand. Once you open it, you have the option of selecting a single Windows machine that you want to scan. Simply choose the computer’s name from a list, or you can choose to scan a specific IP address. You can even choose what to scan for, such as:
- Weak passwords
- Windows updates
- SQL administrative vulnerabilities
- IIS administrative vulnerabilities
Once your vulnerability scans are done, you are given separate reports for each machine that you have scanned. They receive an overall security classification as well as details from different categories. If a vulnerability is found, you can click on it to quickly read even more detailed results. Your results are automatically saved so you can refer to them later. You can also print them if you need to.