Dr.Web uses a special component—Security Auditor—to diagnose the security of your device and help resolving the detected problems and vulnerabilities. The component is enabled automatically when the application is launched for the first time and after registering the license.
Resolving security problems
Dr.Web detects the following security problems:
•System settings that affect device security.
•Hidden device administrators.
•Applications exploiting Fake ID vulnerability.
To open the list of the detected problems (see Figure 45), select Security Auditor on the Dr.Web main screen.
Figure 45. Security Auditor
Vulnerability is a weakness in the source code which allows cybercriminals to impair the correct operation of a system.
Security Auditor detects the following vulnerabilities in the device system: BlueBorne, EvilParcel, Extra Field, Fake ID, Janus, ObjectInputStream Serialization, OpenSSLX509Certificate, PendingIntent, SIM Toolkit, Stagefright, and Stagefright 2.0.
The vulnerabilities allow adding malicious code to some applications, that may result in performing of dangerous functions by these applications and damage the device.
If one or more of these vulnerabilities are detected on your device, check for operation system updates on the official website of your device manufacturer. Recent versions may have these vulnerabilities fixed. If there are no available updates, you are recommended to install applications only from trusted sources.
The device may become vulnerable to different types of threats if it is rooted, i.e. the procedure of rooting has been performed to attain control (known as root access) over the device system. It results in ability to modify and delete system files, that may potentially damage the device. If you rooted your device yourself, rollback the changes for security reasons. If root access is the integral feature of your device or you need it for your everyday tasks, be extremely cautious installing applications from the unknown sources.
Security Auditor detects the following system settings that affects the device security:
•Debugging enabled. USB debugging is intended for developers and allows copying data from PC to the device and vice versa, installing the applications on the device, viewing their logs and deleting them in some cases. If you are not a developer and do not use the debug mode, you are recommended to turn this mode off. To open the corresponding device settings section, select Settings on the screen with detailed information on the problem.
•Installation of apps from unknown sources is enabled. Installing application from unknown sources is one of the main reasons devices running Android get infected. Applications downloaded from elsewhere other than the official market are likely to be unsafe and become a threat to device security. To mitigate risks of installing the unsafe applications, you are recommended to disable application installation from unknown sources. To open the corresponding device settings section, select Settings on the screen with detailed information on the problem. You should also scan for viruses all the applications you install on your device. Before scanning, make sure Dr.Web virus databases are up to date.
•Dr.Web notifications are blocked. In this case, Dr.Web cannot immediately inform you on detected threats. This compromises security of your device. That is why, you are recommended to enable Dr.Web notifications in the settings of your device.
•User root certificate installed. If any user certificates are detected on your device, Security Auditor detects and displays them. Certificates may be used by a third party to monitor your network activity. If you are not aware why these certificates are installed on your device, you are recommended to remove them.
Hidden device administrators
Applications that are activated as device administrators but not shown on the list of administrators on the corresponding section of the device settings cannot be deleted by means of the operation system. Most likely, such applications are potentially harmful for your device.
If you do not know why an application is not displayed in the list of device administrators, you are recommended to delete it from the device. To delete the application, select Delete on the screen with the detailed information on the problem related to this application.
Applications exploiting Fake ID vulnerability
If applications exploiting Fake ID vulnerability have been detected on the device, they will be displayed in the separate Security Auditor category. These applications can be malicious, therefore it is recommended to delete them. To delete the application, select Delete on the screen with the detailed information on the problem related to this application, or use standard OS tools.