Computer networks offer users ease and efficiency in exchanging information. Computer networks are typically comprised of integrated servers, routers, terminals and other components, interoperating and sharing information. Such networks manage a growing list of a variety of needs including transportation, commerce, energy management, communications, and defense.
Unfortunately, the very interoperability and sophisticated integration of technology that make computer networks such valuable assets also make them vulnerable to attack, and make dependence on networks a potential liability. Numerous examples of planned network attacks, such as viruses, worms, and spyware have shown how interconnectivity can be used to spread harmful program code. In addition, public or open network architectures, such as the Internet, permit hackers to have access to information on many different computers. These malicious attackers attempt to gain access to messages generated by a user's computer and to the resources of the user's computer, as well as to use knowledge regarding the operations of the protocol stack and operating systems of users' computers in an effort to gain access to their computers without authorization. Such illicit activity presents a significant security risk to any computer coupled to a network where a user for one computer may attempt to gain unauthorized access to resources on another computer of the network. Furthermore, organized groups have performed malicious and coordinated attacks against various large online targets.
When assessing the security posture of an endpoint device such as a computer terminal or workstation, scanning software is used to conduct tests for the existence of software components containing object code vulnerable to malicious attacks. For such security assessments, there are two methods for the runtime deployment of such scanning software. The first method is when the scanning software is deployed using a server in a client-server architecture. In this type of deployment, the scanning software conducts a network-based assessment of the target system, with minimum or no new software installed on the endpoint computer device. Such a technique may be known as remote scanning. The second method is when the scanning software is deployed locally on the target system. In this type of deployment, the entire scanning software is a “thick client” installed on the local device that contains the scanning engine. Such a technique may be known as local scanning.
There are advantages and disadvantages associated with both methods of scanning. The primary advantage of remote scanning is that it does not require additional software to be installed on the target local system. On the other hand, local scanning requires dedicated IT resources for managing the deployment and updates of client software on the endpoint devices. The coverage and accuracy of vulnerability detection using local scanning tends to be better than with remote scanning. Typically, in order to achieve the same level of effectiveness with remote scanning, a network-based scanner requires credentialed access via an open firewall rule on the end-point device. Accordingly, what is needed is a technique for scanning and detecting vulnerabilities on local computer devices having the effectiveness of local scanning engines installed on the local devices, but without the requirement of dedicating resources for deploying, managing and updating the client software for each computer to be scanned.