• Website Malware Scanning vs. Vulnerability Assessment

    These days, computer viruses aren’t the only clear and present danger facing users. Today’s websites feature a vast number of vulnerabilities that make it easy for hackers to hijack and add malicious code. Attacks from malicious code samples including “W32.Downadup” and “W32.Ramnit” can infect visiting machines and compromise confidential data.

    Google’s latest update to its Penguin SEO algorithm places a unique focus on blacklisting and removing websites that have been hacked and infected with malware. But it’s not just efforts from Google to clean up its search engine page results that should have webmasters worried. Compromised websites represent an extreme risk for visitors and customers.

    A vulnerability assessment followed by website malware scanning provides the best measure for identifying and combatting potential security issues that often result in malware takeovers. However, it’s not wise to assume that both solutions are similar to one another, as each one offers a distinct purpose. The key is to understand how both strategies work and where one another lies in terms of online security.


    How Do Vulnerability Assessments Work?

    To the point, vulnerability assessments show you where the weaknesses are on public-facing webpages and server-side infrastructure, including web-based applications and server software. The average website may contain thousands of potential entry points where hackers can access, download, manipulate and even damage data or functionality.

    Vulnerability assessments locate and rectify these weaknesses through the following measures:

    • A regularly scheduled scan for vulnerabilities on websites and network ports
    • Detailed reports identifying both critical vulnerabilities and other lower-risk issues
    • Secondary scans that verify the repair of all vulnerabilities found

    A growing number of third-party vendors offer vulnerability assessment scans under secure software-as-a-service (SaaS) platforms. Used in combination with website malware scanning, webmasters can accurately identify and quickly resolve malware and other critical security issues.

    How Does Website Malware Scanning Fit In?

    The main difference between a vulnerability assessment and website malware scanning involves the end result. Whereas the assessment reveals and reports dangerous lapses in website security that may be exploited, website malware scanning searches for and targets threats that actively compromise the integrity of your website. These threats are later dealt with through the use of common-sense security enhancements including:

    • Removal of all data potentially compromised by malware from the server
    • A review of files time stamped within the past 48 hours
    • FTP account and password changes to thwart hacker activity
    • The addition of vulnerability management tools that block malware in addition to detecting it

    Despite the slightly different goals of both, vulnerability assessments and website malware scanning work hand-in-hand to keep your website safe from malware, exploits and viruses.