How to catch what is not. Part Five, Fraction Two: What you need to know to purchase a certified product. FAQ
No matter how sad it is, and no matter what we think about the possibility of not using certified protective equipment, the situation almost completely coincides with the well-known approach: “You do not agree with the results of the test? Your right! For now, we will block your accounts. ” Therefore, sooner or later (and for government agencies and companies that need to ensure the protection of state secrets - always) you have to contact vendors for the appropriate software. And here the most interesting begins.
Do you think that we are asked? For those who have encountered, the answer is not a riddle: "We need a certified product." For those who do not know, such a request actually corresponds to the famous joke: “Petka, device! 45! What is 45? And what about the device? "
But let's not complain! Your attention is invited to a list of typical rakes, which are attacking customers who want to use certified anti-virus tools.
Attention! Despite the fact that the rules of certification, delivery and service are the same for all companies operating in the market, minor variations are possible in the composition of certified versions, level of certification, etc. In this connection, everywhere where specific cases are mentioned, the name of the company is indicated. The fact is that the delivery of certified products is possible only in a box and, accordingly, the author was unable to touch all the boxes of all suppliers with his hands. If Habrazhiteli find an error or point to a different approach for a company, the corresponding corrections will be gratefully accepted and included in the article.
')
We need a certified product!
Unfortunately, the supplier does not say anything. Doctor Web has the entire product line certified (http://company.drweb.ru/licenses_and_certificates/?lng=ru), Kaspersky Lab has individual products (http://www.kaspersky.ru/about/why/ certificates / certificates-government), other vendors, as a rule, are certified by one, the best-selling product. Dr.Web certifies all products at the maximum level, Kaspersky Lab certifies to different levels for different products, other vendors certify products at the minimum required level. And so on.
What information should the customer provide to the supplier in order not to overshoot (the supplier can supply anything, but the customer is unlikely to be happy when he realizes during the deployment that the product he bought does not work)?
Do you have a product certified to the requirements of 152-FZ?
The most popular question, which at one time began, continued and ended the working day.
Federal Law 152-FZ does not contain requirements for products and therefore a product cannot be certified for compliance with this law! The myth started by the company Eset. The company "Kaspersky Lab" instantly released a refutation. The Doctor Web has done the same. But the myth has already healed its life. As a result, all companies had to receive letters from the FSTEC that such and such a product could be used ... right up to K1.
Now the flow of such requests has come to naught, but I have included the question in the list as an example of how myths are simply created.
How to find out about the availability of certified solutions?
A complete list of certified solutions is posted on the website of the certifying organization. So, for the Federal Service for Technical and Export Control (FSTEC of Russia) the list is in the section "Documents on certification of information protection means and certification of information objects for information security requirements" (http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty -po-sertifikatsii / 153-sistema-sertifikatsii).
Why is your product not in the registry?
The FSTEC register of certified GIS information is entered every three months. Let's say the next update of information on certified GIS will be in December. Thus, if a company receives a certificate or renews it - information about this event may not be officially available for up to three months.
I want a certified version! / Why are you in the release of the product version xxx, and yyy certified?
Certification is not only a very expensive thing, but also a very long one. To obtain basic certificates - FSTEC and the FSB - it takes at least six months. And even eight months. At the same time, the completion of certification does not mean that the certificate itself will appear in the company - this also takes time. Bureaucracy s.
Often, product certification ends when the next, much more functional and effective version comes to an end. As a result, it is quite possible that users of the certified version receive less security than with the non-certified version.
Why you do not have a certificate for MO on your site?
Certificates of the Ministry of Defense of the Russian Federation are not posted on the site due to the fact that they have the status of chipboard documents. Certified copies of these certificates are available upon official request.
And we found a vulnerability! We want an updated version!
The release of the updated certified version is possible only through the Inspection Control procedure. In terms of this is about three months and also costs a lot of money. Therefore, Inspection control in the life of a certified product is an infrequent thing.
At one time, FSTEC developed a draft order on the procedure for updating certified products, which theoretically made it possible to simplify this procedure. But the level of problems introduced by the document, apparently, surprised even the specialists familiar with our standardization.
I want at the same time a certificate of FSTEC and FSB!
Naturally, the same products are left for certification, but there are nuances. For example, products certified according to the requirements of FSTEC can be supplied by almost any company, and they are updated from the usual update zones controlled by the vendor. And in the case of the FSB, all matters relating to the receipt and maintenance of certified versions of products should be addressed to military unit 43753. However, not so long ago, suppliers and, in particular, Doctor Web, were able to agree on delivery through vendors. For example, an update of products certified by the requirements of the FSB, if the client has become a subscriber of their portal, goes through special zones controlled by the FSB (if the client has purchased certified software and has not passed the software maintenance approval procedure, then updates come from the vendor's zone).
How to buy a certified version?
In the case of Doctor Web, products certified according to the requirements of the FSTEC of Russia can be purchased through authorized partners ( partners.drweb.ru/?lng=ru ) of the development company or via the online store ( estore.drweb.ru/home/?lng=en) ). In the case of Kaspersky Lab, the purchase is possible through partners ( www.kaspersky.ru/products/business/certified-version ).
Products certified according to the requirements of the Federal Security Service of the Russian Federation / Ministry of Defense of the Russian Federation can be supplied by the vendor directly within the framework of centralized supplies.
I bought a certified version, where to download the distribution kit?
Nowhere. Certified versions on the Internet are not laid out. In the case of Doctor Web (other vendors may have different rules), the license itself is not different for certified and non-certified versions of products. But, since the distribution in electronic form is impossible (in the case of versions under FSTEC - due to the fact that the package must include a holographic sticker), in addition to the license, you also need to buy a box with the distribution kit and the documents included in the package.
I want to try a certified product!
Alas. In connection with the problems described in the previous question - you can officially try a product only by purchasing a box. The de-licensing itself, of course, is free. The box can not be delivered for free, since this is a tangible medium and bookkeeping will not understand.
And what is included in the box?
The scope of delivery certified according to the requirements of FSTEC or FSB software (in the case of Doctor Web) includes:
Each copy of certified software is accompanied by unique numbers identifying the means of protection in accordance with the procedures established for this certification system.
Since the quality of the adhesive layer of the holographic sticker does not guarantee that it will remain on the disc during its operation in a CD / DVD drive, and the detachment of the sticker can lead to various negative consequences, including equipment failure, it is pasted on the form, which is agreed with FSTEK Russia.
The reference values ​​of the checksums of certified versions of Dr.Web are stated in the forms for the corresponding products and are not publicly published. The calculation of the checksums is carried out using the fixation and control program of the initial state of the software package “Fix” (version 2.0.1), the algorithm “Level-1”.
For Kaspersky Lab, the delivery package description is shorter, but overall, Doctor Web cannot be different from the similar delivery due to the unity of the game rules ( www.kaspersky.ru/products/business/certified-version )
In the case of delivery of software certified for the Ministry of Defense of the Russian Federation, the delivery includes:
Can certified software be updated?
The updates themselves are made from specially created areas.
Attention! Non-certified updates should not be installed on certified software.
The user of certified versions can receive security updates both automatically and on CDs containing certified updates (hussars who know examples of such an update in very large structures - be silent!).
Our antivirus is installed inside the network and does not have access to the Internet. How to get updates?
Officially, only by installing an anti-virus product outside the network and transferring the update manually. In practice, options are possible - up to sending databases by mail and using courier service.
Is the firewall that is part of your anti-virus certified to comply with the relevant Profiles?
Profiles for firewalls developed by FSTEC of Russia ( fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty-po-sertifikatsii/120-normativnye-dokumenty ) describe the functionality of corporate-level firewalls installed at the network edge. Personal firewalls included in anti-virus products are not covered by these profiles and are certified as part of anti-virus solutions - and thus can be used as certified.
Can I buy and use a product whose certificate has expired?
You can buy any version of the product, in case of availability of boxes in stock. But officially used according to the rules - no.
Due to the fact that at the moment there are so-called "Anti-virus protection profiles", is it possible to use products previously certified by TU and NDV?
According to the order of FSTEC No. 240/24/3095 of July 30, 2012, from August 1, 2012, anti-virus software establishes the need to comply with the “Requirements for anti-virus protection tools” (order of FSTEC No. 28 of March 20, 2012) and approved 14 July 2012. "Anti-virus protection profiles". Placed profiles for fourth, fifth and sixth grades on the page fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty-po-sertifikatsii/120-normativnye-dokumenty/470-metodicheskie-dokumenty-utverzhdeny-fstekth -g-2 . Profiles of the first, second and third classes in the open access carried laid out.
At the same time, a new classification of certified anti-virus software products is introduced: by purpose (A-D) and level of protection (6-1).
Up to this point there were no requirements for antivirus software, and they were certified for technical specifications (technical specifications) and NDV (absence of undeclared capabilities).
According to the FSTEC letter, products created before the release of profiles and having FSTEC certificates (and even more so the FSB and the Ministry of Defense, which the order does not concern), retain their legitimacy.
What is certified software?
Certified software is:
Thus, certified software is software that has previously been certified, installed, configured and maintained in accordance with the requirements, also passed certification.
The use of certified security tools in itself is not a sufficient condition for meeting the requirements for the security of confidential data; you also need:
Can I self-certify software?
You can self-certify any selected SZI that meets the requirements of the RD. In accordance with the Regulations on certification of information security tools for information security requirements, (Order of the Chairman of the State Technical Commission of Russia No. 199 dated 10.27.1995), in the role of the Applicant, it is necessary to coordinate the FBEC of Russia with ST, TU or other GIS requirements defining the GIS, to the Testing Laboratory a set of necessary design and operational documentation, sample GIS, pay all certification costs. At the same time, the Applicant must be a licensee of the FSTEC and (or) the Federal Security Service of Russia for development and production of GIS.
Naturally, this list of questions is not complete. Quite a lot of questions are connected, for example, with the use of the Astra Linux OS. But most often ask precisely this.
I will not sum up the traditional total. The only thing I want to say is:
Do you think that we are asked? For those who have encountered, the answer is not a riddle: "We need a certified product." For those who do not know, such a request actually corresponds to the famous joke: “Petka, device! 45! What is 45? And what about the device? "
But let's not complain! Your attention is invited to a list of typical rakes, which are attacking customers who want to use certified anti-virus tools.
Attention! Despite the fact that the rules of certification, delivery and service are the same for all companies operating in the market, minor variations are possible in the composition of certified versions, level of certification, etc. In this connection, everywhere where specific cases are mentioned, the name of the company is indicated. The fact is that the delivery of certified products is possible only in a box and, accordingly, the author was unable to touch all the boxes of all suppliers with his hands. If Habrazhiteli find an error or point to a different approach for a company, the corresponding corrections will be gratefully accepted and included in the article.
')
We need a certified product!
Unfortunately, the supplier does not say anything. Doctor Web has the entire product line certified (http://company.drweb.ru/licenses_and_certificates/?lng=ru), Kaspersky Lab has individual products (http://www.kaspersky.ru/about/why/ certificates / certificates-government), other vendors, as a rule, are certified by one, the best-selling product. Dr.Web certifies all products at the maximum level, Kaspersky Lab certifies to different levels for different products, other vendors certify products at the minimum required level. And so on.
What information should the customer provide to the supplier in order not to overshoot (the supplier can supply anything, but the customer is unlikely to be happy when he realizes during the deployment that the product he bought does not work)?
- Type of certificate. What are the requirements for the product to be certified - FSTEC, FSB, MO, 1C, Gazprom, etc. Quite often, the customers themselves have not decided which certificates they need. And the difference is very significant. For example, products certified for the Ministry of Defense and according to the requirements of the FSTEC may well not match the system requirements and the requirements of the certification systems. In the certification system of the Ministry of Defense, certification is also carried out for compliance with the real and declared functionality in the documentation.
- Security level For different certificates, the levels are different. If a product certified by FSTEC is required, in most cases it is enough to name the secrecy level: top secret, particle board, etc. Customers often do not follow the changes in legislation and name the canceled levels - say, for personal data they ask for certified products for the first class .
- What you need to protect. Workstations, file servers, mail servers, gateways - we are not shamans and cannot guess the composition of the customer’s network. Quite often we are told: you will offer us, and we will figure it out. For some reason, customers believe that all protection options can be presented in a presentation for a maximum of 20 minutes. Will not work. As a result, after much agony, it suddenly turns out that the customer (for example) uses a rather rare mail server or operating system — and how can we guess about it?
- The operating system, the name of the mail server, the gateway (with bits, service packs, etc.). We will talk about the problems that the Protection Profiles have caused in this regard, for the time being we only say that outdated operating systems are often used, which no one supports anymore. DOS, NT4, old Linux versions, etc.
Thus, OS MSVS 3.0 has a number of assemblies that differ greatly in the components used (including the kernel, the glibc library, and the Squid version), but the OS version is the same. Therefore, before buying or delivering a product, you must ensure that Doctor Web solutions are compatible with OS MSVS 3.0. The list of supported versions of OS MSVS 3.0 is in the product documentation. - Using certified versions of operating systems, mail server gateways, etc. Unfortunately, not all companies that develop and certify software work with software manufacturers, which will then be installed on this certified software. There is no component - and that’s all; nothing can be done to the nearest inspection control. And the inspection control is not cheap and slow.
- The use of means restricting the operation of the software. Trusted loading, mandatory access, prohibition to run code from the data area - if any of this list is used, be sure to indicate! Say, now quite often use trusted download. But the MoD did not define its use in its requirements. As a result, there is not a word in the certificate of work when it is used. And what should the customer do?
Do you have a product certified to the requirements of 152-FZ?
The most popular question, which at one time began, continued and ended the working day.
Federal Law 152-FZ does not contain requirements for products and therefore a product cannot be certified for compliance with this law! The myth started by the company Eset. The company "Kaspersky Lab" instantly released a refutation. The Doctor Web has done the same. But the myth has already healed its life. As a result, all companies had to receive letters from the FSTEC that such and such a product could be used ... right up to K1.
Now the flow of such requests has come to naught, but I have included the question in the list as an example of how myths are simply created.
How to find out about the availability of certified solutions?
A complete list of certified solutions is posted on the website of the certifying organization. So, for the Federal Service for Technical and Export Control (FSTEC of Russia) the list is in the section "Documents on certification of information protection means and certification of information objects for information security requirements" (http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty -po-sertifikatsii / 153-sistema-sertifikatsii).
Why is your product not in the registry?
The FSTEC register of certified GIS information is entered every three months. Let's say the next update of information on certified GIS will be in December. Thus, if a company receives a certificate or renews it - information about this event may not be officially available for up to three months.
I want a certified version! / Why are you in the release of the product version xxx, and yyy certified?
Certification is not only a very expensive thing, but also a very long one. To obtain basic certificates - FSTEC and the FSB - it takes at least six months. And even eight months. At the same time, the completion of certification does not mean that the certificate itself will appear in the company - this also takes time. Bureaucracy s.
Often, product certification ends when the next, much more functional and effective version comes to an end. As a result, it is quite possible that users of the certified version receive less security than with the non-certified version.
Why you do not have a certificate for MO on your site?
Certificates of the Ministry of Defense of the Russian Federation are not posted on the site due to the fact that they have the status of chipboard documents. Certified copies of these certificates are available upon official request.
And we found a vulnerability! We want an updated version!
The release of the updated certified version is possible only through the Inspection Control procedure. In terms of this is about three months and also costs a lot of money. Therefore, Inspection control in the life of a certified product is an infrequent thing.
At one time, FSTEC developed a draft order on the procedure for updating certified products, which theoretically made it possible to simplify this procedure. But the level of problems introduced by the document, apparently, surprised even the specialists familiar with our standardization.
I want at the same time a certificate of FSTEC and FSB!
Naturally, the same products are left for certification, but there are nuances. For example, products certified according to the requirements of FSTEC can be supplied by almost any company, and they are updated from the usual update zones controlled by the vendor. And in the case of the FSB, all matters relating to the receipt and maintenance of certified versions of products should be addressed to military unit 43753. However, not so long ago, suppliers and, in particular, Doctor Web, were able to agree on delivery through vendors. For example, an update of products certified by the requirements of the FSB, if the client has become a subscriber of their portal, goes through special zones controlled by the FSB (if the client has purchased certified software and has not passed the software maintenance approval procedure, then updates come from the vendor's zone).
How to buy a certified version?
In the case of Doctor Web, products certified according to the requirements of the FSTEC of Russia can be purchased through authorized partners ( partners.drweb.ru/?lng=ru ) of the development company or via the online store ( estore.drweb.ru/home/?lng=en) ). In the case of Kaspersky Lab, the purchase is possible through partners ( www.kaspersky.ru/products/business/certified-version ).
Products certified according to the requirements of the Federal Security Service of the Russian Federation / Ministry of Defense of the Russian Federation can be supplied by the vendor directly within the framework of centralized supplies.
I bought a certified version, where to download the distribution kit?
Nowhere. Certified versions on the Internet are not laid out. In the case of Doctor Web (other vendors may have different rules), the license itself is not different for certified and non-certified versions of products. But, since the distribution in electronic form is impossible (in the case of versions under FSTEC - due to the fact that the package must include a holographic sticker), in addition to the license, you also need to buy a box with the distribution kit and the documents included in the package.
I want to try a certified product!
Alas. In connection with the problems described in the previous question - you can officially try a product only by purchasing a box. The de-licensing itself, of course, is free. The box can not be delivered for free, since this is a tangible medium and bookkeeping will not understand.
And what is included in the box?
The scope of delivery certified according to the requirements of FSTEC or FSB software (in the case of Doctor Web) includes:
- a certified copy of the applicant's copy of the FSTEC or FSB Certificate of Conformity for the supplied software;
- a compact disc containing a verified distribution of a certified product;
- in case of delivery of software certified by the FSTEC requirements, a form indicating the checksum of the distribution kit, marked with a special holographic conformity mark of the FSTEC of Russia;
- Documentation and software adjustment materials in accordance with the certified parameters provided in the technical documentation, including:
- user manual / administrator;
- technical conditions.
Each copy of certified software is accompanied by unique numbers identifying the means of protection in accordance with the procedures established for this certification system.
Since the quality of the adhesive layer of the holographic sticker does not guarantee that it will remain on the disc during its operation in a CD / DVD drive, and the detachment of the sticker can lead to various negative consequences, including equipment failure, it is pasted on the form, which is agreed with FSTEK Russia.
The reference values ​​of the checksums of certified versions of Dr.Web are stated in the forms for the corresponding products and are not publicly published. The calculation of the checksums is carried out using the fixation and control program of the initial state of the software package “Fix” (version 2.0.1), the algorithm “Level-1”.
For Kaspersky Lab, the delivery package description is shorter, but overall, Doctor Web cannot be different from the similar delivery due to the unity of the game rules ( www.kaspersky.ru/products/business/certified-version )
In the case of delivery of software certified for the Ministry of Defense of the Russian Federation, the delivery includes:
- license certificate with a serial number for all Dr.Web products;
- A DVD disk containing distributions of Dr.Web products certified by the Russian Ministry of Defense and the full version of their documentation in PDF format;
- a form containing reference values ​​of checksums of Dr.Web products certified by the Russian Ministry of Defense.
Can certified software be updated?
- Upgrading components: changing security components is not allowed. It occurs only after the inspection control testing laboratory through the certification department. After that, the tested components are placed on the update area, as well as in the form (with new checksums).
- Update virus databases: virus databases are not subject to check summation during certification, since checksums are created only for executable files and libraries, and virus databases do not contain executable modules. Thus, updating virus databases is a certified function of products.
The updates themselves are made from specially created areas.
Attention! Non-certified updates should not be installed on certified software.
The user of certified versions can receive security updates both automatically and on CDs containing certified updates (hussars who know examples of such an update in very large structures - be silent!).
Our antivirus is installed inside the network and does not have access to the Internet. How to get updates?
Officially, only by installing an anti-virus product outside the network and transferring the update manually. In practice, options are possible - up to sending databases by mail and using courier service.
Is the firewall that is part of your anti-virus certified to comply with the relevant Profiles?
Profiles for firewalls developed by FSTEC of Russia ( fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty-po-sertifikatsii/120-normativnye-dokumenty ) describe the functionality of corporate-level firewalls installed at the network edge. Personal firewalls included in anti-virus products are not covered by these profiles and are certified as part of anti-virus solutions - and thus can be used as certified.
Can I buy and use a product whose certificate has expired?
You can buy any version of the product, in case of availability of boxes in stock. But officially used according to the rules - no.
Due to the fact that at the moment there are so-called "Anti-virus protection profiles", is it possible to use products previously certified by TU and NDV?
According to the order of FSTEC No. 240/24/3095 of July 30, 2012, from August 1, 2012, anti-virus software establishes the need to comply with the “Requirements for anti-virus protection tools” (order of FSTEC No. 28 of March 20, 2012) and approved 14 July 2012. "Anti-virus protection profiles". Placed profiles for fourth, fifth and sixth grades on the page fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty-po-sertifikatsii/120-normativnye-dokumenty/470-metodicheskie-dokumenty-utverzhdeny-fstekth -g-2 . Profiles of the first, second and third classes in the open access carried laid out.
At the same time, a new classification of certified anti-virus software products is introduced: by purpose (A-D) and level of protection (6-1).
Up to this point there were no requirements for antivirus software, and they were certified for technical specifications (technical specifications) and NDV (absence of undeclared capabilities).
According to the FSTEC letter, products created before the release of profiles and having FSTEC certificates (and even more so the FSB and the Ministry of Defense, which the order does not concern), retain their legitimacy.
What is certified software?
Certified software is:
- Software that passed the compliance check in the Certification System of Information Security Means in accordance with the requirements of state standards and regulatory documents on information security, which is confirmed by the Certificate of Conformity.
The software is certified for compliance with technical documents (RC, TU, etc.) and in accordance with the parameters specified in this documentation. The most famous, but not the only, certificates are certificates of the FSTEC of Russia, the Ministry of Defense of Russia and the Federal Security Service of Russia. - Software whose distribution kit corresponds to a reference copy subjected to certification tests, which is confirmed by the corresponding entries in the accompanying certified software documentation (form) and (for FSTEC) with a special holographic conformity mark with a unique number that identifies this copy in the state accounting system of certified products.
- Software installed and configured in accordance with certified parameters.
- Software, all improvements (updates) of which are critical to security, are also subjected to certification tests, before they are presented to the user. When issuing updates and fixes in the security system of a certified product, the manufacturer is obliged to provide updates on certification and bring the information to the consumer.
Honestly, for antivirus, this is fantastic - naturally, no one updates the databases (which, by the way, are not certified by themselves) is not subject to certification tests. For doing this procedure for going up to three times per hour of updates is unrealistic. - Software controlled during operation.
Certified software should have built-in or superimposed tools designed to meet the requirements in the field of integrity control, accounting for the introduction of security updates into the software, and security monitoring during operation. The consumer must have mechanisms to check the integrity of security updates using checksums. - Software, each certified copy of which is registered in the register of certified products. The manufacturer is obliged to mark the means of protection and to ensure unhindered access of representatives of bodies exercising control over certified means of protection to accounting information.
Thus, certified software is software that has previously been certified, installed, configured and maintained in accordance with the requirements, also passed certification.
The use of certified security tools in itself is not a sufficient condition for meeting the requirements for the security of confidential data; you also need:
- that the parameters of the security system comply with the requirements of the Guidance Documents for the security system of automated systems as a whole;
- These security parameters could be confirmed by authorized bodies during certification of the information object.
Can I self-certify software?
You can self-certify any selected SZI that meets the requirements of the RD. In accordance with the Regulations on certification of information security tools for information security requirements, (Order of the Chairman of the State Technical Commission of Russia No. 199 dated 10.27.1995), in the role of the Applicant, it is necessary to coordinate the FBEC of Russia with ST, TU or other GIS requirements defining the GIS, to the Testing Laboratory a set of necessary design and operational documentation, sample GIS, pay all certification costs. At the same time, the Applicant must be a licensee of the FSTEC and (or) the Federal Security Service of Russia for development and production of GIS.
Naturally, this list of questions is not complete. Quite a lot of questions are connected, for example, with the use of the Astra Linux OS. But most often ask precisely this.
I will not sum up the traditional total. The only thing I want to say is:
- When preparing a request to a vendor or supplier of certified products, provide as much information as possible about where and how you are going to use them. There are a lot of nuances here;
- Remember that the supplier will deliver according to your requirements. And if it turns out that you have requested something wrong, then the problems will be on your side;
- pre-plan the upgrade procedure for certified products. Cases when the supplier comes for an antivirus solution at the moment when everything is already designed is not uncommon. And there are not isolated cases when on the client’s side up to this point the issues of software deployment, updating and management have not been considered at all;
- Remember that certified software is obsolete by default. Perhaps having known vulnerabilities.
Source: https://habr.com/ru/post/256735/
All Articles