Many of the security problems that people run into on a regular basis can be traced back to basic mistakes or misconfigurations with their devices. People are busy and most of them aren’t security experts, so tools that can take care of the basics for them can be quite valuable.
To that end, Netflix has released a native version of its open source security tool called Stethoscope, which checks device security settings and configurations and makes clear recommendations about what needs fixing. The company released a web-based version of the tool last year, but it relied on data from device-management platforms and information about the state of a device wasn’t available continuously. So, Netflix’s engineers decided to develop a native Stethoscope app for both Windows and macOS that performs the same functions but provides users with constant information about the security state of their machines.
“Basic device hygiene is a fundamental security practice. People want to securely configure their devices, but they may not know what the best practices are, or how to comply with them. Empowering users to see the state of their devices and how to get them into an ideal state improves the overall security posture of an organization,” Nicole Grinstead, a senior security software engineer at Netflix, wrote in a post announcing the new app.
"Device information can be sensitive, so we limited who is able to run scans."
Once installed, Stethoscope performs a series of health checks on a machine, checking the status of things such as full disk encryption, automatic software updates, operating system and software patch levels, and the presence of specific applications. Users can perform on-demand scans and Stethoscope has a local server that allows it to connect to third-party apps so they can run health checks to make decisions about granting access to a user’s machine.
Stethoscope gives users recommendations about how to configure their machines to address any security issues that it finds, but it is not a security app itself, per se. It doesn’t look for malware or stop suspicious connections or make any changes to the machine on its own. Rather, it assesses the overall security posture of the device and gives the user specific instructions on how to fix any deficiencies it finds.
“The Stethoscope app was built with not just device health in mind, but also with security in mind. The app does not run as root, and has no elevated privileges. The app does not change settings for users automatically. This respects the user’s ownership of their device settings, but also has the benefit of not adding risk of settings being changed maliciously via the app. Device information can be sensitive, so we limited who is able to run scans,” Grinstead said.
Netflix built Stethoscope on a variety of open source software components, and the company has released the code on GitHub.