Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser

image Yesterday, I wrote on the Secunia Personal Software Inspector (PSI), and I mentioned in the article, that each week I receive the Qualys Vulnerability Report from Qualys, a security industry leader in vulnerability assessment, and vulnerability management.

Although Qualys is a major player in the enterprise market, at the personal consumer level, most users will not be familiar with this company. I found it interesting then, that Qualys recently released a free consumer level security tool, BrowserCheck, which will check your web browser for selected security holes in both the browser, and browser plug-ins. Not add-ons, but plug-ins.

Take a look at what Qualys CEO, Philippe Courtot has to say on Browser plug-ins, and security –

Almost 100 percent of all browsers we have surveyed have plug-ins installed that enable the user to play music, watch video, visualize PDF files and play games.

Frequently these plug-ins are overlooked by the users and are not updated, representing a significant security exposure – both for end-users and corporate clients.

I must admit, I find nothing to disagree with in that statement.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, and you’re all set.

My first test run was on Internet Explorer 8, as the following screen captures show.

image

image

As the scan results indicate – my Internet Explorer 8 is in good shape.

image

With Firefox running, the results looked like this. It seems I’ve been bad, and not kept my Firefox updated. There’s good reason for this – FF 3.6.6 is slower than molasses (at least on my test machine), and I choose to roll back to FF 3.6.4

image

image

Nevertheless, to complete the test, I clicked on the  “Fix it” button which immediately took me to the Firefox update site, so that I could download the latest version of Firefox.

image

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

As an added security measure, take BrowserCheck for a test drive. According to available information, all major Windows web browsers are supported.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

19 Comments

Filed under Browser Plug-ins, Browsers, cybercrime, Don't Get Hacked, downloads, Firefox, Freeware, internet explorer 8, Internet Explorer Add-ons, Windows Tips and Tools

19 responses to “Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser

  1. Murphy

    Hi,
    Thank you . Another useful article .
    Best regards !

  2. greg

    Bill,
    Thanks for another good tip. This program found 2 plug-ins that could be updated on my pc. Even though neither were considered critical I updated anyway.
    Greg

  3. Liam O' Moulain

    Just like Greg, I found a couple of plug-ins that could be updated.

    Thanks Bill.

    Liam

  4. greg

    Bill,
    Thanks again I really appreciate it.

    Greg

  5. Ranjan

    Hey Bill,
    Another nice find. Tried it and all came up green..
    However, It’d be nice if the scope of scanning could be expanded, i.e. to ‘Add-Ons” also..

  6. Pingback: Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your … | Firefox Blog

  7. Mal

    Hey Bill,

    Man, it’s quick isn’t it. Great tool. As I write this, Firefox has informed me that a new version is available, 3.6.7, so I am off to check that out.

    Cheers

    • Hey Mal,

      When I read your comment I wondered why FF hadn’t told me Version 3.6.7 was available, until I realized I was in Ubuntu, and not Windows. lol

      Glad you like this app – one more tool in the arsenal. It’s unfortunate that we need it, but …..

      Best,

      Bill

  8. Bill,
    I have no idea how you keep pumping out so many useful tools, do you sleep?
    But I’m glad you do and I really appreciate it.
    Mark

  9. Hi Bill

    What’s the difference between this application and Mozilla’s own Plugin Check at http://www.mozilla.com/en-US/plugincheck/ ?

    Regards,
    Dave K

    • Hey Dave,

      A few differences:

      BrowserCheck is itself a plug-in – not only for Firefox, but IE and Chrome as well.

      Since it’s an installed plugin, it automatically keeps track.

      Plugincheck, (definitely a valuable service), checks Safari, Chrome, Opera, and Internet Explorer (partially), on a manual basis.

      Best,

      Bill

  10. Nightjar

    ###
    Hi Bill – Thank you for the pointer

    On balance ~ a positive addition to my browser tools. I run XP + FF 3.6.6 it picked up on my OOD Sun JRE & the ‘Fix It’ button made it all very easy. I re-scanned as instructed & got a clean bill of health. For some reason It didn’t note I needed to go to 3.6.7

    ###
    A question for you if I may… what am I missing here ? Am I supposed to create my own linkback within FF & IE8 to browsercheck so that I can conveniently connect to the scan in future ?

    I ask because I installed yesterday, but didn’t run it until today. BrowserCheck is an item in both my Extensions list & Plugins list, but there are no options other than ‘disable’ or ‘uninstall’. It appears not to have installed a button in my FF browser nor a link to https://browsercheck.qualys.com/ where the ‘Scan Now’ button lives. So I googled “qualys browsersearch” & it went smoothly from there. I read the Qualys FAQ & there’s no mention of this aspect

    ###

    • Hey Nightjar,

      I had the same experience – “It didn’t note I needed to go to 3.6.7”. Later in the day, it did pickup on 3.6.7. A timing issue, I guess.

      Your question is important. Qualys is not very forthcoming with info on this issue. Like many many add-ons though, it works continuously in the background. As such, there’s no need to manually scan. To be certain this is the case, I’ve checked open ports to ensure there is in fact a continuous open connection.

      Your idea of creating a link is not a bad idea since it would allow a manual check. Bit of a letdown Qualys didn’t think of this.

      Best,

      Bill

  11. Pingback: How Safe Is Your Browser? – Test Your Browser’s Security With Scanit « Bill Mullins' Weblog – Tech Thoughts