Test Your Browser’s Security With Free Qualys BrowserCheck

imageData released this week, by Qualys, a security industry leader in vulnerability assessment and management, at the RSA Conference in San Francisco, continues to indicate that Browser plug-ins are frequently outdated and easily attackable.

Analysis of scanned data captured from 200,000+ Qualys BrowserCheck users’ worldwide, indicates that approximately 70% had a least one plug-in vulnerability.

No great surprise that Sun Java, and Adobe Flash and Reader, led the pack.

This research suggests, that you can load up your Internet Browser with every security add-on you like, but if there’s even one security hole – you’re still at risk.

Regular readers will remember that we’ve previously reviewed and recommended Qualys BrowserCheck, which will check your Web Browser for selected security holes in both the browser, and browser plug-ins.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, revisit the Qualys site (if necessary) – and you’re all set to launch the test.

My first test run was on Internet Explorer 8, as the following screen captures show.

image

As the scan results indicate – my Internet Explorer 8 is in terrible shape. I should point out however, that I never use any version of Internet Explorer.

image

With Firefox running, the results looked like this.

image

It seems I’ve been bad, and not kept my java Runtime updated – the very plug which is most likely to be hacked! The only defense I have (and it’s a poor one at that), is – this is a test machine which is rarely connected to the Internet. As well, my PDF reader has an update available.

image

Continuing with the test, I clicked on the  “Fix it” button which immediately took me to the Java update site so that I could download the latest version of Java Runtime.

image

Following the installation of the Java update, I reran the test to ensure the vulnerable condition had been closed.

image

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Additionally, you can test your currently installed Browser for security holes, by taking the free Browser Security test offered by Scanit, a technology company which provides services ranging from high-tech penetration testing over application source code review, risk assessments and management-level security audits, to security courses.

The test is fairly comprehensive and supports Internet Explorer, Mozilla Browsers (Firefox), and Opera. Additional components check for vulnerabilities in selected plug-ins, including Flash and QuickTime.

To test your Browser go to Browser Security test, and follow the simple instructions.

Note: This morning, I had some difficulty loading the Scanit site. Hopefully, this is not permanent.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Application Vulnerabilities, Browser Plug-ins, Browsers, cybercrime, Don't Get Hacked, downloads, Freeware, Interconnectivity, Internet Safety Tools, Malware Protection, Online Safety, Safe Surfing, Software, Windows Tips and Tools

One response to “Test Your Browser’s Security With Free Qualys BrowserCheck

  1. Pingback: Tweets that mention Test Your Browser’s Security With Free Qualys BrowserCheck | Bill Mullins' Weblog – Tech Thoughts -- Topsy.com