Test Your Browser’s Security With Free Qualys BrowserCheck

Data released this week, by Qualys, a security industry leader in vulnerability assessment and management, at the RSA Conference in San Francisco, continues to indicate that Browser plug-ins are frequently outdated and easily attackable.

Analysis of scanned data captured from 200,000+ Qualys BrowserCheck users’ worldwide, indicates that approximately 70% had a least one plug-in vulnerability.

No great surprise that Sun Java, and Adobe Flash and Reader, led the pack.

This research suggests, that you can load up your Internet Browser with every security add-on you like, but if there’s even one security hole – you’re still at risk.

Regular readers will remember that we’ve previously reviewed and recommended Qualys BrowserCheck, which will check your Web Browser for selected security holes in both the browser, and browser plug-ins.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, revisit the Qualys site (if necessary) – and you’re all set to launch the test.

My first test run was on Internet Explorer 8, as the following screen captures show.

As the scan results indicate – my Internet Explorer 8 is in terrible shape. I should point out however, that I never use any version of Internet Explorer.

With Firefox running, the results looked like this.

It seems I’ve been bad, and not kept my java Runtime updated – the very plug which is most likely to be hacked! The only defense I have (and it’s a poor one at that), is – this is a test machine which is rarely connected to the Internet. As well, my PDF reader has an update available.

Continuing with the test, I clicked on the  “Fix it” button which immediately took me to the Java update site so that I could download the latest version of Java Runtime.

Following the installation of the Java update, I reran the test to ensure the vulnerable condition had been closed.

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Additionally, you can test your currently installed Browser for security holes, by taking the free Browser Security test offered by Scanit, a technology company which provides services ranging from high-tech penetration testing over application source code review, risk assessments and management-level security audits, to security courses.

The test is fairly comprehensive and supports Internet Explorer, Mozilla Browsers (Firefox), and Opera. Additional components check for vulnerabilities in selected plug-ins, including Flash and QuickTime.

To test your Browser go to Browser Security test, and follow the simple instructions.

Note: This morning, I had some difficulty loading the Scanit site. Hopefully, this is not permanent.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If You’re A Habitually Negative Blogger Then You’re On The Wrong Bus

Undoubtedly, fact based diversity of opinion is a good thing – particularly in the field of technological progress. But, intellectual negativism based on habitual skepticism, which is then propagated (often by a Blogger), as expert opinion, serves no one. Except perhaps, the practiced skeptic who’s driven by a need to criticize technological advancements he doesn’t quite understand.

Clearly, I’m no fan of those technologists, or Bloggers, who are addicted to negative thinking; those who take issue with technological achievements which have been overwhelmingly affirmed by the marketplace.

Recently, WordPress added a “Share” feature to its blogging platform, and in discussing this with fellow technologists (some are Bloggers), I was taken aback by the shortsightedness brought out in discussing the benefits of this new feature – for both Blog readers, and Bloggers.

Common negative points of view expressed, included:

I would never get involved with Facebook (one of the “Share” buttons). Only losers use Facebook.

As it turns out, I’m not a Facebook user – but it’s hardly because I think only losers use Facebook. I very much doubt that the Half Billion users on this social network, consider themselves “losers”. Instead, it’s evident that Facebook users see the individual personal benefits a Facebook account provides.

From a personal perspective, Facebook presents too much of a risk to my online security; but I certainly recognize that there has been overwhelming acceptance of Facebook. Consequently, I find it difficult to listen to arguments that Facebook has no social relevancy. Or, that it’s populated by “losers.”

Only Twits use Twitter (another of the “Share” buttons).

I subscribe to Twitter, and I don’t recall ever being called a “Twit”. Some other unflattering names, I confess, – but not a “Twit”.  Mind you, I don’t tweet about what I had for breakfast, what time I went to bed, what I’m wearing today, or the inane “look at me” tweets, posted by celebrities like Demi Moore, or Ashton Kutcher.

But, I have no problem accepting that the social relevancy of Twitter is substantial. How the hell could a service with 165 Million registered users since it’s inception just two years ago, be anything but socially relevant, is beyond me.

I’ll cut to the chase here: Significantly, the addition of  the “Share” feature by WordPress has been very favorably received by most Bloggers, and most importantly – by readers. From a reader’s perspective the advantages are obvious – a “Share” feature allows users to easily share content which is important to them, through social networking sites, social content sites, email, and so on.

From a Blogger’s perspective – and I’m only relating my own personal experience – I’m delighted. In the time since WordPress added the “Share” feature, average daily reads here have increased by more than 20%. It’s rather obvious, that by making it easier for visitors to share my content, they do just that. It seems clear to me that WordPress has added value for both readers, and for me as a Blogger.

To those Blogging associates who see little, or no value, in marketplace affirmation of change, most particularly the WordPress “Share” button, I’ll remind you of this quotation from futurist Alvin Toffler (Future Shock) – “The illiterate of the future are not those who cannot read or write, but those who cannot learn, unlearn, and relearn.”

Writing this post, brought to mind an article in Newsweek Magazine I read many years ago, in which the author Clifford Stoll, took great exception to the idea that the Internet, and related technologies, had a viable future.

Since his predictive opinion was so dramatically off-target, I’ve partially reproduced that article here:

The Internet? Bah! (Hype alert: Why cyberspace isn’t, and will never be, nirvana.) February 27, 1995.

Visionaries see a future of telecommuting workers, interactive libraries and multimedia classrooms. They speak of electronic town meetings and virtual communities. Commerce and business will shift from offices and malls to networks and modems.  Baloney. Do our computer pundits lack all common sense? The truth is no online database will replace your daily newspaper, no CD-ROM can take the place of a competent teacher ……..

How about electronic publishing? Try reading a book on disc. At best, it’s an unpleasant chore: the myopic glow of a clunky computer replaces the friendly pages of a book. And you can’t tote that laptop to the beach. Yet Nicholas Negroponte, director of the MIT Media Lab, predicts that we’ll soon buy books and newspapers straight over the Internet. Uh, sure.

Then there’s cyberbusiness. We’re promised instant catalog shopping—just point and click for great deals. We’ll order airline tickets over the network, make restaurant reservations and negotiate sales contracts. Stores will become obsolete. So how come my local mall does more business in an afternoon than the entire Internet handles in a month?

The full article can be read here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser

Yesterday, I wrote on the Secunia Personal Software Inspector (PSI), and I mentioned in the article, that each week I receive the Qualys Vulnerability Report from Qualys, a security industry leader in vulnerability assessment, and vulnerability management.

Although Qualys is a major player in the enterprise market, at the personal consumer level, most users will not be familiar with this company. I found it interesting then, that Qualys recently released a free consumer level security tool, BrowserCheck, which will check your web browser for selected security holes in both the browser, and browser plug-ins. Not add-ons, but plug-ins.

Take a look at what Qualys CEO, Philippe Courtot has to say on Browser plug-ins, and security –

Almost 100 percent of all browsers we have surveyed have plug-ins installed that enable the user to play music, watch video, visualize PDF files and play games.

Frequently these plug-ins are overlooked by the users and are not updated, representing a significant security exposure – both for end-users and corporate clients.

I must admit, I find nothing to disagree with in that statement.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, and you’re all set.

My first test run was on Internet Explorer 8, as the following screen captures show.

As the scan results indicate – my Internet Explorer 8 is in good shape.

With Firefox running, the results looked like this. It seems I’ve been bad, and not kept my Firefox updated. There’s good reason for this – FF 3.6.6 is slower than molasses (at least on my test machine), and I choose to roll back to FF 3.6.4

Nevertheless, to complete the test, I clicked on the  “Fix it” button which immediately took me to the Firefox update site, so that I could download the latest version of Firefox.

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

As an added security measure, take BrowserCheck for a test drive. According to available information, all major Windows web browsers are supported.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.