Test Your Browser’s Security With Free Qualys BrowserCheck

Data released this week, by Qualys, a security industry leader in vulnerability assessment and management, at the RSA Conference in San Francisco, continues to indicate that Browser plug-ins are frequently outdated and easily attackable.

Analysis of scanned data captured from 200,000+ Qualys BrowserCheck users’ worldwide, indicates that approximately 70% had a least one plug-in vulnerability.

No great surprise that Sun Java, and Adobe Flash and Reader, led the pack.

This research suggests, that you can load up your Internet Browser with every security add-on you like, but if there’s even one security hole – you’re still at risk.

Regular readers will remember that we’ve previously reviewed and recommended Qualys BrowserCheck, which will check your Web Browser for selected security holes in both the browser, and browser plug-ins.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, revisit the Qualys site (if necessary) – and you’re all set to launch the test.

My first test run was on Internet Explorer 8, as the following screen captures show.

As the scan results indicate – my Internet Explorer 8 is in terrible shape. I should point out however, that I never use any version of Internet Explorer.

With Firefox running, the results looked like this.

It seems I’ve been bad, and not kept my java Runtime updated – the very plug which is most likely to be hacked! The only defense I have (and it’s a poor one at that), is – this is a test machine which is rarely connected to the Internet. As well, my PDF reader has an update available.

Continuing with the test, I clicked on the  “Fix it” button which immediately took me to the Java update site so that I could download the latest version of Java Runtime.

Following the installation of the Java update, I reran the test to ensure the vulnerable condition had been closed.

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Additionally, you can test your currently installed Browser for security holes, by taking the free Browser Security test offered by Scanit, a technology company which provides services ranging from high-tech penetration testing over application source code review, risk assessments and management-level security audits, to security courses.

The test is fairly comprehensive and supports Internet Explorer, Mozilla Browsers (Firefox), and Opera. Additional components check for vulnerabilities in selected plug-ins, including Flash and QuickTime.

To test your Browser go to Browser Security test, and follow the simple instructions.

Note: This morning, I had some difficulty loading the Scanit site. Hopefully, this is not permanent.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How Safe Is Your Browser? – Test Your Browser’s Security With Scanit

You can load up your Internet Browser with every security add-on you like, but if the base Browser has even one security hole – you’re still at risk.

You can test your currently installed Browser for security holes, by taking the free Browser Security test offered by Scanit, a technology company which provides services ranging from high-tech penetration testing over application source code review, risk assessments and management-level security audits, to security courses.

The test is fairly comprehensive and supports Internet Explorer, Mozilla Browsers (Firefox), and Opera. Additional components check for vulnerabilities in selected plug-ins, including Flash and QuickTime.

To test your Browser go to Browser Security test, and follow the simple instructions.

Happily, my results showed no vulnerabilities.

An additional test, (recently spotlighted here), focusing on selected security holes in both the Browser, and Browser plug-ins, is available with BrowserCheck, a free tool from Qualys.

As an added security measure, take BrowserCheck for a test drive. According to available information, all major Windows web browsers are supported.

BrowserCheck is itself a plug-in, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, and you’re all set.

My friends over at the TTC Shelbyville – Technical Blog (Tennessee Technology Center at Shelbyville, Tennessee), recently posted an article on Scanit’s Browser Security test, which prompted me to do likewise. Thanks guys.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser

Yesterday, I wrote on the Secunia Personal Software Inspector (PSI), and I mentioned in the article, that each week I receive the Qualys Vulnerability Report from Qualys, a security industry leader in vulnerability assessment, and vulnerability management.

Although Qualys is a major player in the enterprise market, at the personal consumer level, most users will not be familiar with this company. I found it interesting then, that Qualys recently released a free consumer level security tool, BrowserCheck, which will check your web browser for selected security holes in both the browser, and browser plug-ins. Not add-ons, but plug-ins.

Take a look at what Qualys CEO, Philippe Courtot has to say on Browser plug-ins, and security –

Almost 100 percent of all browsers we have surveyed have plug-ins installed that enable the user to play music, watch video, visualize PDF files and play games.

Frequently these plug-ins are overlooked by the users and are not updated, representing a significant security exposure – both for end-users and corporate clients.

I must admit, I find nothing to disagree with in that statement.

BrowserCheck is itself a plug-ins, and like most plug-ins, it’s very easy to install. Simply visit the Qualys site; install the plug-in, and you’re all set.

My first test run was on Internet Explorer 8, as the following screen captures show.

As the scan results indicate – my Internet Explorer 8 is in good shape.

With Firefox running, the results looked like this. It seems I’ve been bad, and not kept my Firefox updated. There’s good reason for this – FF 3.6.6 is slower than molasses (at least on my test machine), and I choose to roll back to FF 3.6.4

Nevertheless, to complete the test, I clicked on the  “Fix it” button which immediately took me to the Firefox update site, so that I could download the latest version of Firefox.

Fast facts: The following items are detected:

Windows OS support expiration

Browser version (IE 6.0+, Firefox 3.0+, Chrome 4.0+)

Adobe Flash Player

Adobe Reader 5.x and above

Adobe Shockwave Player

Apple Quicktime

BEA JRockit

Microsoft Silverlight

Microsoft Windows Media Player

Real Player

Sun Java

Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

As an added security measure, take BrowserCheck for a test drive. According to available information, all major Windows web browsers are supported.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.