Government // Mobile & Wireless
Commentary
7/27/2010
11:44 PM
Daniel Dern
Daniel Dern
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Qualys Offers Free Browser Plug-In Checker

Less-than-current browser and plug-in versions can leave your browsing unnecessarily vulnerable to web-based attacks... and make latest-and-greatest-based web sites harder or impossible to use, but Qualys' free BrowserCheck can help.

Less-than-current browser and plug-in versions can leave your browsing unnecessarily vulnerable to web-based attacks... and make latest-and-greatest-based web sites harder or impossible to use, but Qualys' free BrowserCheck can help.One important way to protect our desktop/notebook systems is by keeping their software up to date. (Ignoring, for the moment, problems caused by bad updates, or by update ripple effect, where one update promptly, but often mysteriously, whacks something else, for example, interactions between Checkpoint ZoneAlarm and FireFox, to cite one I'm personally familiar with.)

Not just for security, but often, simply for usability, as content creators create content that requires a newer version of Flash, Reader, Windows Media Player or whatever, either to get the thing in question, for it to render properly, or to use some presumably nifty new feature.

And web browsing is, these days, a potentially high-risk activity. Running browsers and browser plug-ins that are out-of-date make that even worse.

Microsoft has desktop and network-level tools to auto-check for updates, and so any if not most of the programs on my desktop. And there's no shortage of third-party tools to do this for Windows and other apps. What I don't know is whether this applies to plug-ins and "helper apps" -- I'm not sure whether each browser grabs its own copy of Flash, for example.

FireFox and Opera do self-check and alert me if there's a newer version. (I don't use MSIE or Google Chrome enough to speak to them.) FireFox's add-on manager also offers to do for add-ons this on start-up. But for all you and I know, a browser may be using use a handful of helper programs and other stuff that may not be watched or managed by the browser.

Sundry Ways To Browse Safely

There are lots of ways to "run a browser more securely," from browsers' own "protected" modes to virtualization wrappers like Dell KACE's Secure Browser packaging of Firefox (see my InformationWeek/SMB news article and blog post (currently limited to 32-bit versions of Windows), ZoneAlarm ForceField (for MSIE and FireFox, not all older versions, though), and so on.

And for some helper-app tasks, like reading PDFs, there are alternative reader apps.

But suppose you may need a different browser or version. Or not be running on Windows. Or not be in a position to run one of these for some other reason.

To help us identify and remediate ("fix") security/usability issues pertaining to browser and add-on, on-demand IT security risk and compliance management solution provider Qualys recently announced BrowserCheck, free web-based service that will, once you've downloaded and installed the plug-in to a browser, "scans web browsers looking for security flaws within the browser and its plug-ins," according to Qualys.

I'm not convinced it's "scanning for flaws" so much as simply checking the version numbers and matching them against a look-up table, since when you run BrowserCheck, it gives you a color-and-tagged list, with status' including that an update is available; that you're running an insecure version; running an obsolete (no longer supported), 'support retiring' or support retired version; along with "Fix it" radio buttons.

The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions.

Currently, BrowserCheck checks status for:

  • Adobe Flash Player
  • Adobe Reader 5.x and above
  • Adobe Shockwave Player
  • Apple Quicktime
  • BEA JRockit
  • Microsoft Silverlight
  • Microsoft Windows Media Player
  • Real Player
  • Sun Java
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • Windows OS support expiration

Qualys supports a number of versions/editions of Windows, and browsers within that, and is working on MacOS/Safari and other things -- see the "What browsers are supported" section of the BrowserCheck FAQ.

I've tried BrowserCheck, on an 32-bit XP Pro system, and on 32-bit and 64-bit Windows 7, with MSIE, FireFox, Opera and Google Chrome. In several cases, it flagged components as being out of date, and offered to update them, and after I had done so, it reported everything as now copasetic.

I suggest you consider adding regular use of Qualys' BrowserCheck to your security routine, if it supports your OS and browser. Will it help you stay more up to date, and will that in turn help your browsing be more secure? I can't tell you.

Meanwhile, I'm still going to avoid MSIE and Adobe Reader, and use ForceField and NoScript with Firefox, whenever possible. And do regular backups.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.