Less-than-current browser and plug-in versions can leave your browsing unnecessarily vulnerable to web-based attacks... and make latest-and-greatest-based web sites harder or impossible to use, but Qualys' free BrowserCheck can help.
Less-than-current browser and plug-in versions can leave your browsing unnecessarily vulnerable to web-based attacks... and make latest-and-greatest-based web sites harder or impossible to use, but Qualys' free BrowserCheck can help.One important way to protect our desktop/notebook systems is by keeping their software up to date. (Ignoring, for the moment, problems caused by bad updates, or by update ripple effect, where one update promptly, but often mysteriously, whacks something else, for example, interactions between Checkpoint ZoneAlarm and FireFox, to cite one I'm personally familiar with.)
Not just for security, but often, simply for usability, as content creators create content that requires a newer version of Flash, Reader, Windows Media Player or whatever, either to get the thing in question, for it to render properly, or to use some presumably nifty new feature.
And web browsing is, these days, a potentially high-risk activity. Running browsers and browser plug-ins that are out-of-date make that even worse.
Microsoft has desktop and network-level tools to auto-check for updates, and so any if not most of the programs on my desktop. And there's no shortage of third-party tools to do this for Windows and other apps. What I don't know is whether this applies to plug-ins and "helper apps" -- I'm not sure whether each browser grabs its own copy of Flash, for example.
FireFox and Opera do self-check and alert me if there's a newer version. (I don't use MSIE or Google Chrome enough to speak to them.) FireFox's add-on manager also offers to do for add-ons this on start-up. But for all you and I know, a browser may be using use a handful of helper programs and other stuff that may not be watched or managed by the browser.
Sundry Ways To Browse Safely
There are lots of ways to "run a browser more securely," from browsers' own "protected" modes to virtualization wrappers like Dell KACE's Secure Browser packaging of Firefox (see my InformationWeek/SMB news article and blog post (currently limited to 32-bit versions of Windows), ZoneAlarm ForceField (for MSIE and FireFox, not all older versions, though), and so on.
And for some helper-app tasks, like reading PDFs, there are alternative reader apps.
But suppose you may need a different browser or version. Or not be running on Windows. Or not be in a position to run one of these for some other reason.
To help us identify and remediate ("fix") security/usability issues pertaining to browser and add-on, on-demand IT security risk and compliance management solution provider Qualys recently announced BrowserCheck, free web-based service that will, once you've downloaded and installed the plug-in to a browser, "scans web browsers looking for security flaws within the browser and its plug-ins," according to Qualys.
I'm not convinced it's "scanning for flaws" so much as simply checking the version numbers and matching them against a look-up table, since when you run BrowserCheck, it gives you a color-and-tagged list, with status' including that an update is available; that you're running an insecure version; running an obsolete (no longer supported), 'support retiring' or support retired version; along with "Fix it" radio buttons.
The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions.
Currently, BrowserCheck checks status for:
Adobe Flash Player
Adobe Reader 5.x and above
Adobe Shockwave Player
Microsoft Windows Media Player
Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
Windows OS support expiration
Qualys supports a number of versions/editions of Windows, and browsers within that, and is working on MacOS/Safari and other things -- see the "What browsers are supported" section of the BrowserCheck FAQ.
I've tried BrowserCheck, on an 32-bit XP Pro system, and on 32-bit and 64-bit Windows 7, with MSIE, FireFox, Opera and Google Chrome. In several cases, it flagged components as being out of date, and offered to update them, and after I had done so, it reported everything as now copasetic.
I suggest you consider adding regular use of Qualys' BrowserCheck to your security routine, if it supports your OS and browser. Will it help you stay more up to date, and will that in turn help your browsing be more secure? I can't tell you.
Meanwhile, I'm still going to avoid MSIE and Adobe Reader, and use ForceField and NoScript with Firefox, whenever possible. And do regular backups.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.