Not just for security, but often, simply for usability, as content creators create content that requires a newer version of Flash, Reader, Windows Media Player or whatever, either to get the thing in question, for it to render properly, or to use some presumably nifty new feature.
And web browsing is, these days, a potentially high-risk activity. Running browsers and browser plug-ins that are out-of-date make that even worse.
Microsoft has desktop and network-level tools to auto-check for updates, and so any if not most of the programs on my desktop. And there's no shortage of third-party tools to do this for Windows and other apps. What I don't know is whether this applies to plug-ins and "helper apps" -- I'm not sure whether each browser grabs its own copy of Flash, for example.
FireFox and Opera do self-check and alert me if there's a newer version. (I don't use MSIE or Google Chrome enough to speak to them.) FireFox's add-on manager also offers to do for add-ons this on start-up. But for all you and I know, a browser may be using use a handful of helper programs and other stuff that may not be watched or managed by the browser.
Sundry Ways To Browse Safely
There are lots of ways to "run a browser more securely," from browsers' own "protected" modes to virtualization wrappers like Dell KACE's Secure Browser packaging of Firefox (see my InformationWeek/SMB news article and blog post (currently limited to 32-bit versions of Windows), ZoneAlarm ForceField (for MSIE and FireFox, not all older versions, though), and so on.
And for some helper-app tasks, like reading PDFs, there are alternative reader apps.
But suppose you may need a different browser or version. Or not be running on Windows. Or not be in a position to run one of these for some other reason.
To help us identify and remediate ("fix") security/usability issues pertaining to browser and add-on, on-demand IT security risk and compliance management solution provider Qualys recently announced BrowserCheck, free web-based service that will, once you've downloaded and installed the plug-in to a browser, "scans web browsers looking for security flaws within the browser and its plug-ins," according to Qualys.
I'm not convinced it's "scanning for flaws" so much as simply checking the version numbers and matching them against a look-up table, since when you run BrowserCheck, it gives you a color-and-tagged list, with status' including that an update is available; that you're running an insecure version; running an obsolete (no longer supported), 'support retiring' or support retired version; along with "Fix it" radio buttons.
The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions.
Currently, BrowserCheck checks status for:
- Adobe Flash Player
- Adobe Reader 5.x and above
- Adobe Shockwave Player
- Apple Quicktime
- BEA JRockit
- Microsoft Silverlight
- Microsoft Windows Media Player
- Real Player
- Sun Java
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- Windows OS support expiration
Qualys supports a number of versions/editions of Windows, and browsers within that, and is working on MacOS/Safari and other things -- see the "What browsers are supported" section of the BrowserCheck FAQ.
I've tried BrowserCheck, on an 32-bit XP Pro system, and on 32-bit and 64-bit Windows 7, with MSIE, FireFox, Opera and Google Chrome. In several cases, it flagged components as being out of date, and offered to update them, and after I had done so, it reported everything as now copasetic.
I suggest you consider adding regular use of Qualys' BrowserCheck to your security routine, if it supports your OS and browser. Will it help you stay more up to date, and will that in turn help your browsing be more secure? I can't tell you.
Meanwhile, I'm still going to avoid MSIE and Adobe Reader, and use ForceField and NoScript with Firefox, whenever possible. And do regular backups.