Langa Letter: Good And Bad Online Security Check-Ups

Other Good Sites, With Caveats
Vulnerabilities.Org offers two levels of free scans, as well as a more detailed and targeted scan for registered users. The tests give excellent info, sometimes pinpointing subtle problems missed by other scanning sites. But they're somewhat slow to run, and the E-mail delivery of the scan results can take a very long time (measured in hours). And, at the time of this writing, the site's availability hasn't been good; it can drop offline for days at a time.

HackerWhacker offers an impressively thorough free security test, but is extremely slow. On my test systems, the HackerWhacker tests sometimes fail due to timeout errors. The site, as a whole, has been erratic lately, with all or parts of the site becoming unavailable. But when it's there, and when you can get the tests to run to completion, you'll find tons of good information.

My Security has a good reputation and offers a wide array of scans ranging from broad-spectrum tests down to ultra-specific, narrow-focus tests of selected trouble areas. But you can only run one limited test on a trial basis, so it's hard to know in advance if the complete, paid versions of this service will deliver what you're looking for. The costs for those services range from $10 to $1600, depending on what you want to test and for what time period.

Free ibh Online NETBIOS Vulnerability Check operates from Germany. Its scan is limited, but it covers several vulnerabilities that other scanning sites don't normally deal with. For example, the ibh test performs a check for common password problems (such as null passwords or accounts with the login "Admin" and a password of "password"). It also does a quick check for NetBus and Back Orifice remote-administration tools, which can be used by Trojan applications to gain remote control of a computer.

Which Tests Get Your Vote?
Of course, no one test is perfect. No test can offer absolute certainty that you're safe from external attack. But if you use several sites in concert, and all report that the system or device you're testing is secure, you can have reasonable peace of mind that you're not a sitting duck for malicious hack attacks.

What security tests do you use? Which have you found to be reliable? Which are unreliable, or worse--scams or thinly disguised sales tools? Please share your opinions and experiences in the discussion forum.