Creating a program that does something useful takes a lot of skill. Finding a flaw in that program and exploiting it to execute arbitrary code, well, that requires an even higher level of skill. Hackers constantly toil to find those flaws, and the affected companies work just as hard to patch any loopholes. For your own security, you need to apply their patches as soon as possible. A quick scan with Qualys’s free BrowserCheck will ensure that your browser and its plug-ins are totally up to date.
Basic Browser Check
Running a basic check on your browser couldn’t be simpler. You just navigate to https://browsercheck.qualys.com and click the link that says “Launch a quick scan now.” Note that this works in Windows, Mac OS, or Linux.
In a few moments you’ll get a list of found plug-ins. Any that are definitely outdated appear first, with a red “Insecure Version” warning and a big “Fix It” button. Clicking the button initiates the update process for that plug-in. Of course, if the browser itself isn’t current, performing that update is the most important order of business.
Plug-ins that BrowserCheck has green-flagged as fully secure show up at the end of the list. In testing, I ran into a couple that displayed a yellow “Warning” marker, in between the known insecure and known secure ones. According to the FAQs, BrowserCheck can report thirteen different types of update status, among them Pre-release, Obsolete, and “Support Retired.” That last category means the vendor is no longer supporting or updating the item, so you should replace it with something more modern.
If you only use one browser, the basic scan may be all you need. If you do switch between multiple browsers, you’ll have to launch the scan separately from each browser. As an alternative, you can install the BrowserCheck plug-in.
With the plug-in installed, you can now choose three levels of scanning. While the basic current-browser-only scan is still available, you can also choose an intermediate scan that checks all installed browsers plus Operating System security settings. The advanced scan, which can take several minutes, adds a check for missing Microsoft security updates.
Results of an advanced scan appear on three tabs. The first lists your installed browsers, with a green check if they’re fully secure or a red X otherwise. Clicking each browser’s icon brings up a list of that browser’s plug-ins, with the built-in ability to update any outdated items.
The System Checks tab lets you know whether your operating system is fully secured. It also reports on the readiness of your firewall and antivirus, drawing this information from the security center in Windows. If the firewall or antivirus is outdated or turned off, you’ll get a warning. Note, though, that BrowserCheck won’t warn if antivirus protection is completely absent.
On the MS Updates tab, BrowserCheck reports whether your system has missed any significant updates. If so, it advises installing them using Windows Update. After updating my test system I scanned again; BrowserCheck pointed out an optional update created to bring Microsoft in line with a legal decision by the European Commission. Secunia Personal Software Inspector 3.0, a similar patch-management tool, lets you mark specific updates to be ignored in future scans. Given that the optional Microsoft update doesn’t affect me, I would have liked to ignore it, but that’s not a feature BrowserCheck offers.
BrowserCheck searches for updates in six browsers (Internet Explorer, Firefox, Chrome, Safari, Opera, and Camino) and about 20 plug-ins. Secunia PSI checks on software from 3,000 vendors, clearly a much wider range than BrowserCheck. After I updated everything that BrowserCheck pointed out, I launched Secunia PSI for a second opinion.
Secunia PSI doesn’t have a no-install option, so I installed its plug-in. Its default and recommended mode of operation is to install all found updates automatically. On the chance that I might want to see it in action more than once, I set it to just notify me of available updates.
Secunia found two outdated programs with no available updates—what they call “end of life” and BrowserCheck calls “Support Retired.” It identified the installed version of Sun Java JRE as requiring an update. And it listed three dozen programs and add-ons that are fully up-to-date in terms of security. For continued security, you can configure Secunia to launch when Windows starts and take care of new updates as they appear.
BrowserCheck and Secunia PSI are both free, so you can try them out and choose what suits you best. If you just want a quick reassurance that your browser and its add-ons are OK, the online-only BrowserCheck will give you that. Secunia PSI is a better choice for ongoing update monitoring of a wide variety of programs.
|OS Compatibility||Windows Vista, Windows XP, Linux, Mac OS, Windows 7, Windows 8|
Copyright © 2012 Ziff Davis, Inc