Friday, May 27, 2011

Web browser vulnerability scanning

One of the fastest growing attack vectors for malware and trojans are outdated browsers and browser plugins. Things like Adobe Flash, Adobe Acrobat Reader and Java. There is a scary rootkit that steals banking info going around Brazil right now. While it is quite a feat of engineering once it gets into a user's system, the method it uses to initially get into the computer is very low tech: exploiting an out of date version of Java.

To try and combat this problem, Qualys has created a free web browser vulnerability scanner. It works with IE, Firefox and Chrome on Windows and Mac OS. Opera, Safari and Linux are in beta. The scanner checks the browser and plugins to see if they are up to date and will alert you if any vulnerabilities exist. I run this on all of my personal computers and every user PC I come into contact with at work.