Eight in 10 browsers remains vulnerable to attacks targeting already patched bugs, with the majority of problems stemming from plug-ins such as Java. The figures come from real world scans by users of Qualys's BrowserCheck service, a free of charge consumer-focused scanning utility released last year. The web-based service scans …
Qualys's BrowserCheck results for Adobe Acrobat + Reader may not be entirely accurate. I have both Acrobat 8 and Reader 9 on my PC, both fully patched. According to Firefox it is using the plugin from Reader 9 and there is no plugin from my install of Acrobat 8. Something is wrong with their detection mechanism because BrowserCheck says I am using an out of date Reader 8 plugin that needs patched.
Well it did when I tried the service 6 months ago, haven't checked if they've fixed it since.
Oki - I goto Qualys's BrowserCheck site and just get a message that says:
- so you want me to enable a potential security vulnerability to see if I have any potential security vulnerabilities?
Yes, yes, I know this is a facetious post :P
And an extension
If you get that far, it then asks you to install a custom extension.
This tells you nothing about the people who, like us, think "Um, what? No." and go away.
Really curious if the stats are based on suckers who install the extension. My reaction was the same as any sane websmurfer, "install random extension from site I just heard about, no thanks".
Erm, perhaps they're not aware that that's a pretty good positive result already!!
How the hell do you run it?
I installed this extension in Chrome, curious to see what it would say about my machine, but there doesn't seem to be any way to run it! There's no buttons, no menu options, nothing.
Afformentionned article's author attempts and achieves acceptable, accurate alliteration after all anterior attempts.
Paranoid Techs vs Automatic Updates
See, this is what happens when paranoid techies tell their friends to turn off automatic updates. "Oh, don't go installing patches unless you know exactly what they do!" followed weeks or months later by "You've got a virus, why haven't you been installing the patches from Windows Update?" .....
All I'm saying is that it's called "Automatic Updates" for a reason and recommending that end users turn it off is just stupid.
"The figures are especially troubling when you consider that consumers who have chosen to scan their system with BrowserCheck in the first place are likely to be more security-aware than the majority of internet users."
That's a pretty bold assumption there. Most of the security-aware people I know avoid "free" downloadable security scam^Hns like the plague. I'd be more apt to bet that most of the people who have chosen to scan their systems with BrowserCheck are those with low to moderate tech skills who are overwhelmed with the constant stream of updates and still looking for an easy way to get them, hence the desperate download -- and the high unpatched rate.
You won't feel a thing.
Qualys? Sounds like something you'd need to see a surgeon for.
For Firefox I prefer http://www.mozilla.com/en-US/plugincheck/
"The security shortcomings of Java on browsers has prompted some security experts to begin advising surfers to disable the technology."...
"Experts begin advising"..? Begin??? Experts???
Like, well, c'mon...hasn't this been the general concensus of the educated world since, well, like about 1996?
Methinks these 'experts' missed the train some 15 years ago!
Just Use It
Qualys is a quite old name (end of last century), and in my memory reputable and well connected including IBM. Doesn't mean it's safe to use their checker but it's not the same as adding an add-on from an unknown scammer.
My advice - run the tool. If you don't have enough experience to trust it, you don't have enough experience or knowledge NOT to use it :-) But if you can protect yourself normally, it's a useful extra tool and I thank theregister for linking to it.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market