Feeds

back to article 4 in 5 surfers open to browser exploits from fixed flaws

Eight in 10 browsers remains vulnerable to attacks targeting already patched bugs, with the majority of problems stemming from plug-ins such as Java. The figures come from real world scans by users of Qualys's BrowserCheck service, a free of charge consumer-focused scanning utility released last year. The web-based service scans …

COMMENTS

This topic is closed for new posts.
Silver badge

BrowserCheck Issues

Qualys's BrowserCheck results for Adobe Acrobat + Reader may not be entirely accurate. I have both Acrobat 8 and Reader 9 on my PC, both fully patched. According to Firefox it is using the plugin from Reader 9 and there is no plugin from my install of Acrobat 8. Something is wrong with their detection mechanism because BrowserCheck says I am using an out of date Reader 8 plugin that needs patched.

Well it did when I tried the service 6 months ago, haven't checked if they've fixed it since.

0
1

Hmmm...

Oki - I goto Qualys's BrowserCheck site and just get a message that says:

"Javascript Not Enabled

Please enable javascript in your browser and refresh your page "

- so you want me to enable a potential security vulnerability to see if I have any potential security vulnerabilities?

:)

Yes, yes, I know this is a facetious post :P

8
0
FAIL

And an extension

If you get that far, it then asks you to install a custom extension.

So really, all their stats tell is is how many people who'll happily run any old bit of javascript, and install any old extension, are at risk.

This tells you nothing about the people who, like us, think "Um, what? No." and go away.

5
1

Post anonymously?

Really curious if the stats are based on suckers who install the extension. My reaction was the same as any sane websmurfer, "install random extension from site I just heard about, no thanks".

5
0
Silver badge
FAIL

Exactly...!

A site that wants to check if my Javascript is secure first asks me to enable Javascript!

Erm, perhaps they're not aware that that's a pretty good positive result already!!

2
0
WTF?

How the hell do you run it?

I installed this extension in Chrome, curious to see what it would say about my machine, but there doesn't seem to be any way to run it! There's no buttons, no menu options, nothing.

0
0
Thumb Up

..'allelujah!

Afformentionned article's author attempts and achieves acceptable, accurate alliteration after all anterior attempts.

At last!

6
0

Paranoid Techs vs Automatic Updates

See, this is what happens when paranoid techies tell their friends to turn off automatic updates. "Oh, don't go installing patches unless you know exactly what they do!" followed weeks or months later by "You've got a virus, why haven't you been installing the patches from Windows Update?" .....

All I'm saying is that it's called "Automatic Updates" for a reason and recommending that end users turn it off is just stupid.

2
3
HMB

Javascript

I'm so glad that it's just technical people who still disable JavaScript. It means that as a web developer, any fancy HTML5 will work for everyone except those people, who are enough of a minority for it not to be any problem.

Don't get me wrong, I write in a backwards compatible way, it's just that modern JavaScript has moved on from the oft-abused popup. You can do seriously great things with animation and UI with modern tools like jQuery. I wrote a Javascript shopping basket the other day and it's a joy to use as you click add and it's instant, no waiting for a new page from the server when BT are throttling you're internet conenction down to nothing because you watched 3 programs on iPlayer and BT says that's enough.

Why not just run a browser with JavaScript engine sand-boxing that gets regular updates? I've used chrome for ages and never had a JavaScript security issue.

2
5
Silver badge
FAIL

Doubt It

"The figures are especially troubling when you consider that consumers who have chosen to scan their system with BrowserCheck in the first place are likely to be more security-aware than the majority of internet users."

That's a pretty bold assumption there. Most of the security-aware people I know avoid "free" downloadable security scam^Hns like the plague. I'd be more apt to bet that most of the people who have chosen to scan their systems with BrowserCheck are those with low to moderate tech skills who are overwhelmed with the constant stream of updates and still looking for an easy way to get them, hence the desperate download -- and the high unpatched rate.

7
0

You won't feel a thing.

Qualys? Sounds like something you'd need to see a surgeon for.

For Firefox I prefer http://www.mozilla.com/en-US/plugincheck/

1
0
WTF?

Timewarp

"The security shortcomings of Java on browsers has prompted some security experts to begin advising surfers to disable the technology."...

"Experts begin advising"..? Begin??? Experts???

Like, well, c'mon...hasn't this been the general concensus of the educated world since, well, like about 1996?

Methinks these 'experts' missed the train some 15 years ago!

0
0
Happy

Just Use It

Qualys is a quite old name (end of last century), and in my memory reputable and well connected including IBM. Doesn't mean it's safe to use their checker but it's not the same as adding an add-on from an unknown scammer.

Unfortunately many websites fail miserably if you don't allow JavaScript and unless you want to limit your sources of business supplies (and therefore pay extra or get worse) you have to allow it to run. I even use some little JavaScript on my business sites to "enhance" the use with complete failback.

My advice - run the tool. If you don't have enough experience to trust it, you don't have enough experience or knowledge NOT to use it :-) But if you can protect yourself normally, it's a useful extra tool and I thank theregister for linking to it.

0
0
This topic is closed for new posts.