Finally, at long last, there is an easy way to check to see if your Internet browser is up-to-date or contains any security vulnerabilities.  A new browser plug-in from Qualys scans your browser for the current version of the software, along with any plug-ins that use the browser.  Simply navigate to the Browser check page, download the plug-in and then click the Scan button.  The scan then checks to see if you are running the latest updates for 3rd party software like Java Runtime, Adobe Flash Player, Apple Quicktime, Microsoft Silverlight, and others.  If one’s out of date, it tells you:

image

Running the latest version of the software is important to keeping your system secure.  It’s not fool proof because there will always be zero-day vulnerabilities discovered, but in general, older versions are more prone to compromise.  Microsoft has a list of malware infections by OS (this comes from SIR v9):

image

image

I don’t have statistics on the exploited vulnerabilities on 3rd party products, but you can observe the general trend that the older the OS, the vulnerabilities that are discovered and fixed.

From time to time in our corporate environment, I get email notifications saying that certain components are out of date (usually Java or some Adobe product).  It’s nice to get those because it tells me that I am out of date.  The software itself doesn’t make it easy to tell when it is out of date other than when I reboot, it tells me that there is an update available (for Adobe something-or-other, this happens every time I reboot).  Firefox does the same thing, and so does Internet Explorer.  Microsoft has the Windows Update service to keep users up-to-date with the most important fixes.

Having one for browsers is great because it makes it easy.  It’d be nice if the maintainers of Opera, Chrome, Firefox and Internet Explorer integrated this right into the browser itself.  It could run as a background service every once in a while and when something was out of date, perhaps open up a new tab or do something to notify the user.

The reality is that most users aren’t savvy enough to take action unless the software makes it easy.  While they do have vague ideas that malware is bad, they don’t necessarily know what to do about it.  Anything that makes it easier (and not clunky to execute the upgrade) is a step in the right direction.