New BrowserCheck: Plug-ins vs Javascript and Mobile Support

A number of tech-savvy BrowserCheck users have asked whether we see the irony in the fact that Qualys BrowserCheck requires a plug-in to check on the security status of plug-ins. That’s a good point, especially for anyone familiar with the Java plug-in and the number of vulnerabilities it introduces to your computer.

However, we believe it is worth having one extra plug-in to gain accurate information and help secure your browser, since out-of-date plug-ins are the most likely entry points for hackers. Our statistics have shown that 4 in 5 surfers are open to browser exploits from flaws that have patches available, so are already fixed.

Nevertheless, BrowserCheck now has a solution for plug-in averse users – it offers Quickscan, which uses JavaScript instead of a plug-in to inspect the state of your browser and plug-ins. Quickscan inspects all of the plug-ins, but doesn’t provide comprehensive information such as plug-in file location and complete plug-in version.  See items marked “BrowserCheck Plug-in” in the BrowserCheck FAQ for more details.

On Windows machines running Chrome and Firefox, BrowserCheck can be run with both the plug-in and using QuickScan. Under Internet Explorer, only the BrowserCheck ActiveX Plug-in is available at this time, because browser inspection is much more accurate via ActiveX.

Support for More Browsers and Android

The other advantage of Quickscan is that the JavaScript scanning mechanism ports easily to other browsers. That means Qualys can now offer BrowserCheck Quickscan on a lot more platforms: Maxthon, SeaMonkey, Arora, Fennec, Minefield, Flock, Rockmelt, SR Iron, Dolphin, Sleipnir, Lunascape, Orca, and K-meleon browsers.

JavaScript also ports to mobile devices: BrowserCheck is now available on Android, so you now have a tool to help you browse the Web more securely from your Android device.

BrowserCheck lets you know which plug-ins are out of date or at end of life, have vulnerabilities even in the latest versions (0-day), or are beta versions, even if you are not using them. With the new platform and JavaScript support, this service is now available to a wider number of Internet users.

Many thanks to the BrowserCheck dev team for their efforts in getting the tool to that level and keeping it updated with the latest threats. I constantly get comments on how useful the BrowserCheck is for beginners and experts alike.