Search This Blog

Friday, 16 November 2012

Beyond antivirus software: Eclectic PC security tools for system-wide audits



Welcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012.
Antivirus software is crucial for combating viruses, malware, and hackers, but simply installing an antivirus program is rarely enough. You should also use strong passwords; keep your system, applications, and browser plug-ins up-to-date; and make sure your firewall is doing its job by blocking all intrusions. Following these extra safeguards can reduce the chances of your PC becoming a Petri dish full of digital contagions.
Luckily, a number of tools and services can simplify all the extra security precautions that modern PCs require. They go above and beyond what's offered in antivirus suites, performing security audits of vulnerabilities that the big-name software packages miss. Here are five to check out.

Qualys BrowserCheck

An outdated browser or plug-in can serve as a security hole for hackers and malware authors to exploit, so you’ll want to keep your web software up-to-date. Qualys BrowserCheck is a free service that scans your Web browser to determine if you’re running outdated or insecure versions of some popular plug-ins or add-ons, including Adobe Reader, Adobe Flash, Java, and Windows Media Player.
You can run a quick scan from your browser in Windows, Mac, or Linux. You don't even have to download any software—Qualys runs completely within your browser. Supported browsers include Internet Explorer (IE), Mozilla Firefox, Google Chrome, Safari, Opera, and Camino. Once Qualys BrowserCheck completes its scan, it lists which plug-ins it scanned, and indicates whether you’re running insecure versions of any of your plug-ins, and if any updates are available. The scan also provides links to where you can download the newest plug-in version, so you don’t have to hunt around for it.
Sample results from a quick Qualys scan. Look at that: The Java plugin needs an update.
Alternatively, you can run a full scan after downloading and installing the Qualys BrowserCheck plug-in, which supports IE, Firefox, and Chrome on Windows—there's no Mac or Linux support for the full scan. This full scan can check all supported browsers you have installed, not just the browser you used to run the scan. And the full scan can also detect other system vulnerabilities as well, such as no automatic Windows Updates or Windows Firewall running, or out-of-date or disabled antivirus software.
Sample results from a full scan in Chrome after downloading the plug-in.
Once Qualys BrowserCheck finishes doing its thing, you’ll see a list of scanned plug-ins for your current browser, and icons to view the results for each of your other browsers. And if you choose to do system checks, you'll see a tab showing its results as well.

Secunia Personal Software Inspector (PSI)

Secunia Personal Software Inspector (PSI) is a free program that scans your PC for security vulnerabilities, like missing updates that hackers and malware authors can exploit to infect or hack into your PC. If PSI finds a vulnerability, it will try to automatically download and install any relevant updates. Otherwise, it helps you manually fix the issue.
After you download and install Secunia PSI, it will scan your system and notify you via its system tray icon if other programs require a manual update. You can open the program to find your Secunia System Score, a list of any programs that need to be updated, and a list of any software that it found to be up-to-date.
If your Secunia System Score is below 100 percent, you’ll find icons for the vulnerable programs, which you can click on to resolve the issue.

Password Security Scanner

Password Security Scanner is a free utility that scans for passwords stored by Windows applications and Web browsers, and tells you how strong they are. This gives you a chance to identify weak passwords, and change them to something more secure. Although you can’t see the actual passwords, you can see the username and which site or service they belong to.
The Password Security Scanner runs on Windows, and it will scan passwords stored by Internet Explorer, Mozilla Firefox, Microsoft Outlook, Windows Live Mail, and MSN/Windows Messenger, as well as your dial-up and VPN passwords.
Sample list of passwords and details about their strength.
After you download and install the utility, it will automatically scan and display additional details about your passwords, including their length, the types of characters used, and overall password strength. If you need help building better passwords, have a look at Alex Wawro’s primer on the topic.

ShieldsUp

ShieldsUp is a free, Web-based port scanner that tests your Internet connection for possible security holes, such as incorrect firewall settings. Although the testing regimen and reporting  might be a bit over the head of average computer users, the ShieldsUP site provides a wealth of background information about firewalls and port scanning.
ShieldsUp lets you scan a few different port ranges, including File Sharing ports (to make sure you’re not offering direct access to your files) and Common Ports (to check the most commonly used ones). It also lets you check all ports via the All Service Ports scan option. In addition, you can tell it to scan a specific port or range of ports. Additionally, you can evaluate your web browser headers for privacy and tracking issues, and test to see if your PC is susceptible to spam via the Windows Messenger Service, a messaging system built into Windows.
The results for the File Sharing tests are presented via a text description.
The results for the All Services tests are presented in graphical form.
If results show open ports, you can investigate the firewall settings of your router or PC and try to close or secure them.

Belarc Advisor

Belarc Advisor is free for personal use, and scans your PC’s hardware, network connections, software, antivirus status, Windows Updates, and Windows security policies for insecure settings and other security vulnerabilities. It generates a report in HTML that you can view in your browser. This report provides details on the scanned items and any detected issues, along with links on how to fix them, but it doesn’t automatically fix them for you. Also, the information it reveals is geared more for techies and IT professionals than average home users.
Sample of the HTML report created by Belarc Advisor.
In the beginning of the report, the service shows your overall security status via three scores: Security Benchmark Score, Virus Protection, and Microsoft Security Updates. Click on any of these to see more details.
By scrolling through the report, you’ll discover details on your hardware specs, user accounts, peripherals, and networking. You’ll also find a list of installed software versions, licenses, usage, and a report on missing or insecure Windows Hotfixes

No comments: