The Web browser is probably the most-used application on most PCs and mobile devices. I’d say that email might get used more, but people are increasingly using Web-based email services like Google’s Gmail or Microsoft’s Outlook.com, so the browser is still the primary tool even for that. The fact that the browser is fairly ubiquitous, and so widely used makes it a prime target for cyber attacks, so businesses and consumers need to take extra steps to make sure the browser–and any plug-ins or add-ons used–are patched and up to date. Qualys BrowserCheck is a free tool that can help people keep their software up to date and minimize the risk.
Most cyber criminals are lazy. They’re not motivated enough to find their own vulnerabilities, so they wait for a vendor like Microsoft or Adobe to release a patch, and then reverse-engineer it to work backwards and figure out what the flaw is so they can exploit it. Most cyber criminals are also opportunistic. If they’re going to bother to invest time and effort crafting and deploying an exploit, they want it to be something with a relatively large pool of possible target systems so that the chances of success are greater.
An exploit that targets Windows PCs has a much larger pool of potential targets than one that targets Mac OS X systems, so attackers tend to focus more on Windows exploits. When it comes to the browser, Internet Explorer has the most market share–with more than Firefox, Chrome, Safari, and all other browsers combined–so it has the biggest bullseye painted on its back. But, there are different versions of IE out there, so the pool of targets is fragmented depending on the exploit.
Attackers have realized, though, that there are lower hanging fruit–like Java or Adobe Flash–that are used across different operating system and browser platforms, which often contain critical vulnerabilities. More importantly, attackers know that these third-party add-ons and plug-ins are frequently forgotten and neglected even by businesses and users who try to keep their systems patched and up to date.
The problem is that there are so many things to keep track of, and so many new vulnerabilities and exploits to monitor, that most businesses and users simply can’t keep up…at least, not without a tool to help out. Qualys has such a tool, and they asked me to take a look at it. I spent some time working with Qualys BrowserCheck, and wrote a white paper about the tool.
Click this link to view my report (it’s a PDF file) and learn more about this free tool from Qualys: Keep your PCs safe while surfing the Web.
Full disclosure: Qualys is a sponsor of TechSpective.