Qualys BrowserCheck is a cross-platform and cross-browser SaaS service that scans the user's browser looking for vulnerabilities in the browser itself and its plug-ins. This tool will also help you fix the security issues discovered by the scan.
Qualys BrowserCheck Business Edition is a version of BrowserCheck that allows an IT/network admin to create an account in BrowserCheck and to access a view of the browsers and plugins being used in their networks, with detailed data on vulnerabilities on the user level.
Your browser could be considered insecure for multiple reasons. Your browser installation could contain a software issue that makes it vulnerable to malicious activity. You could also be running an outdated version of the browser or its plugins.
Plugin based scan provides more details and accurate results than using a non-plugin based scan. Please note that plugin based scan is available only for IE, Firefox and Chrome on Windows platform.
- It shows complete location of the checked file in the details
- It can read the complete version of the installed plugins to determine the status more accurately.
- It can also determine security status based on the version of associated files and not just the plugin file. One such example is Foxit Reader.
- It can also perform OS based dependent checks such as Service Pack information in determining the security status of some plugins such as Windows Media Player.
- It can do more comprehensive checks such as Firewall, OS security updates, Anti-Virus, Disk encryption.
Please note that Qualys BrowserCheck Plugin does NOT use or track your personal information and browser history. Please read Service User Agreement for more details.
Scanning your browser with Qualys BrowserCheck is the first step towards securing your browser. The next step is to review the browser scan results and follow the recommended actions to get software updates and resolve security issues. When you're done making updates, click the Re-Scan button to scan your browser again and verify that your browser and its plugins are current and secure.
Each item in your Qualys BrowserCheck results has a status assigned to it. Click on the status to expand details in your results to see specific version information. The following status levels may appear in your results:
- Up To Date (green) - Indicates that the installed version is the latest. There are no updates available from the vendor.
- OK (green) - Indicates that the reported item has passed the recommended security settings.
- Update Available (orange) - Indicates that the installed version is not the latest. A newer version is available from the vendor. Click on the status button to see the details and a link to install the update.
- Insecure Version (red) - Indicates that the installed version is insecure and should be updated immediately. Use the Fix It button to go to the vendor's website to get the latest version and fix the security issue.
- Insecure (red) - Indicates that the reported item has not met the recommended security settings criteria.
- Obsolete (red) - Indicates that the installed version is no longer supported by the vendor. Use the Fix It button to go to the vendor's website to get a version that is supported.
- Support Retiring (orange) - Indicates that the version of the installed operating system is retiring soon. After the retiring date, the vendor will no longer provide support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
- Support Retired (red) - Indicates that the version of the installed operating system is currently retired. The vendor is no longer providing support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
- Potential Threat (orange) - Indicates that current browser does not provide enough information to confirm the file version installed and suggests to make sure that you are running the latest version.
- Warning (orange) - Indicates that it needs to be reviewed and appropriate action should be taken.
- Pre-release (light blue) - Indicates that the current items is a beta, alpha or a dev version.
- Unknown (gray) - Indicates that the security status of the plugin is unknown.
- Disabled (gray) - Indicates that the plugin is either disabled in the browser or not enabled/installed for the current browser.
Once you've updated your browser and resolved security issues, you should re-scan your browser to verify that all security issues have been fixed and that your browser and its plugins are current. Click the Re-Scan button above your browser scan results to start a new scan.
The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons (32-bit) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions. These items are detected:
|OS support expiration||X*|
|OS Auto Update, Auto Install Checks||X*|
|OS security updates||X*~||X||X|
|Disk Encryption check||X*|
|Web Browser used to scan||X||X||X|
|Adobe Flash Player||X||X||X|
|Adobe Reader 5.x and above||X||X||X|
|Adobe Shockwave Player||X||X|
|DivX Web Player||X||X|
|Flip4Mac Windows Media plugin||X|
|Microsoft Windows Media Player||X*|
|Totem Media Player||X|
|VLC Media Player||X||X||X|
|Windows Presentation Foundation plug-in||X*|
* Available only with BrowserCheck Plugin in IE, Chrome and Firefox on Windows.
~ Currently this feature is available only for Windows Vista SP2 and Windows 7. Please note that the Last update date mentioned in the details refers to the date when windows auto update client has successfully installed the updates.
Review the Qualys BrowserCheck results for important information about your browser and its plugins. For any item that is insecure or out of date, a Fix It button appears. Simply click the Fix It button to launch the update installer or to be directed to the website where you can download the latest update to fix your security issue.
Alternatively, plugins can be disabled so that they would not be loaded by the browser. Please note that disabling plugins will remove some functionality. For example, if you disable Flash, you will not be able to watch videos on YouTube. For more information, please refer to corresponding browser's help documentation on how to disable plugins.
IE - Tools -> Manage Add-ons
Chrome - Open a new tab and enter about:plugins in the address bar
Firefox - Tools -> Add-ons ->Plugins
The Fix It button appears grayed out when the item displayed in the results has one or more known vulnerabilities and there is no patch or security update available from the vendor (Zero-day).
Yes. The Qualys BrowserCheck Plug-In works only in its web page. It does not get loaded any other time and does not work in the background. Please visit https://browsercheck.qualys.com to scan again even if you have the Qualys BrowserCheck Plug-In installed.
The version prior to Flash 10.3.181.26 has critical vulnerabilitie(s). As mentioned in the details of that item in the scan results, the browser you are using does not provide complete information to verify the version. All the browsers other than Firefox provides only the first 3 parts of the version i.e. 10.3.181.
I'm running Mac OS X Snow Leopard with QuickTime X (10.x). Why do my BrowserCheck results show QuickTime version 7.x?
Web browsers use the QuickTime plugin to play content within web pages. Even though Mac OS X Snow Leopard comes with QuickTime X (10.x) client software installed the browser still uses QuickTime plugin 7.x, which is why this version is reported in your results.
I'm running Mac OS X Snow Leopard with QuickTime plugin 7.6.6. Why do my BrowserCheck results show QuickTime version 7.6.3 as the installed plugin in Firefox?
This may happen due to a refresh related issue in Firefox. This can be corrected by using the following steps:
1) Quit Firefox and all other open browsers.
2) Move the QuickTime plugin from "/Library/Internet Plug-Ins/QuickTime Plugin.plugin" to someplace else temporarily (e.g. the desktop).
3) Open Firefox. From the Tools menu, select Add-ons and click on the Plugins tab to verify that QuickTime doesn't show up in the list anymore. Then quit Firefox.
4) Drag the QuickTime plugin back into "/Library/Internet Plug-Ins/" and then open Firefox again.
I made updates to my Safari browser plugins on Mac but I don't see the updates when I re-scan the browser. Why?
The Safari browser must be restarted after installing updates to your plugins. Please 'Quit' and restart the browser before you start another scan in order to see the updates in your results.
Why do my BrowserCheck results show only one browser instead of all browsers installed on my system?
The BrowserCheck results reported in the browser window are for that particular browser and its plugins only. Results for other browsers are not reported in the same window. You must scan each browser on your system separately.
The version information for your Mozilla Firefox browser may have been changed by your installed plugins. You can reset the version information by using the link below. Then re-scan your browser and check the status again in the BrowserCheck results.
You are prompted to install the Qualys BrowserCheck Plugin anytime a newer version of the plugin is available. You must have the latest version of the plugin installed to run a scan.
The Qualys BrowserCheck tool is a browser add-on for IE, Firefox and Chrome on Windows. To uninstall it, follow the add-on removal steps for your specific browser. Make sure you close the Qualys BrowserCheck window before removing the add-on.
Internet Explorer: From the Internet Explorer browser, go to the Manage Add-ons page from the Tools menu. Use the Show menu to display the Qualys BrowserCheck add-on. In IE 7, select the add-on and click Delete. In IE 8, select the add-on, click the More Information link, and then click Remove in the pop-up that appears.
Mozilla Firefox: From the Firefox browser, click on the Tools menu and select Add-ons. Select Extensions. Select the Qualys BrowserCheck add-on and click the Uninstall button. When prompted, click Uninstall to confirm.
Google Chrome: From the Chrome browser, click on the wrench icon to view the Tools menu and select Extensions. Select the Uninstall link next to the Qualys BrowserCheck add-on. When prompted, click Uninstall to confirm.
Please note that there is no BrowserCheck plugin to uninstall on Mac and Linux.
|Operating System||Internet Explorer**||Firefox||Chrome||Safari||Opera||Camino|
|Windows Server 2008 R2||-||X||-||-||X||X||X||X||X||-|
|Windows Server 2008||-||X||X||-||X||X||X||X||X||-|
|Windows Server 2003||-||X||X||X||X||X||X||X||X||-|
|Windows XP SP1, SP2, SP3||-||X||X||X||X||X||X||X||X||-|
|Windows 2000 SP4||-||-||-||X||X||-||X||-||X||-|
|Mac OS X and above||-||-||-||-||X||X||X||X||X||X|
In addition to the above this tool is also available for Android, iPhone, iPad, Maxthon, SeaMonkey, Arora, Fennec, Minefield, Flock, Rockmelt, SR Iron, Dolphin, Sleipnir, Lunascape, Orca, K-meleon browsers.
** On 64-bit Windows, only 32-bit version of the Internet Explorer is supported and 64-bit version is not supported.