Skip navigation

This is an archived version of the document. The current version can be viewed here.

Currently Being Moderated

BrowserCheck FAQ

Created by bharfoush on Aug 18, 2010 2:49 PM - Last modified by agentQ on Sep 25, 2011 9:16 PM

About Qualys BrowserCheck

 

Qualys BrowserCheck is a cross-platform and cross-browser SaaS service that scans the user's browser looking for vulnerabilities in the browser itself and its plug-ins. This tool will also help you fix the security issues discovered by the scan.

 

Qualys BrowserCheck Business Edition is a version of BrowserCheck that allows an IT/network admin to create an account in BrowserCheck and to access a view of the browsers and plugins being used in their networks, with detailed data on vulnerabilities on the user level.

 

The threat of browser-based data breaches is growing. The number of vulnerabilities in browser plugins is on the rise. Now is the time to be proactive about the security of your web browser.

 

 

 

Frequently Asked Questions (FAQ)

 

Why is my browser insecure?

 

Your browser could be considered insecure for multiple reasons. Your browser installation could contain a software issue that makes it vulnerable to malicious activity. You could also be running an outdated version of the browser or its plugins.

 

Why do I need to install the BrowserCheck Plug-in to scan?

 

Plugin based scan provides more details and accurate results than using a non-plugin based scan. Please note that plugin based scan is available only for IE, Firefox and Chrome on Windows platform.

  • It shows complete location of the checked file in the details
  • It can read the complete version of the installed plugins to determine the status more accurately.
  • It can also determine security status based on the version of associated files and not just the plugin file. One such example is Foxit Reader.
  • It can also perform OS based dependent checks such as Service Pack information in determining the security status of some plugins such as Windows Media Player.
  • It can do more comprehensive checks such as Firewall, OS security updates, Anti-Virus, Disk encryption.

 

Please note that Qualys BrowserCheck Plugin does NOT use or track your personal information and browser history. Please read Service User Agreement for more details.

 

What is the next step after a scan?

 

Scanning your browser with Qualys BrowserCheck is the first step towards securing your browser. The next step is to review the browser scan results and follow the recommended actions to get software updates and resolve security issues. When you're done making updates, click the Re-Scan button to scan your browser again and verify that your browser and its plugins are current and secure.

 

What do the different status levels in the Qualys BrowserCheck results mean?

 

Each item in your Qualys BrowserCheck results has a status assigned to it. Click on the status to expand details in your results to see specific version information. The following status levels may appear in your results:

 

  • Up To Date (green) - Indicates that the installed version is the latest. There are no updates available from the vendor.
  • OK (green) - Indicates that the reported item has passed the recommended security settings.
  • Update Available (orange) - Indicates that the installed version is not the latest. A newer version is available from the vendor. Click on the status button to see the details and a link to install the update.
  • Insecure Version (red) - Indicates that the installed version is insecure and should be updated immediately. Use the Fix It button to go to the vendor's website to get the latest version and fix the security issue.
  • Insecure (red) - Indicates that the reported item has not met the recommended security settings criteria.
  • Obsolete (red) - Indicates that the installed version is no longer supported by the vendor. Use the Fix It button to go to the vendor's website to get a version that is supported.
  • Support Retiring (orange) - Indicates that the version of the installed operating system is retiring soon. After the retiring date, the vendor will no longer provide support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
  • Support Retired (red) - Indicates that the version of the installed operating system is currently retired. The vendor is no longer providing support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
  • Potential Threat (orange) - Indicates that current browser does not provide enough information to confirm the file version installed and suggests to make sure that you are running the latest version.
  • Warning (orange) - Indicates that it needs to be reviewed and appropriate action should be taken.
  • Pre-release (light blue) - Indicates that the current items is a beta, alpha or a dev version.
  • Unknown (gray) - Indicates that the security status of the plugin is unknown.
  • Disabled (gray) - Indicates that the plugin is either disabled in the browser or not enabled/installed for the current browser.

 

Why should I re-scan?

 

Once you've updated your browser and resolved security issues, you should re-scan your browser to verify that all security issues have been fixed and that your browser and its plugins are current. Click the Re-Scan button above your browser scan results to start a new scan.

 

What items are detected by Qualys BrowserCheck?

 

The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons (32-bit) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions. These items are detected:

 

 


WindowsMacLinuxiOS
OS support expirationX*


OS Auto Update, Auto Install ChecksX*


OS security updatesX*~X
X
Firewall checkX*


Anti-Virus checkX*


Disk Encryption checkX*


Web Browser used to scanXXX
Adobe Flash PlayerXXX
Adobe Reader 5.x and aboveXXX
Adobe Shockwave PlayerXX

Apple QuicktimeXX

BEA JRockitXXX
DivX Web PlayerXX

Foxit ReaderX*


Flip4Mac Windows Media plugin
X

Microsoft SilverlightXX

Microsoft Windows Media PlayerX*


Novell Moonlight

X
Real PlayerX


Java RuntimeXXX
Totem Media Player

X
VLC Media PlayerXXX
Yahoo! BrowserPlusXX

Windows Presentation Foundation plug-inX*


 

*  Available only with BrowserCheck Plugin in IE, Chrome and Firefox on Windows.

~ Currently this feature is available only for Windows Vista SP2 and Windows 7. Please note that the Last update date mentioned in the details refers to the date when windows auto update client has successfully installed the updates.

 

How do I fix a security issue?

 

Review the Qualys BrowserCheck results for important information about your browser and its plugins. For any item that is insecure or out of date, a Fix It button appears. Simply click the Fix It button to launch the update installer or to be directed to the website where you can download the latest update to fix your security issue.

 

Alternatively, plugins can be disabled so that they would not be loaded by the browser. Please note that disabling plugins will remove some functionality. For example, if you disable Flash, you will not be able to watch videos on YouTube. For more information, please refer to corresponding browser's help documentation on how to disable plugins.

 

IE - Tools -> Manage Add-ons

Chrome - Open a new tab and enter about:plugins in the address bar

Firefox - Tools -> Add-ons ->Plugins

 

Why is the Fix It button grayed out?

 

The Fix It button appears grayed out when the item displayed in the results has one or more known vulnerabilities and there is no patch or security update available from the vendor (Zero-day).

 

 

Do I have to re-visit the site to scan again?

 

Yes. The Qualys BrowserCheck Plug-In works only in its web page. It does not get loaded any other time and does not work in the background. Please visit https://browsercheck.qualys.com to scan again even if you have the Qualys BrowserCheck Plug-In installed.

 

 

Why my latest Flash is shown as Potential Threat?

 

The version prior to Flash 10.3.181.26 has critical vulnerabilitie(s). As mentioned in the details of that item in the scan results, the browser you are using does not provide complete information to verify the version. All the browsers other than Firefox provides only the first 3 parts of the version i.e. 10.3.181.

So, BrowserCheck is showing a warning (Potential) to make sure that you are using the latest. If you already have the latest, you can ignore this warning. Please note that Firefox provides complete version information available to Javascript.

 

 

I'm running Mac OS X Snow Leopard with QuickTime X (10.x). Why do my BrowserCheck results show QuickTime version 7.x?

 

Web browsers use the QuickTime plugin to play content within web pages. Even though Mac OS X Snow Leopard comes with QuickTime X (10.x) client software installed the browser still uses QuickTime plugin 7.x, which is why this version is reported in your results.

 

 

I'm running Mac OS X Snow Leopard with QuickTime plugin 7.6.6. Why do my BrowserCheck results show QuickTime version 7.6.3 as the installed plugin in Firefox?

 

This may happen due to a refresh related issue in Firefox. This can be corrected by using the following steps:
1) Quit Firefox and all other open browsers.
2) Move the QuickTime plugin from "/Library/Internet Plug-Ins/QuickTime Plugin.plugin" to someplace else temporarily (e.g. the desktop).
3) Open Firefox. From the Tools menu, select Add-ons and click on the Plugins tab to verify that QuickTime doesn't show up in the list anymore. Then quit Firefox.
4) Drag the QuickTime plugin back into "/Library/Internet Plug-Ins/" and then open Firefox again.

 

I made updates to my Safari browser plugins on Mac but I don't see the updates when I re-scan the browser. Why?

 

The Safari browser must be restarted after installing updates to your plugins. Please 'Quit' and restart the browser before you start another scan in order to see the updates in your results.

 

 

Why do my BrowserCheck results show only one browser instead of all browsers installed on my system?

 

The BrowserCheck results reported in the browser window are for that particular browser and its plugins only. Results for other browsers are not reported in the same window. You must scan each browser on your system separately.

 

 

Why do I see "Insecure Version" for Mozilla Firefox when I have the latest version installed?

 

The version information for your Mozilla Firefox browser may have been changed by your installed plugins. You can reset the version information by using the link below. Then re-scan your browser and check the status again in the BrowserCheck results.

http://kb.mozillazine.org/Resetting_your_useragent_string_to_its_compiled-in_default

 

 

Why am I asked to install the Qualys BrowserCheck Plug-in when it is already installed?

 

You are prompted to install the Qualys BrowserCheck Plugin anytime a newer version of the plugin is available. You must have the latest version of the plugin installed to run a scan.

 

 

Why is my Firewall not detected correctly in Vista on IE browser?

 

Due to the additional security provided in Windows Vista with IE protected mode, BrowserCheck tool is blocked from detecting the Firewall correctly. Please add https://browsercheck.qualys.com as a Trusted Site in IE to let the BrowserCheck work properly. Tools->Internet Options->Seurity->Trusted Sites->Sites.

 

 

How do I uninstall the Qualys BrowserCheck Plug-in?

 

The Qualys BrowserCheck tool is a browser add-on for IE, Firefox and Chrome on Windows. To uninstall it, follow the add-on removal steps for your specific browser. Make sure you close the Qualys BrowserCheck window before removing the add-on.

 

Internet Explorer: From the Internet Explorer browser, go to the Manage Add-ons page from the Tools menu. Use the Show menu to display the Qualys BrowserCheck add-on. In IE 7, select the add-on and click Delete. In IE 8, select the add-on, click the More Information link, and then click Remove in the pop-up that appears.

 

Mozilla Firefox: From the Firefox browser, click on the Tools menu and select Add-ons. Select Extensions. Select the Qualys BrowserCheck add-on and click the Uninstall button. When prompted, click Uninstall to confirm.

 

Google Chrome: From the Chrome browser, click on the wrench icon to view the Tools menu and select Extensions. Select the Uninstall link next to the Qualys BrowserCheck add-on. When prompted, click Uninstall to confirm.

 

Please note that there is no BrowserCheck plugin to uninstall on Mac and Linux.

 

What browsers are supported by Qualys BrowserCheck?

 

Operating System
Internet Explorer**
FirefoxChromeSafariOperaCamino

98763+4+34+9.5+2
Windows 7XX--XXXXX-
Windows Server 2008 R2-X--XXXXX-
Windows Server 2008-XX-XXXXX-
Windows VistaXXX-XXXXX-
Windows Server 2003-XXXXXXXX-
Windows XP SP1, SP2, SP3-XXXXXXXX-
Windows 2000 SP4---XX-X-X-
Mac OS X and above----XXXXXX
Linux----XX

X

 

In addition to the above this tool is also available for Android, iPhone, iPad, Maxthon, SeaMonkey, Arora, Fennec, Minefield, Flock, Rockmelt, SR Iron, Dolphin, Sleipnir, Lunascape, Orca, K-meleon browsers.

 

** On 64-bit Windows, only 32-bit version of the Internet Explorer is supported and 64-bit version is not supported.

Bookmarked By (5)

More Like This

  • Retrieving data ...

More by bharfoush