Browser

Five tips for testing Web browser security

Drive-by downloads have made Web browsers the malware-delivery vehicle of choice. Here are five test sites that will help keep malware in check.

Like any other piece of software, Web browser code can and does contain vulnerabilities. Cybercriminals like vulnerabilities. They're the soft underbelly of any application.

I know five Web sites that are committed to keeping browsers free of vulnerabilities. These Web sites evaluate browsers for weaknesses and determine how freely private information is to be had. On top of that, all but one offer advice on how to make the tested Web browser secure.

Why five, you may ask. Well, I agree there is some overlap. But I found that each site manages to give a slightly different picture. I'll introduce them and let you pick your favorite/s.

1: Browserscope

When arriving at the Browserscope Web site, the first thing you see is test results comparing many aspects of the major Web browsers. Since this post is about Web-browser security, I'd like to focus on the Security tab. As can be expected, there are many tests in just that tab. This link explains their inner-workings.

The site also allows you to check out your active Web browser. Browserscope then adds it to the list, as shown in Figure A.

Figure A

2: BrowserSPY.dk

Last year, I wrote an article about Panopticlick. Afterward, I came across a similar Web site called BrowserSPY.dk (Figure B). It performs the same checks, plus an additional 64 tests. Sadly, BrowserSPY does not offer fixes. But it does a credible job of explaining how much information is free for the taking when visiting a Web site.

Figure B

3: PC Flank

The PC Flank Web site incorporates several tests that look at overall computer security as viewed from the Internet. The checks include Stealth Test, Advanced Port Scanner Test, Trojans Test, Exploits Test, and Browser Test. Once more, I want to focus on testing the Web browser. PC Flank tries to determine whether the Web browser gives up any personal information, location details, or specifics about your ISP.

The results in Figure C show what's going on with my Web browser. Cookies are allowed to be saved and referrer information is available to the Web sites I visit.

Figure C

4: Qualys BrowserCheck

If you don't mind, Qualys BrowserCheck needs to install a plug-in. That's how it looks for weaknesses in the Web browser, associated extensions, and ancillary applications. Checking aftermarket add-ons may seem like overkill, but it's not. Attackers are finding vulnerable TPV code an easy way to gain access. In Figure D, you can see that I need get busy and fix a few things.

Figure D

5: Scanit Browser Security Check

As a company, Scanit does all sorts of security testing, from penetration tests to making sure Web applications are secure. It also offers an online Web browser security test that looks for 19 vulnerabilities.

It seems the company is serious, as parlayed by the warning "Careful! This test will try to crash your browser!" Can't scare me; I have image ISOs. So I bravely proceeded. Fortunately, my Web browser survived (Figure E).

Figure E

Final thoughts

Now days, we have to be careful about who and what we trust. With that in mind, I wanted to get expert opinion on what Web browser tests can be trusted. These five surfaced as the best picks. If you have another favorite, I'd sure like to know about it.


Check out Five Tips... the newsletter

Get a concise roundup of solutions and techniques that will make your IT job go more smoothly. TechRepublic's Five Tips newsletter, delivered every Tuesday, gives you instant access to the information you need. Automatically sign up today.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

11 comments
lesaus1
lesaus1

Clicking your link, I got a 404 "Not Found" so I tracked down Scanit, searched for "browser test" and got... Browser Security Test Is Gone Sorry, we no longer provide Browser Security Test. We haven't updated Browser Security Test for a very long time, so it does not detect the newer browser vulnerabilities. We feel that it may give people using it a false sense of security. We don't have the resources to keep Browser Security Test up to date, so we decided to discontinue it. Regards, bcheck@scanit.be

Bebzcicle
Bebzcicle

what is best tester among theses 5? im a student conducted a study in Browser Security Test: An Assessment on the security strength of Internet Explorer, Firefox, and Google Chrome. plz suggest!

Jaqui
Jaqui

Browserscope gave some odd results. using Konqeror 4.1 browser. it failed absolutely every test. yet the needed scripting language to run the tests [ javascript ] was completely disabled. :D hmm, tests failing to load and run means the browser fails the tests? I would say it passed them by NOT handing over the information. :D

pgit
pgit

That browserscope is very comprehensive. I hadn't heard of it, thanks for the great tip! I'd used PCFlank as the primary go-to if I wanted to run a quick yet pertinent test, but I've changed that bookmark to point to browserscope instead. (quick access on the bookmarks toolbar) BTW I suppose it should have been no surprise, reading your columns and several like it, that chrome tested far more secure in default configuration than did firefox. I just can't get over the hump and make the switch. Maybe playing around with these tools you've assembled will finally get me off the dime. =)

wizard57m-cnet
wizard57m-cnet

this article is coming up on 2 years old, and the way the internet changes on almost a daily basis, I would be surprised if half the links still worked.

Michael Kassner
Michael Kassner

Kind of an ironic situation. JS has to be enabled to run the tests. Yet, if it's not it fails, but does it.

pgit
pgit

With Firefox (on Linux) and noscript the tests on browserscope wouldn't get started, it didn't show any results yet, good or bad.

Michael Kassner
Michael Kassner

I like that one as well. But, check all of them if I have a concern.

Jaqui
Jaqui

I hit reload and it threw up that konq had failed every test. :D

Editor's Picks