Establishing Digital Trust: Don't Sacrifice Security for Convenience
Keeping browsers up-to-date isn't always as easy as it should be. In addition to the core browsers which are routinely updated, browser plug-ins such as Flash, Java and QuickTime also need to be updated regularly.
Last year, security vendor Qualys launched a single user service called BrowserCheck to help users identify and remediate out of date browser issues. Today, Qualys is expanding that effort with the BrowserCheck Business Edition that offers a dashboard interface that enables an administrator to understand the browser status of multiple users.
"It allows an IT administrator to create an account on BrowserCheck so they can understand the browser status of their group," Wolfgang Kandek, CTO of Qualys told InternetNews.com. "The dashboard shows what operating system and what browser the users are running as well as identifying vulnerabilities."
The way the system works is that the admin first signs up on the Business Edition website to create an account. Users are then sent a unique URL to go and check their browsers with the online Qualys service. The standalone BrowserCheck service in contrast is accessabel via a public website. With the Business edition the detailed information for all users within a group is available only to the IT administrator and is secured by a username/password combination.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The system also includes a browser add-on that users can install which provides additional system visibility to the BrowserCheck system. As is the case with the single user version, the Business Edition of BrowserCheck will be a free service.
"Right now we think there is more value if we make it available to everyone for free," Kandek said. "We believe that that are many companies that will benefit from the service that would not be able to pay for it."
That said, Kandek noted that an enterprise grade offering could be available in the future that would be a paid service. The enterprise service would be something that provides additional features determined by demand and requirements.
The need to keep browsers and plug-in updated was highlighted in a study released by Qualys earlier this year at the RSA conference. The study looked at trends derived from over 200,000 browser visits to the Qualys BrowserCheck service between July of 2010 and January of 2011.
According to Qualys' February data, 42 percent of users were running vulnerable out of date Java plug-ins. Adobe's Reader was in second at 32 percent, followed by Apple QuickTime at 25 percent. Adobe Flash came in fourth at 24 percent.