Qualys BrowserCheck is a cloud service that scans your browsers and plugins to see if they’re all up-to-date. It’s an “online checkup” that relieves you from having to manually chase the constantly-shifting landscape of patches and updates to determine what you should be using. BrowserCheck identifies which browsers and plugins are used on your computer and whether newer versions have been released by vendors. On PCs running Microsoft Windows XP or later and Mac OSX 10.6.8 or later, BrowserCheck can also verify that important OS settings are enabled and OS security updates are being received.
Qualys BrowserCheck Business Edition provides a web-based console from which IT administrators can:
- Set how often users’ machines are scanned (such as daily, weekly, or monthly).
- Get easy instructions for connecting users’ computers to BrowserCheck.
- Continuously track which browsers and plugins are installed on each machine.
- Verify that crucial OS security settings are enabled and that OS security updates are being received.
- View at-a-glance dashboards and drill down into per-machine status.
- Download an MSI file and activation codes that can be automatically pushed to users' computers.
With BrowserCheck, you can quickly see if you computers are keeping current or are falling behind, potentially giving online thieves an opportunity to steal information or break into your corporate network. Tracking whether computers are up-to-date and fixing issues quickly as they arise are widely cited as the first steps in exercising good web “hygiene.” Automating these processes makes businesses more efficient, boosts security and shows compliance auditors that industry best practices are being followed.
- Workaround for Plug-in Installation Error on Firefox 40+
- Why is my browser insecure?
- What does the BrowserCheck Plug-in do?
- What is the next step after a scan?
- Can BrowserCheck scan my computer for me automatically?
- What do the different status levels in the Qualys BrowserCheck results mean?
- Why should I re-scan?
- What items are detected by Qualys BrowserCheck?
- How do I fix a security issue?
- What are Scan Types?
- Why do I need to add BrowserCheck to my Trusted Sites in IE?
- Why is the Fix It button grayed out?
- Do I have to re-visit the site to scan again?
- Why do my BrowserCheck results show only one browser instead of all browsers installed on my system?
- Why am I asked to install the Qualys BrowserCheck Plug-in when it is already installed?
- How do I update Qualys BrowserCheck Plug-in in Chrome on a Mac?
- How do I uninstall the Qualys BrowserCheck Plug-in?
- What browsers are supported by Qualys BrowserCheck?
- Can I centrally manage BrowserCheck across my machines?
- How do I start the management console?
- Can I prevent users from seeing the results of scans?
- How do I monitor machines in BrowserCheck Business Edition?
- How do the Scan Options in BrowserCheck Business Edition relate to Basic/Intermediate/Advanced ones end users see?
- I'm running Mac OS X. Why do my BrowserCheck results show incorrect Java version on Firefox?
- I'm running Mac OS X Snow Leopard with QuickTime plugin 7.6.6. Why do my BrowserCheck results show QuickTime version 7.6.3 as the installed plugin in Firefox?
- I made updates to my Safari browser plugins on Mac but I don't see the updates when I re-scan the browser. Why?
- Why do I see "Insecure Version" for Mozilla Firefox when I have the latest version installed?
- Why is my Firewall not detected correctly in Vista on IE browser?
- Can I use the BrowserCheck plugin on Chrome on Mac OS?
Browsers are very complicated pieces of software. Any single flaw has the potential to be abused by hackers and thieves to break into your computer. Plugins, which are pieces of software that add new capabilities into the browser, can also provide opportunities for malicious code to get in. Vendors of browsers and plugins are continuously finding and fixing such problems. However, this means that you have to constantly be updating your browser and plugins to make sure that you aren’t leaving your machine open to attack.
The BrowserCheck plugin enables BrowserCheck to scan your computer more thoroughly than is possible in just the browser alone. While many different types of computers and mobile devices can be used with BrowserCheck, the plugin and its advanced scanning currently is available only IE, Firefox and Chrome on PCs running Windows XP or later and Mac OSX 10.6.8 or later:
- It shows complete location of the checked file in the details
- It can read the complete version of the installed plugins to determine the status more accurately.
- It can also determine security status based on the version of associated files and not just the plugin file. One such example is Foxit Reader.
- It can use OS dependent information checks such as which Service Packs are installed to determine the security status of some plugins (such as Windows Media Player).
- It can check to see if important OS settings are enabled, firewalls, OS security updates, anti-virus, and disk encryption.
- It can scan not only the current browser and its plugins, but also all the browsers installed and their plugins (optional in windows).
- It can identify missing Windows Security Updates.
For BrowserCheck Personal Edition, the plugin is optional. Users are asked if they want to install it when they first launch BrowserCheck Personal Edition. The plugin performs additional checks not possible without the plugin as described above, and the plugin is required for automated scans.
For BrowserCheck Business Edition, administrators have the option to either: 1. Email a URL to users, who then have the option to either install the plugin or scan without it, or 2. Push an MSI file, which automatically installs the plugin on users' computers.
Please note that Qualys BrowserCheck Plugin does NOT use or track your personal information and browser history. Please read the Service User Agreement for more details.
Scanning your browser with Qualys BrowserCheck is the first step towards securing your browser. The next step is to review the browser scan results and follow the recommended actions to get software updates and resolve security issues. When you're done making updates, click the Re-Scan button to scan your browser again and verify that your browser and its plugins are current and secure.
Yes, with BrowserCheck Business Edition, IT administrators can set scans to happen silently every day, week or month. This happens without interrupting you (no need to revisit the browsercheck.qualys.com web page). If the scan finds anything out of date, your browser will display a small notification window on your screen. You can click this notice to see the results of the scan and any appropriate "Fix It" buttons. Automatic scans require the plugin.
With BrowserCheck Personal Edition and the plugin installed, users can also enable automatic scans from the user interface.
Each item in your Qualys BrowserCheck results has a status assigned to it. Click on the status to expand details in your results to see specific version information. The following status levels may appear in your results:
- Up To Date (green) - Indicates that the installed version is the latest. There are no updates available from the vendor.
- OK (green) - Indicates that the reported item has passed the recommended security settings.
- Update Available (orange) - Indicates that the installed version is not the latest. A newer version is available from the vendor. Click on the status button to see the details and a link to install the update.
- Insecure Version (red) - Indicates that the installed version is insecure and should be updated immediately. Use the Fix It button to go to the vendor's website to get the latest version and fix the security issue.
- Insecure (red) - Indicates that the reported item has not met the recommended security settings criteria.
- Obsolete (red) - Indicates that the installed version is no longer supported by the vendor. Use the Fix It button to go to the vendor's website to get a version that is supported.
- Support Retiring (orange) - Indicates that the version of the installed operating system is retiring soon. After the retiring date, the vendor will no longer provide support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
- Support Retired (red) - Indicates that the version of the installed operating system is currently retired. The vendor is no longer providing support or security updates for the retired version. Use the Fix It button to go to the vendor's website to get a version of the operating system that is supported.
- Warning/Potential Threat (orange) - Indicates that current browser does not provide enough information to confirm the file version installed and suggests to make sure that you are running the latest version.
- Warning (orange) - Indicates that it needs to be reviewed and appropriate action should be taken.
- Pre-release (light blue) - Indicates that the current items is a beta, alpha or a dev version.
- Unknown (gray) - Indicates that the security status of the plugin is unknown.
- Disabled (gray) - Indicates that the plugin is either disabled in the browser or not enabled/installed for the current browser. This status is not available with 'All Browsers and Plugins' scan option.
Once you've updated your browser and resolved security issues, you should re-scan your browser to verify that all security issues have been fixed and that your browser and its plugins are current. Click the Re-Scan button above your browser scan results to start a new scan.
The Qualys BrowserCheck tool checks your browser as well as browser plugins and add-ons (32-bit) to identify insecure and out-of-date versions that put you at risk. It also checks if your Windows operating system is supported by Microsoft. Microsoft security updates cannot be installed on unsupported operating system versions. These items are detected:
|OS support expiration||X*|
|OS Auto Update, Auto Install Checks||X*|
|OS security updates||X*||X||X|
|Disk Encryption check||X*~|
|Web Browser used to scan||X||X||X|
|Adobe Flash Player||X||X||X|
|Adobe Reader 5.x and above||X||X||X|
|Adobe Shockwave Player||X||X|
|DivX Web Player||X||X|
|Flip4Mac Windows Media plugin||X|
|Microsoft Windows Media Player||X*|
|Totem Media Player||X|
|VLC Media Player||X||X||X|
|Windows Presentation Foundation plug-in||X*|
|Microsoft Apps for Mac||X*|
* Available only with BrowserCheck Plugin in IE, Chrome and Firefox.
~ Currently this feature is available only for Winmagic, Symantec PGPGuard, McAfee Endpoint Encryption and Windows Bitlocker.
In addition to the above mentioned items, BrowserCheck Business Edition detects all the missing security patches from Microsoft.
Review the Qualys BrowserCheck results for important information about your browser and its plugins. For any item that is insecure or out of date, a Fix It button appears. Simply click the Fix It button to launch the update installer or to be directed to the website where you can download the latest update to fix your security issue.
Alternatively, plugins can be disabled so that they would not be loaded by the browser. Please note that disabling plugins will remove some functionality. For example, if you disable Flash, you will not be able to watch videos on YouTube. For more information, please refer to corresponding browser's help documentation on how to disable plugins.
IE - Tools -> Manage Add-ons
Chrome - Open a new tab and enter about:plugins in the address bar
Firefox - Tools -> Add-ons ->Plugins
On PCs running Windows XP or later, BrowserCheck can perform three different types of scans:
- Basic – Just scan the browser that is currently being used and its plugins. This is the default type of scan and the same as what is done on non-Windows platforms that can’t use the BrowserCheck plugin.
- Intermediate – All browsers installed on this PC as well as their associated plugins (even ones that are disabled) are scanned. BrowserCheck also verifies that important OS settings are enabled, such as anti-virus, firewall, Windows Update and DNS-changer malware.
- Advanced – In addition to the above, BrowserCheck looks for any missing Microsoft Windows security updates. This check may take several minutes.
Recent versions of IE attempt to limit what plugins can do to prevent malicious or compromised plugins from having free reign over the computer. The Intermediate and Advanced BrowserCheck scans require special permission to access the information that they gather. IE grants this permission to web sites that are added to IE’s Trusted Sites list on the computer. This can be done in two ways:
- By the user – go into the Tools menu in IE (the gear icon in the upper-right corner) and click on Internet options. Click on the Security tab and on the green arrow marked “Trusted sites”. Then click on the button labeled Sites, and type https://browsercheck.qualys.com into the box labeled “Add this website to the zone” and click the Add button. Click the Close button.
- By an IT administrator – Organizations that use Group Policy Objects for configuring their computers, can use the AddTrustedSites GPO without requiring user interaction. Instructions for IT administrator are provided in the Settings tab of the BrowserCheck management console.
The Fix It button appears grayed out when the item displayed in the results has one or more known vulnerabilities and there is no patch or security update available from the vendor (Zero-day).
Do I have to re-visit the site to scan again?
It depends on how you are using BrowserCheck. When used by individuals, BrowserCheck only works when https://browsercheck.qualys.com is viewed and does not run at any other time.Organizations that are using BrowserCheck Business Edition can set scans to automatically repeat in the background if a browser is running. If the scan finds anything out of date, the browser will display a small notification window that you can click to see the results of the scan.
I'm running Mac OS X Snow Leopard with QuickTime X (10.x). Why do my BrowserCheck results show QuickTime version 7.x?
Web browsers use the QuickTime plugin to play content within web pages. Even though Mac OS X Snow Leopard comes with QuickTime X (10.x) client software installed the browser still uses QuickTime plugin 7.x, which is why this version is reported in your results.
The issue is with the Firefox browser not refreshing plugin info properly. BrowserCheck simply queries the browser to get the version info. If you are using Firefox/Camino you can fix this by deleting the pluginreg.dat file under /Users/[name]/Library/Application Support/Firefox/Profiles/[random letters].default. The Browser will rebuild the plugin cache automatically and you will see correct info in the BrowserCheck results.
I'm running Mac OS X Snow Leopard with QuickTime plugin 7.6.6. Why do my BrowserCheck results show QuickTime version 7.6.3 as the installed plugin in Firefox?
This may happen due to a refresh related issue in Firefox. This can be corrected by using the following steps:
1) Quit Firefox and all other open browsers.
2) Move the QuickTime plugin from "/Library/Internet Plug-Ins/QuickTime Plugin.plugin" to someplace else temporarily (e.g. the desktop).
3) Open Firefox. From the Tools menu, select Add-ons and click on the Plugins tab to verify that QuickTime doesn't show up in the list anymore. Then quit Firefox.
4) Drag the QuickTime plugin back into "/Library/Internet Plug-Ins/" and then open Firefox again.
I made updates to my Safari browser plugins on Mac but I don't see the updates when I re-scan the browser. Why?
The Safari browser must be restarted after installing updates to your plugins. Please 'Quit' and restart the browser before you start another scan in order to see the updates in your results.
Why do my BrowserCheck results show only one browser instead of all browsers installed on my system?
By default, BrowserCheck just does a Basic scan that only examines the browser you are currently using. If you are using IE, Firefox or Chrome on Windows, you change the Scan Type to Intermediate or Advanced to scan all of the browsers on your computer.
The version information for your Mozilla Firefox browser may have been changed by your installed plugins. You can reset the version information by using the link below. Then re-scan your browser and check the status again in the BrowserCheck results.
You are prompted to install the Qualys BrowserCheck Plugin anytime a newer version of the plugin is available. You must have the latest version of the plugin installed to run a scan.
Due to the additional security provided in Windows Vista with IE protected mode, BrowserCheck tool is blocked from detecting the Firewall correctly. Please add https://browsercheck.qualys.com as a Trusted Site in IE to let the BrowserCheck work properly. Tools->Internet Options->Security->Trusted Sites->Sites.
With the removal of NPAPI from Chrome, the BrowserCheck plugin is currently not supported on Chrome on Mac OS. We expect to support it again in a future release.
Click the Chrome menu on the toolbar and select Tools->Extensions.
1. Select 'Developer mode' and click on 'Update extensions now' button and visit browsercheck.qualys.com. OR
2. Remove QualysBrowserCheck for Mac extension and visit browsercheck.qualys.com to install again.
The Qualys BrowserCheck tool is a browser add-on for IE, Firefox and Chrome on Windows and Mac OSX. To uninstall it, follow the add-on removal steps for your specific browser. Make sure you close the Qualys BrowserCheck window before removing the add-on.
Internet Explorer: From the Internet Explorer browser, go to the Manage Add-ons page from the Tools menu. Use the Show menu to display the Qualys BrowserCheck add-on. In IE 7, select the add-on and click Delete. In IE 8, select the add-on, click the More Information link, and then click Remove in the pop-up that appears.
To remove it manually:
- Login as admin user (administrator or a user with admin privileges)
- Make sure all the IE browser windows are closed
- Use command line and cd to "C:\Windows\Downloaded Program Files"
- Run the command regsvr32 /u qbc_bho.dll
- Run the command regsvr32 /u qbc_ax.dll
- Delete qbc* files from "C:\Windows\Downloaded Program Files".
Mozilla Firefox: From the Firefox browser, click on the Tools menu and select Add-ons. Select Extensions. Select the Qualys BrowserCheck add-on and click the Uninstall button. When prompted, click Uninstall to confirm.
Google Chrome: From the Chrome browser, click on the wrench icon to view the Tools menu and select Extensions. Select the Uninstall link next to the Qualys BrowserCheck add-on. When prompted, click Uninstall to confirm.
Safari: From the Safari menu, click on the Preferences and select the Extensions tab. Click on QualysBrowserCheck and click Uninstall button. To remove the plugin, delete QualysBrowserCheckSafari.plugin from /Library/Internet Plug-Ins.
MSI: To uninstall MSI use the following command > msiexec /qn /x <shared_path_to_msi>
Please note that there is no BrowserCheck plugin to uninstall on Mac and Linux.
|Operating System||Internet Explorer**||Firefox||Chrome||Safari||Opera||Camino|
|Windows Server 2008 R2||-||X||-||-||X||X||X||X||X||-|
|Windows Server 2008||-||X||X||-||X||X||X||X||X||-|
|Windows Server 2003||-||X||X||X||X||X||X||X||X||-|
|Windows XP SP1, SP2, SP3||-||X||X||X||X||X||X||X||X||-|
|Windows 2000 SP4||-||-||-||X||X||-||X||-||X||-|
|Mac OS X (Intel) and above||-||-||-||-||X||X||X||X||X||X|
In addition to the above this tool is also available for Android, iPhone, iPad, Maxthon, SeaMonkey, Arora, Fennec, Minefield, Flock, Rockmelt, SR Iron, Dolphin, Sleipnir, Lunascape, Orca, K-meleon browsers.
Yes, BrowserCheck has a web-based console called BrowserCheck Business Edition that lets you set how often and how deeply your computers should be scanned. It gives you a consolidated dashboard to see the status of your machines at a glance and allows you to drill down into the specific status of each of your PCs.
From browsercheck.qualys.com, simply click on the link labeled “BrowserCheck Business Edition”. There you can sign up for a free account and immediately begin managing your machines.
- Sign up for an account on the BrowserCheck Business Edition page.
- Login at browsercheck.qualys.com/admin/login.php. You’ll see a series of tabs across the top of the page. They provide different ways to view the data that BrowserCheck collects.
- Click on the Settings tab. On the right side, you’ll see a list of Scan Options that control what BrowserCheck examines on users’ computers, and how often scans should be performed.
- To scan a computer, you need to have the BrowserCheck plugin installed on that computer. You can either: (a) have the user manually install the BrowserCheck plugin by clicking on a link you give them, or (b) automatically push it in an MSI file to their machine using software-deployment tools like SCCM. Instructions for each are provided in the Settings tab in the section Enabling Your Users to Scan with BrowserCheck. Click on the [+] next to the method you wish to use to see the instructions.
- If you have enabled the option for repeating scans, BrowserCheck will automatically perform your selected scan in the future when the browser is open without interrupting the user or forcing them to go back to the BrowserCheck web page.
- The data from any scans that are performed can now be seen in the Dashboard, Assets and Scans tabs in the management console.
Yes. Organizations that lock down their computers and prevent users from installing fixes sometimes prefer to use BrowserCheck to silently gather information about each computer's configuration. To prevent users from seeing the results of scans, whether performed manually by the user or automatically as part of a repeating scan, IT administrators can set the "Do not show users the results of scans" option in the Settings tab of the management console.
Once you have connected users’ machines to BrowserCheck, you can easily see whether they are up-to-date or are in need of help. Simply click on the following tabs to see an overview or drill into the status of specific machines:
- Dashboard – This tab shows how many of your computers (referred to as “assets”) are secure or insecure and how this compares to all the computers scanned by BrowserCheck. It also lists the Windows PCs (support for other OSes will be coming) that have the most issues that need to be fixed. You can click on any machine listed to see the details of what BrowserCheck found.
- Assets – This tab allows you to see the latest status for each Windows PC (support for other OSes will be coming) that has been scanned for your account. You can click on any machine listed to see the details of what BrowserCheck found.
- Scans – This tab lists all of the scans that have been performed for your account. You can click on any machine listed to see the details of what BrowserCheck found. You can even look at different scans for a single machine to see whether it has kept current or drifted out-of-date over time.
How do the Scan Options in BrowserCheck Business Edition relate to Basic/Intermediate/Advanced ones end users see?
The management console in BrowserCheck Business Edition gives you more flexibility than end users see. The end user settings are equivalent to the following Scan Options:
|Scan all browsers||X||X|
|Check Antivirus, Firewall, Windows Update||X||X|
|Scan for missing Microsoft Security Updates||X|