Scanit tackles browser vulnerabilities

Firewalls, intrusion detection systems and anti-virus software can be foiled by attackers using rogue web sites and web broswers to ascertain user information. To combat this threat, Scanit has developed a free online test.

  • E-Mail
By  Zoe Moleshead Published  February 19, 2003

Although users are encouraged to secure their systems with a host of firewalls, intrusion detection systems (IDS) and anti-virus software, attackers can still foil these solutions by utilising a simple web browser.

Internet browsers, such as Microsoft’s Internet Explorer and Netscape, often automatically execute commands when users visit certain sites. While at a basic level this could just involve opening a media player and streaming video, at a more serious level attackers can exploit this functionality to penetrate a user’s system.

To combat this threat, Scanit has developed a free online test — www.scanit.be.bcheck/ — to assess the security of a user’s web browser and notifies the them about any vulnerabilities that are discovered.

“Scanit engineers put together a series of tests to make sure that the web browser has been configured and secured properly. The vulnerabilities that are discovered are then graded into high, medium and low risks,” says David Michuax, CEO, Scanit.

“A high risk means that if a user visits a particular web site, it [web site] will be able to upload a piece of software on to their computer and run it like a Trojan. While a medium risk means that the web site would be able to access every piece of information that is kept on your computer, and low risk means that the web site is able to see the history of the web browser,” he explains.

These threats are also more serious because they are able to elude many of the security solutions that users may have installed. All too often firewalls and IDS products will enable traffic to enter a system via a web browser without scanning it.

“It doesn’t matter if you have a firewall, anti-virus software or IDS because the browser bypasses all of that. Somebody on the corporate network who connects to the internet through the firewall to a web site could then provide that site with access straight back into their entire corporate network, despite the fact they have millions of dollars of security protecting them,” says Michaux.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code