Security End-User Tools

Antivirus software is crucial for combating viruses, malware, and hackers, but simply installing an antivirus program is rarely enough. You should also use strong passwords; keep your system, applications, and browser plug-ins up-to-date; and make sure your firewall is doing its job by blocking all intrusions. Following these extra safeguards can reduce the chances of your PC becoming a Petri dish full of digital contagions.

Luckily, a number of tools and services can simplify all the extra security precautions that modern PCs require. They go above and beyond what’s offered in antivirus suites, performing security audits of vulnerabilities that the big-name software packages miss. Here are five to check out.

Qualys BrowserCheck

An outdated browser or plug-in can serve as a security hole for hackers and malware authors to exploit, so you’ll want to keep your web software up-to-date. Qualys BrowserCheck is a free service that scans your Web browser to determine if you’re running outdated or insecure versions of some popular plug-ins or add-ons, including Adobe Reader, Adobe Flash, Java, and Windows Media Player.

You can run a quick scan from your browser in Windows, Mac, or Linux. You don’t even have to download any software—Qualys runs completely within your browser. Supported browsers include Internet Explorer (IE), Mozilla Firefox, Google Chrome, Safari, Opera, and Camino. Once Qualys BrowserCheck completes its scan, it lists which plug-ins it scanned, and indicates whether you’re running insecure versions of any of your plug-ins, and if any updates are available. The scan also provides links to where you can download the newest plug-in version, so you don’t have to hunt around for it.

Sample results from a quick Qualys scan. Look at that: The Java plugin needs an update.

Alternatively, you can run a full scan after downloading and installing the Qualys BrowserCheck plug-in, which supports IE, Firefox, and Chrome on Windows—there’s no Mac or Linux support for the full scan. This full scan can check all supported browsers you have installed, not just the browser you used to run the scan. And the full scan can also detect other system vulnerabilities as well, such as no automatic Windows Updates or Windows Firewall running, or out-of-date or disabled antivirus software.

Sample results from a full scan in Chrome after downloading the plug-in.

Once Qualys BrowserCheck finishes doing its thing, you’ll see a list of scanned plug-ins for your current browser, and icons to view the results for each of your other browsers. And if you choose to do system checks, you’ll see a tab showing its results as well.

Secunia Personal Software Inspector (PSI)

Secunia Personal Software Inspector (PSI) is a free program that scans your PC for security vulnerabilities, like missing updates that hackers and malware authors can exploit to infect or hack into your PC. If PSI finds a vulnerability, it will try to automatically download and install any relevant updates. Otherwise, it helps you manually fix the issue.

After you download and install Secunia PSI, it will scan your system and notify you via its system tray icon if other programs require a manual update. You can open the program to find your Secunia System Score, a list of any programs that need to be updated, and a list of any software that it found to be up-to-date.

If your Secunia System Score is below 100 percent, you’ll find icons for the vulnerable programs, which you can click on to resolve the issue.

Password Security Scanner

Password Security Scanner is a free utility that scans for passwords stored by Windows applications and Web browsers, and tells you how strong they are. This gives you a chance to identify weak passwords, and change them to something more secure. Although you can’t see the actual passwords, you can see the username and which site or service they belong to.

The Password Security Scanner runs on Windows, and it will scan passwords stored by Internet Explorer, Mozilla Firefox, Microsoft Outlook, Windows Live Mail, and MSN/Windows Messenger, as well as your dial-up and VPN passwords.

Sample list of passwords and details about their strength.

After you download and install the utility, it will automatically scan and display additional details about your passwords, including their length, the types of characters used, and overall password strength. If you need help building better passwords, have a look at Alex Wawro’s primer on the topic.


ShieldsUp is a free, Web-based port scanner that tests your Internet connection for possible security holes, such as incorrect firewall settings. Although the testing regimen and reporting  might be a bit over the head of average computer users, the ShieldsUP site provides a wealth of background information about firewalls and port scanning.

ShieldsUp lets you scan a few different port ranges, including File Sharing ports (to make sure you’re not offering direct access to your files) and Common Ports (to check the most commonly used ones). It also lets you check all ports via the All Service Ports scan option. In addition, you can tell it to scan a specific port or range of ports. Additionally, you can evaluate your web browser headers for privacy and tracking issues, and test to see if your PC is susceptible to spam via the Windows Messenger Service, a messaging system built into Windows.

The results for the File Sharing tests are presented via a text description.
The results for the All Services tests are presented in graphical form.

If results show open ports, you can investigate the firewall settings of your router or PC and try to close or secure them.

Belarc Advisor

Belarc Advisor is free for personal use, and scans your PC’s hardware, network connections, software, antivirus status, Windows Updates, and Windows security policies for insecure settings and other security vulnerabilities. It generates a report in HTML that you can view in your browser. This report provides details on the scanned items and any detected issues, along with links on how to fix them, but it doesn’t automatically fix them for you. Also, the information it reveals is geared more for techies and IT professionals than average home users.

Sample of the HTML report created by Belarc Advisor.

In the beginning of the report, the service shows your overall security status via three scores: Security Benchmark Score, Virus Protection, and Microsoft Security Updates. Click on any of these to see more details.

By scrolling through the report, you’ll discover details on your hardware specs, user accounts, peripherals, and networking. You’ll also find a list of installed software versions, licenses, usage, and a report on missing or insecure Windows Hotfixes.



Làm sao để an toàn hơn?

Tại sao lại an toàn hơn? Chứ không phải an toàn? Vì an toàn chỉ có ý nghĩa tương đối.

Mọi hệ thống đều tiềm ẩn nhiều nguy cơ và trên thực tế thì mọi hệ thống điều lần lượt bị phá vỡ.

Tôi xin đưa ra vài ý kiến của tôi để an toàn hơn

  • Dùng phần mềm sạch và an toàn
    • Nếu không có tiền mua phần mềm, hoặc không biết mua, hoặc không thích mua. Tóm lại là bạn không mua những phần mềm phải trả phí, thì tốt nhất là hãy chọn những phần mềm mã nguồn mở, phần mềm miễn phí. Sự hữu dụng của phần mềm phụ thuộc khá nhiều vào khả năng thành thạo của bạn đối với phần mềm đó nữa. Tiêu chí của tôi là sử dụng thành thạo những phần mềm miễn phí, và nếu không có phần mềm miễn phí phục vụ cho nhu cầu của tôi, tôi sẽ mua phần mềm trả phí để được an toàn hơn. Thực sự thì tôi không có đủ bản lĩnh và tài năng để nhận biết được đoạn mã crack có chứa malware hay không!!
  • Luôn cập nhật các phần mềm
    • Cập nhật phần mềm là một thói quen tốt. Vừa giúp ta trải nghiệm những tính năng mới nhất. Lại vừa an toàn. Thực tế thì có một số lượng lớn các mã độc nhằm tới các phần mềm phiên bản cũ.
  • Mạnh khẩu mạnh và đừng quá ngốc
    • Tôi thường sử dụng những trang tự động sinh mật khẩu mạnh như để tạo ra mật khẩu cho mình. Tôi dùng một phần mềm để quản lý các mật khẩu của mình. Điều này vừa đảm bảo tôi không bao giờ sử dụng một mật khẩu cho nhiều mật khẩu. Vừa giúp tôi không phải nhớ. Tôi cũng chẳng bao giờ quên mật khẩu!
    • Hãy thông minh khi ai đó “mượn” tài khoản của bạn. Những người tốt thường không có thói quen đó.