Some sites to test browser security

Anupam · 27. Jul 2010, 04:01 PM

Came across this article today on MakeUseOf, which list some sites where you can test your browser for security. Two of these are PCFlank and ShieldsUP which are more useful for firewalls. Other known site is Firefox Plugin Test, which now tests other browsers besides Firefox too.

All in all, a good list.

http://www.makeuseof.com/tag/7-brows...ploit-attacks/

Anupam · 27. Jul 2010, 04:28 PM

Its a good list of sites.

I took the ScanIt test, which tries to crash your browser with vulnerabilities. I am using the latest Firefox 3.6.8, and it passed all tests

.

Have not taken Qualsys Browser Test yet, as it requires a plugin to be installed on the browser.

BrowserScope is a good one too. Its more of a browser comparison rather than a security test, but its still interesting. In terms of security, Firefox here got 7/13

, whereas Chrome has the highest score of 12/13.

I took the Panopticlick test, but could not quite understand the result. Will have to read its help file.

Interesting tests. I think the most useful is ScanIt.

26Dolphins · 27. Jul 2010, 07:15 PM

Hi,

Indeed, good list of sites for browser testing - I didn't know of Qualys Browser Check, but if it requires a plugin installation I won't try it out.
The tests on Browserscope won't run if Javascript is disabled.

My favorite is also ScanIt which I run every time Firefox updates.

Panopticlick is a privacy risk test .The more rare your browser configuration is, based on the info it transmits while you surf, the more uniquely identifiable you are on the Internet.
This is a rather weak side of Firefox as it tends to reveal a lot of info.
For example, if you open Help>About, the info in the User Agent string you see, is always transmitted, including your OS, the languages of your browser, even the exact release date of the major version you're using.
If you mess with that info in about:config, updates for Firefox itself, add-ons, themes and plugins won't work properly.

Anupam · 28. Jul 2010, 10:04 AM

Thanks for the information.

I think the User Agent String is transmitted by all browsers?

Which information do the other browser transmit, or don't transmit, that Firefox does?

26Dolphins · 28. Jul 2010, 04:15 PM

Hi Anupam,

Quote:

Which information do the other browser transmit, or don't transmit, that Firefox does?

I can't answer with specific data, as it depends on how & with what data the User Agent String of its browser is constructed. If I'm not mistaken it's engine dependant though.
I'd have to do some research and I don't really have the time for this at the moment. If it doesn't fall to oblivion, I'll look more into it at a more convinient time, ok?

Anupam · 28. Jul 2010, 05:12 PM

That's OK 26Dolphins

... I thought you would know the answer, so you can tell. Its not a big problem. I will try to find out some myself, when I have time too

.

MidnightCowboy · 28. Jul 2010, 08:41 PM

I tried all 18 tests with IE8 and it passed in both open and sandboxed modes. I received one alert from MSE and several for permission to run addons from WinPatrol in open mode, but when using Sandboxie I only received the alert from MSE. So, it seems that both Sandboxie and WinPatrol are doing their jobs correctly.
Attachment 643

Concerned User · 31. Jul 2010, 08:55 AM

I got a "83/100" in the browserscope test maybe due to addons like noscript, cslite and no referrer (firefox)?

26Dolphins · 31. Jul 2010, 02:54 PM

Hi,
@Concerned User
How did you manage to run browserscope with Firefox with these add-ons and get a score?

I get to the page with the stethoscope and it stays there for ever. If I enable scripts for browserscope.org, a few more sites come up which need to run scripts as well as cross-site requests to them which are blocked by Request Policy and NoScript (default setting).
So, maybe the test can't run properly and finish?

Concerned User · 31. Jul 2010, 05:52 PM

Quote:

Originally Posted by 26Dolphins

Hi,
@Concerned User
How did you manage to run browserscope with Firefox with these add-ons and get a score?

I get to the page with the stethoscope and it stays there for ever. If I enable scripts for browserscope.org, a few more sites come up which need to run scripts as well as cross-site requests to them which are blocked by Request Policy and NoScript (default setting).
So, maybe the test can't run properly and finish?

Yes I also got to the stethoscope

...I allowed cookies from the site and also allowed scripts. It worked.

27. Jul 2010, 04:01 PM	#1 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	Some sites to test browser security Came across this article today on MakeUseOf, which list some sites where you can test your browser for security. Two of these are PCFlank and ShieldsUP which are more useful for firewalls. Other known site is Firefox Plugin Test, which now tests other browsers besides Firefox too. All in all, a good list. http://www.makeuseof.com/tag/7-brows...ploit-attacks/ __________________ Anupam

27. Jul 2010, 04:28 PM	#2 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	Its a good list of sites. I took the ScanIt test, which tries to crash your browser with vulnerabilities. I am using the latest Firefox 3.6.8, and it passed all tests . Have not taken Qualsys Browser Test yet, as it requires a plugin to be installed on the browser. BrowserScope is a good one too. Its more of a browser comparison rather than a security test, but its still interesting. In terms of security, Firefox here got 7/13 , whereas Chrome has the highest score of 12/13. I took the Panopticlick test, but could not quite understand the result. Will have to read its help file. Interesting tests. I think the most useful is ScanIt. __________________ Anupam

27. Jul 2010, 07:15 PM	#3 (permalink)
26Dolphins Senior Member Join Date: Nov 2009 Posts: 440	Hi, Indeed, good list of sites for browser testing - I didn't know of Qualys Browser Check, but if it requires a plugin installation I won't try it out. The tests on Browserscope won't run if Javascript is disabled. My favorite is also ScanIt which I run every time Firefox updates. Panopticlick is a privacy risk test .The more rare your browser configuration is, based on the info it transmits while you surf, the more uniquely identifiable you are on the Internet. This is a rather weak side of Firefox as it tends to reveal a lot of info. For example, if you open Help>About, the info in the User Agent string you see, is always transmitted, including your OS, the languages of your browser, even the exact release date of the major version you're using. If you mess with that info in about:config, updates for Firefox itself, add-ons, themes and plugins won't work properly. __________________ 26Dolphins

28. Jul 2010, 10:04 AM	#4 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	Thanks for the information. I think the User Agent String is transmitted by all browsers? Which information do the other browser transmit, or don't transmit, that Firefox does? __________________ Anupam

28. Jul 2010, 05:12 PM	#6 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	That's OK 26Dolphins ... I thought you would know the answer, so you can tell. Its not a big problem. I will try to find out some myself, when I have time too . __________________ Anupam

28. Jul 2010, 08:41 PM	#7 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	I tried all 18 tests with IE8 and it passed in both open and sandboxed modes. I received one alert from MSE and several for permission to run addons from WinPatrol in open mode, but when using Sandboxie I only received the alert from MSE. So, it seems that both Sandboxie and WinPatrol are doing their jobs correctly. Attachment 643 __________________ Knows nothing and cares even less Last edited by MidnightCowboy; 05. Oct 2010 at 10:24 PM.

31. Jul 2010, 08:55 AM	#8 (permalink)
Concerned User Editor Join Date: Apr 2010 Location: இந்தியா, सिन्धु, India Posts: 324	I got a "83/100" in the browserscope test maybe due to addons like noscript, cslite and no referrer (firefox)? Last edited by Concerned User; 31. Jul 2010 at 09:02 AM.

31. Jul 2010, 02:54 PM	#9 (permalink)
26Dolphins Senior Member Join Date: Nov 2009 Posts: 440	Hi, @Concerned User How did you manage to run browserscope with Firefox with these add-ons and get a score? I get to the page with the stethoscope and it stays there for ever. If I enable scripts for browserscope.org, a few more sites come up which need to run scripts as well as cross-site requests to them which are blocked by Request Policy and NoScript (default setting). So, maybe the test can't run properly and finish? __________________ 26Dolphins

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode