May 26, 2010

Mozilla‘s Plugin Check Web site, which inspects Firefox browsers for outdated and insecure plugins, now checks other browsers — including Apple‘s Safari, Google‘s Chrome, Opera, and (to a far lesser extent) even Internet Explorer.

The Plugin Check site looks for a range of outdated plugins, and now works on Safari 4, Google Chrome  4 and up, Mozilla Firefox 3.0 and up, and Opera 10.5. This is a nice idea, and it works to some degree, but the page couldn’t locate version information for about seven of ten plugins I currently have in Firefox.

Similarly it detected version information for three out of nine of my plugins on my Macbook Pro’s Safari installation, although it helpfully informed me of an outdated Flash player on my Mac (doh!). It also detected version numbers for just two of 11 plugins apparently installed in my Google Chrome browser.

Mozilla’s Plugin Check also partially supports IE7 and IE8, although when I visited it with IE, I received an interesting result. I went there with a virgin install of IE8 that didn’t have any third party plugins installed. But rather than tell me I was secure  because it could detect no plugins at all, Mozilla’s site actually prompted me to install Adobe’s Flash Player (screen shot below), one of the most-attacked browser plugins of all.

It would be great to see this technology start to detect more plugins. In the meantime, if you’re running Windows and want help keeping up to date with the latest patches, I’d recommend Secunia‘s Personal Software Inspector, a program that periodically reminds you about insecure programs and plugins, and even includes links to download the latest patches.


16 thoughts on “Mozilla Plugin Check Now Does Windows (Sort of)

  1. muffin

    brian: i’m new to your website and i’m learning a lot from it. i’m not a computer expert but do want to learn more about computer safety. you mentioned in an earlier article that there were programs that you thought people should not have on their computer. could you tell me which ones those are? in the article above, you note that adobe flash player is one of the most attached browser plug-ins. i have that on my computer. can i remove it?

    1. BrianKrebs Post author

      hi muffin. thanks for reading and for your question. you may find it difficult to surf the web for long without having flash installed but if you haven’t needed it yet, I’d see if you can hold out longer. I wouldn’t go so far as to say people should get rid of Flash, because it is used by so many Web sites and without it you simply can’t use a lot of these sites.

      The important thing is to keep any programs you have installed up to date, whether it’s Flash, QuickTime, or whatever. Reading this blog regularly and using a tool like Secunia’s that I mention above can make doing this pretty easy. Of course, you still have to apply the updates.

      As for programs I think most folks can do without, I’d put Sun’s Java on the top of the list. I really don’t care for QuickTime, which is another heavily targeted plugin, and because QT tries to take over your settings every time you update it. But you can’t use iTunes without QT, so if you’re an iPod/iPhone user that’s tough.

      I also recommend people avoid Adobe’s PDF reader in favor of just about any other free PDF reader, and there are several. I like Foxit, but there are others.

      Most people have no use for Adobe Shockwave Player, and can safely get rid of that without noticing the difference.

  2. Matthew

    What about Secunia PSI to accomplish this task?

  3. BrianKrebs Post author

    Hi Matt. I mentioned Secunia PSI in the main article and in my response to the first comment.

    1. Matthew

      I know it. Mea Culpa for not RTFA before keying 🙁

  4. muffin

    thanks, brian. i removed java recently after reading one of your earlier columns. so far no problem. i removed quick time a while back. i will look into the foxit pdf reader. i don’t have adobe shockwave player on my computer. i do use secunia, the one that you download and scans your computer once a week. i find that very helpful. i’ll try removing adobe flash player and see how long i can go without needing it. thank you and your many readers for their very helpful comments.

  5. JCitizen

    Thanks Brian!

    This plug-in checker, can be a real eyeopener for FireFox users!

    I keep it in my favorites and visit frequently!

  6. QQ

    That is really nice I will be adding this along now every time I suggest Firefox.

    There is a similar software worth checking out is the awesome Filehippo update checker, It will inspect most or all your programs for update tho it does directly cover Firefox plug-ins but it does check flash version and it is a program you will need to install not just a webpage.

  7. Scott Knowles

    All I got for Safari (4.0.5) on G5 PPC with the checker was, “Unable to Detect Plugin Version”. None of the plug-ins had the green box of being up to date, yet I know most are the latest and the rest are old but the last version available. It did the same thing with OmniWeb brower. With Firefox it found the version number for only 5 of the 9 plugins (Google Earth and LizardTech not found but current).

    Safari has a “view installed plug-in” tool (in Help menu), where does Firefox have the same tool?

  8. gregory

    I have a question which is a bit off-topic but I figure out readers of this blog are among the most qualified for a pertinent advice. A friend insist I should start using, as my third browser along Mozilla and Safari for Windows,
    SRWare Iron (which is based on Google Chrome engine).
    http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
    I wonder if the above plugin would work with this browser (on behalf of it using the Chrome Engine) and in general, if there are any other pro opinions for this little known browser.

  9. David Chasey

    PSI: Here’s how I used it. I start the day by starting the computer with a computer administrator account — not my working account. Once logged on I change my working account into an administrative account. Then I log out and log on to my working account. Then I run PSI. If my score is 100% I change the account to a limited account. HERE’S THE THING: PSI will run on the limited account if you switch the account type to limited from administrative.

    I can hibernate the computer and when I log back on the account is still limited and PSI is still running.

    1. JCitizen

      I think, Secunia has an email option, so that you can be emailed if changes are coming. I’m not sure how it works though. To bad FileHippo won’t at least let one know, about updates on the standard account also.

      A person would still have to loggon to Administrator to do the changes, I don’t like using Run As on XP. For Vista this would be great!

      CNET lets me know when anything on my watch list is updated, so that one is a good reminder also.

  10. Phil

    Sumatra PDF is a very quick and efficient free viewer that can be installed on the PC or run from a flash drive.
    It can be downloaded from:

    http://blog.kowalczyk.info/software/sumatrapdf/index.html

    For those of us who use web sites that require java, No Script plugin for Firefox has proven very useful in blocking unwanted javascripts. It can be downloaded from:

    http://noscript.net/

    It is interesting to use this plugin to observe all the scripts collecting data on many of the commercial sites one visits.

  11. Timothy (TRiG)

    Phil,

    For those of us who use web sites that require java, No Script plugin for Firefox has proven very useful in blocking unwanted javascripts.

    Java and JavaScript are completely different languages with different histories from different vendors. They have almost nothing to do with each other.

    TRiG.

Comments are closed.