Free Web Service Allows Corporate Users and Consumers to Secure Web Browsers
Redwood City, CA — May 6, 2002 — Qualys, Inc., the leader in the emerging category of Managed Vulnerability Assessment, today announced the availability of a free browser vulnerability service, available at http://browsercheck.qualys.com. Run interactively and in real time, this Web service allows Microsoft Internet Explorer users to immediately identify their browser vulnerabilities and patch them with validated fixes. This service provides system administrators with a tool to educate users and make them aware of security holes embedded within their browsers before intruders can exploit them. Harnessing technology from the company’s QualysGuard Managed Vulnerability Platform, the browser checkup impersonates a hacker to perform a series of tests against Microsoft’s Internet Explorer to detect vulnerabilities and reveal information that could potentially be exposed to attackers.
Internet Explorer’s security vulnerabilities have been widely exposed in the media, and Microsoft has provided security bulletins and downloadable patches. But many Internet Explorer users may not be aware of the risks to which their browsers expose them every time they conduct routine activities, such as browsing the Internet or shopping online, and system administrators are challenged with keeping the corporate user up-to-date with the latest browser technology that addresses serious security flaws.
“Most Internet users do not realize the number of security risks they face every day from basic Web browsing, and browser vulnerabilities are just the tip of the iceberg,” said Allan Carey, Senior Research Analyst for Information Security Services at IDC. “Qualys has leveraged the capabilities of its Managed Vulnerability Assessment Platform beyond the corporate environment to educate all users about the potential risks associated with their browsers and the remedies needed to fix them.”
The installed base of Internet Explorer-more than 400 million users worldwide-can run any or all of the checks offered by Qualys to determine if they are vulnerable to browser weaknesses such as:
Program Execution: Through the use of maliciously crafted programs, attackers can launch
File Execution: Remote attackers can execute random files on a computer by tricking a browser into thinking the file is safe to open. If the browser opens the file without a prompt, an executable file that may contain a virus could be downloaded.
All of these Qualys browser checks can be run simply with a click of the mouse. While the tests illustrate how a hacker can download malicious applications, nothing will be downloaded onto users’ computers, making the tests completely safe to run. If vulnerabilities are found, Qualys offers suggestions on how to remedy the problems with validated patches from Microsoft when available.
“Opening your browser to the Internet is like opening the door to your home for anyone to enter. Every time users connect, they place their computers, their personal information, and even their corporate networks at risk,” said Philippe Courtot, Chairman and CEO of Qualys. “The number of vulnerabilities that can be found through this simple check is astonishing, and today’s firewalls and security products are not sufficient any more. By providing the free browser check, we hope to educate the public on the prevalence of vulnerabilities found in their browsers and provide a friendly tool to remedy them before any damage occurs.”
Designed to work affordably on any size network, and delivered over the Internet, QualysGuard uses advanced vulnerability detection techniques to assess a network’s security exposures and suggest remedies before intruders can take advantage of them. Via a simple Web-based interface, users can pre-schedule a QualysGuard audit or initiate an on-demand audit whenever they choose. Upon completion of the security audit, network administrators receive a near-instantaneous report detailing vulnerabilities identified, severity level of each, potential consequences, and suggested remedies to fix each vulnerability. Qualys’ KnowledgeBase-the most comprehensive, constantly updated database-contains more than 1500 vulnerability signatures covering over 300 applications on more than 20 different platforms.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
For media inquiries or to find the appropriate spokesperson
Contact: Megan Lamb
For all other matters