Free vulnerability assessments online

One of the most useful checks anyone can perform on a computer connected to the Internet is a vulnerability assessment. Two of the free services I’ve used are the Symantec Security Check and Steve Gibson’s specialized LeakTest utility.

The Symantec Security Check is available in many languages; the U.S. English version is currently at:

https://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

This site is also automatically available through the Norton SystemWorks 2004 menu through the Extra Features tab. You will need to be running at least Internet Explorer 5.0, Netscape 4.5 or Safari 1.0. Unfortunately, the site rejects the Opera browser, which is my personal standard.

The scan takes about two minutes on my 1M bit/sec download/ 50K bit/sec upload Starband satellite link (I live out in the boonies where there’s no cable service available). The results are summarized in the following categories (I’m quoting or paraphrasing directly from Symantec’s Web page but not bothering with quotation marks here):

* Hacker Exposure Check: Tests your TCP ports for unauthorized Internet connections. Tests include ICMP Ping, FTP, SSH, Telnet, SMTP, Finger, HTTP, POP3, Authentication, NNTP, Location Service, NetBIOS, IMAP, HTTP over TLS/SSL, Windows NT/2000 SMB, SOCKS, PPTP, UPnP and pcAnywhere. Each port is briefly described along with the results (open, closed or stealth).

* Windows Vulnerability Check: Tests whether basic information, including your PC’s network identity, can be seen by hackers.

* Trojan Horse Check: Attempts to test for access to your computer through methods commonly used by Trojan horses. Vulnerabilities checked include those used by Acid Shivers, Back Orifice 2000, Backdoor/Subseven, Bla, Blade Runner, COMA, DeepThroat, Delta Source, Dmsetup, Doly, Donald Dick, Extreme, FC Infector, FireHotcker, FTP99CMP, GateCrasher, GJammer, Hack ‘A’ Tack, Indoctrination, iNi Killer, Keylogger, Master Paradise, NetBus, NetMonitor, NetSphere, Netspy, Portal of Doom, Priority, Progenic, RASmin, Remote Explorer, Remote Grab, Senna Spy, Shiva Burka, ShockRave,TranScout, Sokets de Trois v1, SpySender, Striker, Trojan Cow, Trojan Ripper, Ultor’s, Whack-a-Mole, and WinCrash.

* Antivirus Product Check: Checks for a current version of a commonly used virus protection product.

* Virus Protection Update Check: Checks the date of your most recent virus protection update. If the updates are more than two weeks old, they are not considered current.

Steve Gibson’s site is chock full of useful free utilities and will be the subject of another article soon (he has all kinds of new security tools):

https://www.grc.com/

The one I want to remind readers of is LeakTest, which was largely responsible for major improvements in firewalls some years ago. The new Version 1.2 of this tiny tool (downloaded 4.5 million times when I visited the site) is available at:

https://www.grc.com/lt/leaktest.htm

The 25K-byte program checks to be sure that your firewall notices and (assuming you disallow them) prevents unauthorized outbound connections from programs on your system.