Beyond antivirus software: Eclectic PC security tools for system-wide audits

Are you doing everything necessary to keep your PC safe? These utilities can fill in the gaps left by traditional antivirus software.

Welcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012.

Antivirus software is crucial for combating viruses, malware, and hackers, but simply installing an antivirus program is rarely enough. You should also use strong passwords; keep your system, applications, and browser plug-ins up-to-date; and make sure your firewall is doing its job by blocking all intrusions. Following these extra safeguards can reduce the chances of your PC becoming a Petri dish full of digital contagions.

Luckily, a number of tools and services can simplify all the extra security precautions that modern PCs require. They go above and beyond what's offered in antivirus suites, performing security audits of vulnerabilities that the big-name software packages miss. Here are five to check out.

Qualys Browser Check

An outdated browser or plug-in can serve as a security hole for hackers and malware authors to exploit, so youll want to keep your web software up-to-date. Qualys Browser Check is a free service that scans your Web browser to determine if youre running outdated or insecure versions of some popular plug-ins or add-ons, including Adobe Reader, Adobe Flash, Java, and Windows Media Player.

You can run a quick scan from your browser in Windows, Mac, or Linux. You don't even have to download any softwareQualys runs completely within your browser. Supported browsers include Internet Explorer (IE), Mozilla Firefox, Google Chrome, Safari, Opera, and Camino. Once Qualys Browser Check completes its scan, it lists which plug-ins it scanned, and indicates whether youre running insecure versions of any of your plug-ins, and if any updates are available. The scan also provides links to where you can download the newest plug-in version, so you dont have to hunt around for it.

Alternatively, you can run a full scan after downloading and installing the Qualys BrowserCheck plug-in, which supports IE, Firefox, and Chrome on Windowsthere's no Mac or Linux support for the full scan. This full scan can check all supported browsers you have installed, not just the browser you used to run the scan. And the full scan can also detect other system vulnerabilities as well, such as no automatic Windows Updates or Windows Firewall running, or out-of-date or disabled antivirus software.

Once Qualys Browser Check finishes doing its thing, youll see a list of scanned plug-ins for your current browser, and icons to view the results for each of your other browsers. And if you choose to do system checks, you'll see a tab showing its results as well.

Secunia Personal Software Inspector (PSI)

Secunia Personal Software Inspector (PSI) is a free program that scans your PC for security vulnerabilities, like missing updates that hackers and malware authors can exploit to infect or hack into your PC. If PSI finds a vulnerability, it will try to automatically download and install any relevant updates. Otherwise, it helps you manually fix the issue.

After you download and install Secunia PSI, it will scan your system and notify you via its system tray icon if other programs require a manual update. You can open the program to find your Secunia System Score, a list of any programs that need to be updated, and a list of any software that it found to be up-to-date.

Password Security Scanner

Password Security Scanner is a free utility that scans for passwords stored by Windows applications and Web browsers, and tells you how strong they are. This gives you a chance to identify weak passwords, and change them to something more secure. Although you cant see the actual passwords, you can see the username and which site or service they belong to.

The Password Security Scanner runs on Windows, and it will scan passwords stored by Internet Explorer, Mozilla Firefox, Microsoft Outlook, Windows Live Mail, and MSN/Windows Messenger, as well as your dial-up and VPN passwords.

After you download and install the utility, it will automatically scan and display additional details about your passwords, including their length, the types of characters used, and overall password strength. If you need help building better passwords, have a look at Alex Wawros primer on the topic.


ShieldsUp is a free, Web-based port scanner that tests your Internet connection for possible security holes, such as incorrect firewall settings. Although the testing regimen and reporting  might be a bit over the head of average computer users, the ShieldsUP site provides a wealth of background information about firewalls and port scanning.

ShieldsUp lets you scan a few different port ranges, including File Sharing ports (to make sure youre not offering direct access to your files) and Common Ports (to check the most commonly used ones). It also lets you check all ports via the All Service Ports scan option. In addition, you can tell it to scan a specific port or range of ports. Additionally, you can evaluate your web browser headers for privacy and tracking issues, and test to see if your PC is susceptible to spam via the Windows Messenger Service, a messaging system built into Windows.

If results show open ports, you can investigate the firewall settings of your router or PC and try to close or secure them.

Belarc Advisor

Belarc Advisor is free for personal use, and scans your PCs hardware, network connections, software, antivirus status, Windows Updates, and Windows security policies for insecure settings and other security vulnerabilities. It generates a report in HTML that you can view in your browser. This report provides details on the scanned items and any detected issues, along with links on how to fix them, but it doesnt automatically fix them for you. Also, the information it reveals is geared more for techies and IT professionals than average home users.

In the beginning of the report, the service shows your overall security status via three scores: Security Benchmark Score, Virus Protection, and Microsoft Security Updates. Click on any of these to see more details.

By scrolling through the report, youll discover details on your hardware specs, user accounts, peripherals, and networking. Youll also find a list of installed software versions, licenses, usage, and a report on missing or insecure Windows Hotfixes.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityqualys

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Geier

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place