Symantec Corp. is inviting you to assess your PCs’ vulnerability to hackers, viruses, and privacy leaks by running an on-line checkup at a new portion of its site, which launched last month.
Symantec Security Check analyzes PCs for their exposure and proposes remedies for systems that don’t pass the test (often, not surprisingly, recommending Symantec security products).
The Hacker Protection portion of the site scans for openings that hackers can exploit. Its Virus Protection checks for a current virus protection program, and its Privacy Protection component determines whether the user’s browser is transmitting Web-surfing history to other sites.
To take advantage of all of Symantec’s services, you must run Microsoft Internet Explorer 4.0 or a later version. Also, you must accept a tracking file called a session cookie (which is deleted after the test) and download an ActiveX program that performs part of the analysis.
Some people consider cookies and ActiveX downloads to be security breaches in their own right. “To require that people do insecure things in order to check their security seems strange to me,” said Steve Gibson, whose Gibson Research provides the free, Web-based Shields Up service similar to Symantec’s Hacker Protection utility.
However, you can forgo both cookies and ActiveX downloads and still take advantage of Symantec’s services except the Virus Protection tests, according to Tom Powledge, senior products manager for Symantec’s consumer products division. Some of the services are available to users of the Netscape browser, which does not support ActiveX in the same way as IE.
Symantec’s Hacker Protection utility, like Shields Up, scans the PC for open ports-electronic gateways into a computer-that hackers can exploit to access a system and files.
Many applications create ports that allow contact between a PC and the Internet. For instance, Web browsers generally bring HTML code into the system via port 80, while FTP programs transfer files through port 21. Symantec Security Check probes 12 of the most commonly used ports for security against unwelcome access.
Unlike Shields Up, Security Check also scans for approximately 60 Trojan horses, which are malicious programs masquerading as other applications that you might unwittingly download. When run, a Trojan horse opens one or more ports to exploit.
Symantec is aware of the GRC service, but draws on its utilities to hone its offerings.
“I think this is something we’ve identified a need for,” Powledge said. “It’s been on the drawing board for a while.”
Gibson, president of Gibson Research and developer of the Shields Up site, was not aware of Symantec’s service, so was unable to compare the two utilities.
Several similar services are available for a subscription. HackerWhacker will scan PCs’ ports for security vulnerabilities. You can get a one-time scan of most ports free, and more thorough scans for a sliding fee. Also, Secure-Me-Automated Security Testing offers two free port scans (one lengthy).
While Shields Up focuses on a system’s susceptibility to hacking, Symantec Security Checker also gauges vulnerability to viruses and Web sites that request personal information.
Its Virus Protection portion checks whether a PC is running a virus protection program with up-to-date virus definition files. Symantec’s Norton AntiVirus 2001 is not the only program deemed acceptable; but the list is limited to “top sellers…that produce regular updates,” Powledge said. Those include Norton AntiVirus, McAfee VirusScan, Trend Micro’s PC-cillin, and McAfee.com’s ActiveShield.
You can also run a Web-based version of Norton AntiVirus that checks PCs for viruses but does not remove them.
Finally, the Privacy Protection component of Symantec Security Check determines whether a browser is transmitting Web-surfing history to other sites. Often, Web sites request the identity of the last page you visited.
“I think most people don’t realize that information is being sent out over your browser,” Powledge said.
For more information, see Symantec on the Web at www.symanthttp://wwww.symantec.com.ec.com.