Web Browsing Security:

Find out if your current web browser, anti-virus or anti-Malware programs are leaving you at risk whilst surfing the web. Each test has a benign pseudo-threat that should have your software ringing alarm bells. If not then take our advice and try again to see if the problem is resolved.

• Anti Virus Security Engine Testing
  Test: This will test your Anti Virus system if you get a vital security warning while trying to download this file than your antivirus security policy is set up correctly if not than you may want to see if your security policy is using the Block Known Viruses rule.
  Description: Eicar , the European Institute for Computer Anti-Virus Research, created a file to test antivirus systems. It is not a Virus but a legitimate DOS program that says “EICAR-STANDARD-ANTIVIRUS-TEST-FILE!”
  URL for test: http://www.eicar.org/anti_virus_test_file.htm
   
• Vulnerability Anti.Dote™ Security Engine Testing
  Test: This test is for IE only and will test to see if your browser is open to Denial of Service (DoS) attack. If you get a you are safe message your browsers vulnerability engine is set up properly if your browser crashes this means you might want to check your security settings to see if the Block Application Level Vulnerabilities rule is in place.
  Description: A denial of service (DOS) attack is when someone overloads an application or server so that it cannot work anymore due to an overload of data.
  Test file: DoStest.htm
  
  Test: This test is to ascertain whether or not your antispyware system is vulnerable to Remote Code Execution (RCE) attacks. If you get a you are safe message your system is set up properly, if you get a you are vulnerable message you will need to check to see if your system is using the Block Application Level Vulnerabilities rule.
  Description: Remote Code Execution (RCE) attacks allow hackers complete remote access to your computer, so they can basically do or see anything held or being done on the computer.
  Test file: RCEtest.htm

• Behavior Profile Security Engine Testing
  Test: This test will find whether you are vulnerable Code Obfuscation of Malicious Script. If you receive a message saying you are safe then your behaviour profile is set up correctly. If you receive a message saying you are vulnerable than you should check if your system is running the Block Malicious Scripts by Behavior rule.
  Description: Code Obfuscation is when hackers try to make their malicious script unreadable to security engines through a mixture of encryption and encoding.
  Test file: Ofuscationtest.htm
  
  Test: This test will determine whether or not you are vulnerable malicious Java Applet bypass techniques. If you receive a you are safe message then your system is set up correctly if you receive a your are vulnerable warning than you should look to see if your Block Malicious ActiveX, Java Applets and Executables rule is in use in your security policy.
  Description: Java applets are programs designed to be run from other application (typically web browser). Since java applets run without user intervention the JVM (Java Virtual Machine) enforce some limitation on it. These limitations include writing files to the local computer, reading files, programs execution, registry manipulation etc. There are, however some security vulnerabilities (See: CAN-2005-3906) which allow malicious applets to bypass these limitations, Hence any applet which tries to perform any of the restricted actions should be blocked (regardless of the bypass technique, if any used).
  Test file: JavaApplettest.htm

• URL Filtering Security Engine Testing
  Test: This will test your firewall for URL Filtering by sending you to a known hacking site. If you arrive there with no warning you should check your Block Access to High-Risk Site Categories rule is activated.
  Test URL: http://www.hackingexposed.com/
  
  
  
  Other Useful bits:
   
• Broadband speed test (if you think you’re not getting as fast a connection as you believe you should have, check with speedtest.net. allows you to choose the server nearest to you for the most accurate results.) - http://speedtest.net/
   
• Firewall test (check if there are any holes in your firewall. these openings (ports) can allow unwanted access to your system, a no no for the modern way of business and banking)- http://www.auditmypc.com/firewall-test.asp Also http://bcheck.scanit.be/bcheck/ browser vulnerability test.
   
• Software Patching (Check that all your software is at it’s most recent version + explain the benefits that it not only gives added functionality and compatibility but also gives greater security) - Secunia online scan
   
• Here is a test to see if your computers files are infected http://virusscan.jotti.org/ simply upload files to check if they are infected.
   
• The Kaminsky bug was a large problem last year and infected a large number of computers, in the hundreds of thousands. Check if you were and still are infected here kaminskybug.se.
• If you would like to test the health of your own DNS this is the tool to use it will tell you all the essentials you need to know about your connection and whether or not they are vulnerable to attack http://member.dnsstuff.com/tools/vu800113.php.
  
  Wider internet tests and research:
   
• Robtex.com is a well regarded IP and AS number research tool you can find out rooting, in graph and tadle formats, whois data and whether or not an IP or AS is blacklisted.
   
• This is a great tool for finding out how healthy a domain is whether that is down to virus issuing or drive by exploits http://www.dnsstuff.com/. A good tool to check your own domains or that of I site you wish to visit.
   
• This site http://member.dnsstuff.com/pages/tools.php?ptype=free also provides a great deal of DNS research tools which are useful for tracking domains, finding the history or ownership of these domains and researching hosts.