Re: Browser Plugin Check

["Flynn, Gerald" <flynngn () JMU EDU>]

> -----Original Message-----
> From: Anthony Maszeroski [mailto:maszeroskia3 () scranton edu]
> Sent: Thursday, October 15, 2009 8:34 AM
> To: Flynn, Gerald - flynngn
> Cc: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Browser Plugin Check
>
> Gary,
>
> That sounds like a great idea to me -- something similar to the "Secure
> Browsing" tab in Secunia PSI. I think the biggest challenge would be
> finding someone with the resources necessary to keep the version
> library
> up-to-date. I wonder if that would be something the collective user
> community could handle...

I think that would be easily accomplished as the version checking
scripts wouldn't be that complicated. The difficulty would be
vetting those contributions to make sure someone didn't submit a
version checking script that did something malicious. 

I believe there are already quite a few public domain libraries for 
checking browser and plugin versions that could probably be adapted
or harvested.

Ideally, vendors would contribute the necessary version checking 
scripts for their products as a public service to offset the risk 
to their customers their continual product defects were causing. :)
Might even let them sneak a few marketing words or ad graphics
in as long as it didn't interfere with the basic message.