The HP Security Laboratory has created the application SWF Scan which can be used by both developers and end users to analyse Adobe Flash files for more than 60 vulnerabilities. Usage is pretty simple and straightforward although interpretation of the findings might require a deeper understanding of Adobe Flash or extensive research on the Internet. The application works with both local Adobe Flash files or those embedded in websites.

Users will first have to find out the direct url to the embedded flash file on the website. All web browser provide those capabilities. Firefox users for instance right-click the page and select Page Info from the context menu to get a list of objects that are embedded in the website. A click on the Media tab and a manual search for files of the type embed should be enough to find the url of the Adobe Flash file. A right-click on the flash object will open a menu with the option to copy the url to the clipboard.

Once the url has been copied to the clipboard it can be pasted into the interface of the HP SWF Scan application. A click on the get button next to the url bar will initiate a connection attempt of the Adobe Flash security scanner. If the file is a valid Adobe Flash file it will automatically try to decompile it displaying the findings in the sidebar and the actual source in the right window.

A proficient Flash user can now analyze the code on his own. Everyone else is better of clicking on the Analyze button in the header of the security program. This will analyze the decompiled source code and provide a summary to the user.

The summary contains a list of vulnerabilities that have been found in the Adobe Flash file. This vulnerabilities mean that the Flash file might be vulnerable to certain exploits. Flash developers can then rewrite part of their application to fix the discovered vulnerabilities. End users on the other hand may be delighted to know that an Adobe Flash file does not contain any of the known vulnerabilities.

SWF Scan is a free download after a mandatory registration at the HP website. It is currently only available for the Microsoft Windows operating system.

Related posts

• Mozilla Checks Flash Version After Firefox Updates (13)
• Vulnerabilities in latest Flash version (4)
• New Information about latest Flash Vulnerability (1)
• Mozilla Flash Upgrade Statistics (3)
• HP USB Disk Storage Format Tool (5)

An Active X control has to be downloaded prior to the scan. A health report is generated in the end that is displaying red, yellow and green icons in various categories. Red items are critical, yellow medium and green safe. My test results have been mixed. I did receive several red icons in some categories because of programs that were not included in my security concept. The red icon in the security products category for instance was there because of the disabled Windows Firewall and no other firewall that was installed.

It did not detect the hardware firewall of my router. What I want to say is that even though some elements are marked as insecure they might not be in your special case. Another example was the yellow icon in the Sending Mail category which was there because of an old backup version of Eudora 5 which I do not use anymore. I think I did receive a yellow rating because of two up-to-date email applications (Thunderbird and Outlook Express).

The most interesting categories in my opinion are the following two: Opening multimedia files and documents & Using other programs. It did detect some outdated applications (that I do not use regularly or forgot about). What I really like is the option to solve the issue right away by clicking on the solve button. This normally leads to a page where the updated application or patch can be downloaded.

It does not take long to update all the applications listed this way. F-Secure Health Check is an interesting service that excels in solving issues that have been found. A pity that it only works in Internet Explorer and that it requires Active X.

Related posts

• F-Secure Health Check 2.0 Beta Ditches ActiveX (4)
• Twitter Account Suspended? Be Careful What You Post (3)
• Run Multiple Anti-Spyware Tools With Hitman Pro (4)
• Infected or Not: Is your PC Infected ? (4)
• How To Run Commercial Antivirus Software Without Paying For It (21)

According to their statistics which are updated when scanning computers 10.90% of all PCs scanned were infected. PCs with Antivirus installed had a infection rate of 8.62% while PCs without Antivirus were infected 14.56% of the times.

Infected or Not displays the rate of infected PCs using a Google Maps mashup. France for instance is the country in Europe with the highest amount of infected PCs (16.41%) while Sweden (4.17%) and Germany (5.33%) have the least amount of infections. The United States has an infection rate of 10.34 btw.

The scan works with Firefox after installing an add-on which can only be uninstalled from the default installation location which is at C:\Program Files\Panda Security\NanoScan. Execute the file nanounst.exe to uninstall it again.

Antivir reported a trojan during installation and execution which can be considered a false positive. In case you are wondering why I have Antivir installed, I did not test this from my main computer.

Related posts

• Why Hackers take advantage of global events (0)
• Clam Win Antivirus (3)
• What You Should Do After Buying A New Computer System (18)
• Virus Total Uploader (2)
• Test your Anti-virus program (10)

It is no security software for beginners but excellent for advanced users and users who know someone who is able to draw the right conclusions from the security logs that have been generated. Another way to receive fast results would be to use the online script Hijack This logfile analysis. You can paste the logfile into the form field or upload the log from your computer and the script analyzes the logfile of Hijack This automatically.

It uses user input to determine whether something is a potential threat or not. This works most of the time but leads sometimes to unjustified ratings. I installed AV Antivir in a custom directory and the analyzer used this to indicate a possible problem. I think the best way to cope with this situation would be to briefly analyze the elements that could be malicious and decided if that is really the case. To use the above example: I knew that I did install it in that directory and therefor decided that the warning was not justified in this case.

If you are insecure about a certain setting ask in the well frequented support forum or search the internet for clues on the subject. Hijack This has a similar analyze this button build in which takes you to the website of the developer of Hijack This. They display information about everything that was found on your computer and how frequent it was found in other computers.

This could be an indicator for safeness but I would suggest that you perform additional searches to be on the safe side. You can download the newest version of Hijack This from TrendSecure by following the link in the first paragraph.

Related posts

• HijackReader analyse HijackThis results (6)
• Gernova Keylock (2)
• Windows Worms Door Cleaner (2)
• Windows Registry Watcher (5)
• What is connecting to the Internet (4)