Security Score rates your PC's state of security
If you had to assess your computer's security setup, how good - or bad - would you say it is? Would you say it is well protected against threats you may encounter locally or remotely, or can't you really say how good the security software and settings are?
Opswat's Security Score may help you if you want to a third party assessment of your PC's state of security. Here is how it works. All you need to do is run the program after you have downloaded it to the PC you want to check. You need to check the "I agree to the terms and conditions" box on the start page and click on the start button afterwards to run the scan. The scan itself should not take longer than 30 seconds to complete.
The program displays the overall score, the maximum is 100 on the same page. Here you also see the scores of areas the program has scanned.
Green groups highlight areas where you have scored a perfect score, yellow a normal score and red a bad score.Â The program scans the system for the following information:
- Firewall: whether a firewall is installed and enabled on the system.
- Hard Disk Encryption: whether encryption software is installed and if data on the primary hard drive is encrypted
- Patch managed: whether Automatic Updates are enabled.
- Backup: whether backup software is enabled and backups have been created.
- Public file sharing: if P2P software is installed on the PC.
- Antivirus: If antivirus software is installed, if it supports real-time protection, when it was updated the last time and whether a full system scan was performed recently.
- Anti-Phishing: If Anti-Phishing is enabled in browsers - only Internet Explorer and Firefox are listed - and if third party software is installed that protects the PC from phishing attacks as well.
The quick rundown is interesting for a quick glance but it is not the best representation of a system's state of security. You do get a 20/20 backup score for instance if you are using Dropbox and syncing data regularly to the service. You get that score even if you do not sync important files with the file hosting service.
The same is true for patch management for instance. If you prefer to update Windows manually and in time you will get 0 points for patch management even though your system's is well protected in this regard.
The program can help you get a quick overview of the state of security of a Windows installation. While it won't go far beyond that, it is helpful to get an overall impression of the security. The program could use some work, scan popular software like web browsers or browser plugins for instance or check if all updates are installed for Windows on top of what it is making available right now.
93/100 hooray :D
But I too think the test is skin-deep, at most. No check for sandboxes, vm, disabled flash/java contents in browsers etc pp. Plus it does not know, if you backup using robocopy.
Like you said, it can be an indicator, if you want to do a quick check on someone’s pc. Advanced pc users read what the software scans for and think: Got it, got that too, this too ….
so if you look at it this way, you could even argue that the sofware possibly obscures potential risks with it’s superficial “tests”.
i run the stock win8 firewall without manual control: 5/5 points, sure.
i’ve got utorrent installed, p2p score: 2/5. who cares if i use peerblock, too…
hdd encryption 10/10. never touched bitlocker settings, though the service may still be running. very sercure, huh?
just ran it. nice and simple design. borderline useless. wouldn’t recommend it.
It didn’t say anything about the polymorphic virus payload I have put in my PC for nosy people. Labeled: A Young Boy and His Priest.mp4
Interesting interface, and that’s about it.
Might be adware; I first used it November 2012, it uodates at least monthly, for first two months scored me “89”, OS/programs updated regularly (as usual) all times and nothing at all added/deleted/changed for any test; since last week’s OPSWAT tool update, now tells me score is “79” due to Microsoft as system backup (now scores it 10 out of 20) but that I can get a better score now by using an OPSWAT gold certified product for backup.
It seems to ding my score for not using a “certified” program, other times no ding. No MS apps are certified. Their insistence on “certified” programs does not speak to the issue of just what certification really means. If it means anything other than they have ensured that an app can be recognized by their program, they have bitten off much more than they can chew. It is beta however.
To determine whether a Windows box (from XP onward) is properly patched, there are two free applications that I would consider essential: the Secunia Personal Software Inspector (PSI) and the Belarc Advisor.
The PSI monitors the OS in real-time for necessary security updates and patches from Microsoft, and can be configured to automatically update most of the commonly-installed applications that it also monitors for security-related deficiencies (such as the Adobe Flash and Shockwave players, the Java Runtime Environment, various major third-party browsers). (Though the current version is 3.0, I personally prefer v2.0, as it is offers greater configurability and additional options — https://secunia.com/products/consumer/PSI/sys_req/ .)
Occasionally, a MS update does not properly install, even though a Windows (or Microsoft) Updates scan shows that it has; that is where the Belarc Advisor (http://www.belarc.com/free_download.html) proves to be an invaluable tool. It has the ability to determine not only whether all necessary current updates are present, but also whether they are properly installed and functioning; if any are not, download links are provided for the individual installers (one may also need to perform a search for additional information related to the successful installation of a particular patch, such as sometimes occurs with the .NET Framework). In addition, the Belarc Advisor also provides an almost overwhelming amount of information about the system (though personal users can safely ignore the inevitably low Security Benchmark Score that will be reported; that feature is designed for Enterprise users).