What is the Emsisoft Online-Check and what does it do?

  • August 14, 2004
  • 6 min read


Unlike online-virus scanners which load a module on your PC to scan the harddisk just for viruses, the Emsisoft Online-Check is a comprehensive security-check. It searches for potential security risks in your PC configuration. Emsisoft Online Check also shows you what “public information” from your PC can be accessed by anyone on the internet. It is surprising how many details are available about you and your PC just by tracking the websites you visit.

This article describes what Emsisoft Online Check looks for and how to use the results to secure your PC.

Run the Emsisoft Online-Check now:
http://onlinecheck.emsisoft.com

To start the check, select all four tests and click on “Start Check”. Please note that the Online-Check was primarily designed for MS Internet Explorer. Mozilla based browsers (Firefox, Netscape 6+) report the first and the second test correctly.

  1. PortscanThe first test is the portscan. In this procedure the Online-Check server tries to connect to your computer using the ports most used by dangerous programs and trojans. Only about 100 ports of 65536 available ports are checked. If the Online-Check were to check all ports it would take hours or even days on a slow internet connection.The portscan tries to establish a connection on each port of your PC. If the connection request is successful, the port is open. Note: No data will be transferred to the port. If a connection can be established it will be closed immediately. The report shows you in real time which ports are open or closed.

    After the live scan overview a more detailled analysis of the results follows. The Online Scan produces a list of trojans or other dangerous programs that usually use this port. The Online-Check is not able to detect which program or trojan is listening on an open port. This does not mean that you have the program or trojan running on your PC, only that it could run. There may be a legitimate reason for the port being open – another ordinary program could be using it.

    Most ports are used by normal programs as well as by trojans. You should check to see if any of the listed normal programs are running on your PC. If not, there is a fair chance that a trojan is running on your PC using that port. Many trojans try to hide themselves by using ports that are commonly used by other legitimate programs such as a webserver or an FTP server in the hope that you don’t notice.

    Read more about ports and how to close them in our knowledgebase articles:

    What is a port?

    How can I close a port?

  2. Security-TestThe second test in the Emsisoft Online-Check shows information about your PC or network available to the public. Remember you are never completely anonymous while surfing the web!Your IP address

    This information is always available. Your IP number is like a telephone number, which can be used to trace you. Each computer connected to the internet has it’s own IP number. If you are using a proxy or NAT server to access the internet, only the IP of the proxy or NAT server can be determined.

    Your operating system

    Web browsers transmit a browser ID. This ID gives the browser name (e.g. Internet Explorer, Mozilla or Opera) and usually which operating system you are using. Any website publisher can easily determine which operating system you are using. This information is normally used by webmasters to create statistics about their visitors.

    Your browser

    It is very important for websites to know your browser indentification. Many websites are optimized for different browsers, in order for you to see the page correctly the software reads the browser ID and sends the appropriate page so that it displays correctly for you. Each browser has it’s own way to display HTML or execute JavaScript code. If you block or filter the browser ID with a firewall or other tool, you may see websites incorrectly displayed.

    Full browser identification

    Here is an example of a full browser identification text string. Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SP1)

     

    Browser languages

    Most browsers submit the language to which the browser is set each time you go to a web page. Webservers read this information and display the correct language pages automatically. E.g. if you go to www.emsisoft.com
    with a browser configured for German, you will be automatically redirected to the German page. At Emsisoft we support French and Spanish as well. If you use another language then English is displayed. You can edit the language settings in Internet Explorer in Tools, Internet Options “Languages” button.

    You have run the Online-Check n times before.

    Using “Cookies” it is possible to determine how many times you have visited a specific website. Your browser stores a small file on your pc containing this information. Storing your previous visits is not the only use for cookies. Cookies can contain information about how to log you in to a secure website. This is how a website can can welcome you back and even enter your user name and password for you. Cookies are not dangerous. They consist of a line of text which does not contain any executable code. Cookies do raise privacy issues though and tend to be used by advertisers to create a profile about you and the websites you visit. This information is then used to “target” advertisements which annoyingly popup when you are surfing.

    Public information about your IP address from the Whois Server

    Each IP address belongs to a block of IPs called an address-block. Address blocks are assigned to an owner – often an ISP (Internet Service Provider). Your ISP then assigns one of the IPs in the block to you when you connect to the internet. IP addresses can not be used randomly. There is an administrative body (IANA) for IP addresses which manages a database about the owners of IP blocks. The owner information is available to the public and can be requested by the Whois Servers. There are Whois servers for each continent of the world. The Emsisoft Online-Check requests the owner information for your IP address and displays the owner of your IP. Usually you will see the name and address of your internet service provider. Generally, given the Whois information, it is possible work out where in the world you are.

    For Example – Whois information for the IP of the Online-Check server is: (195.70.106.2):

    inetnum:      195.70.106.0 - 195.70.106.15
    netname:      EMSISOFT-SBGAT-NET
    descr:        Emsi Software GmbH is a security software provider
    descr:        Located in Oberndorf near Salzburg
    country:      AT
    admin-c:      CM273-RIPE
    tech-c:       CM273-RIPE
    status:       ASSIGNED PA
    mnt-by:       SALZBURG-MNT
    source:       RIPE

    Public information about your PC and network

    This check contacts your IP and tries to collect information about your PC. Unsecured Windows computers will show their operating system, network shares which are intended for internal use only can also be identified. Even if an attacker is not able to read your data because he doesn’t have the correct password, the attacker is able to see your network shares.

    Example of an unsecured Windows computer:

    Role: NT WORKSTATION

    Role: LAN Manager Workstation

    Role: LAN Manager Server

    Role: Potential Browser

    Platform: Windows XP

    Share: Documents

    Share: E$

    Comment: Default Share

    Type: Special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$)

  3. Exploit-TestThis test checks for any harmful dialer Active-X modules that may be installed on your computer. Dialers and other harmful Active-X modules are spread by dubious websites to hijack your browser. If any module is found at this check you are strongly advised to scan your computer with Emsisoft to remove the malware.
  4. Browser-CheckThe last test shows your browser configuration and it’s potential risks.
    VBScript is not dangerous in general, but when used by worm virus authors to embed harmful code in HTML emails it can be devastating. Make sure you have the latest security updates for your browser installed to protect against harmful VBScripts.

    Secure ActiveX Test:

    ActiveX controls are a kind of enhancement known as plugins for your browser (for example Flash or Shockwave). Whether or not an ActiveX control is secure is certified by the developer of the control. Badly written ActiveX controls can contain insecure code. Please note that Windows Update will not work without ActiveX controls.

    Unsigned ActiveX Test:

    Unsigned ActiveX controls may contain harmful code and therefore they should be deactivated. Sometimes things won’t work with out them, in which case, set unsigned ActiveX to prompt the user before running them. That way the user can decide whether or not to take the risk. Unsigned ActiveX controls are a favorite method for malware writers to get malware or dialers running on your PC.

    Internet Explorer makes a difference between signed and unsigned ActiveX controls. Always check controls with invalid signatures before you accept them and install them on your computer.

Have a Great (Malware-Free) Day!

What to read next