We’ve talked about Secunia’s online software inspector before. It doesn’t require that you download any application, and it operates completely through your browser. The purpose of using it is to find out-dated software on your computer. You may not see much of a threat in running an older version of an application, but your computer can be left vulnerable to attacks when it comes to things like web browsers or instant messengers.
A report by Secunia back in May stated that 28% of the applications being used are out-dated. With more than 33% of users running an old version of QuickTime, Secunia said "all it takes is one unpatched Quicktime vulnerability and a provocative video title to compromise a lot of visitors."
A new tool by Secunia called the Personal Software Inspector (PSI) hopes to make it easier for Windows users to know when there are new versions of their applications available. PSI is currently in a Beta state, but it is a free downloadable application that a user installs instead of being web-based like before. It examines the files on your computer (mostly EXE, DLL, and OCX files), and collects version information from them to be sent to Secunia’s File Signatures engine to make a comparison.
The great thing about this tool is that it sits in your System Tray constantly monitoring for more insecure software installations. If one is found it will give you the instructions needed so that you can upgrade to the latest version.
It’s important to know that this does not check for malicious software or whether your computer has already been compromised…it is just checking to see if you’re running the latest version of more than 4,200 applications.
Here are the benefits of using Secunia PSI:
- The Secunia PSI will be available free of charge
- Calculates your unique Secunia System Score
- Automatically scans your computer
- Enables you to update Insecure/End-of-Life software
- Provides Direct Download Links to security updates & patches
- Detects and advises on more than 4,200 applications
- Direct correlation between thousands of Secunia Advisories and your specific system and software
- Secure SSL encrypted connection to Secunia
I decided to try this out for myself on a computer I knew was running an out-dated version of Firefox (it’s my server which I don’t use for anything other than backups). I wanted to see what it would do, and what upgrade option it would offer me. It actually found that Internet Explorer 7 was out-dated as well as the version of the .NET Framework I was running. Firefox was the only one that offered a direct download link (clicking on it pulled up my default browser and initiated the download immediately), but the .NET Framework offered a link where I could receive more information:
Overall, I’m really impressed with this application and I think it has earned its place on all of my computers. It’s nice that Secunia is developing such an extensive application that is capable of monitoring more than 4,000 different programs for updates. I believe that it is the first of its kind to do this on such a large scale, and hopefully people will begin using it.
Download Secunia Personal Software Inspector
Thanks for the tip ’s’!
[filehippo.com]
Much smaller in scope and requires the .NET framework. But does the job for me.
I use File Hippo as well, although not regularly. Having it in your system tray is interesting, but it seems like it might slow down your computer some. Did you notice any performance issues?
Nice tool will be recommending this one for sure.
I didn’t notice much of a performance hit because I don’t think that it is regularly scanning for new software. The initial scan took a few minutes and it found the applications, and from there on out it probably just watches for new installations or something.
This is way better than the FileHippo update checker though since it is actively monitoring more than 4,200 applications. FileHippo has a pretty good database, but it is still limited compared to this one.
This article was labeled as such, and kind of provides a misleading description. This isn’t just my opinion, it’s also reinforced by the fact that two of the comments said they’d rather use the File Hippo update checker.
PSI IS NOT A SOFTWARE UPDATE MONITOR, it is a security analyzer. It only notifies you of updates that are security related, and only if the version you have installed has a known vulnerability. And it doesn’t just monitor installed software, it scans all executables and dlls on your system.
Although the File Hippo software update checker is handy, it serves a drastically different purpose than PSI.
Well the site does say that it provides:
Note that it also includes patches in the list. I’ve gone through the listing of products they have and there are entries for all of the products that I use along with the latest version of them. So maybe I’m just lucky that Secunia has all of my apps, and for me it is going to replace File Hippo’s update checker.
Don’t get me wrong, File Hippo’s update checker is a great app but Secunia can do the same job for me just a little more in detail.
At any rate, I give priority to be notified of updates that pertain to security patches. I want to be notified of those first before any others.
And maybe I’m wrong in thinking that PSI is a software update monitor, but from my point of view it really is. It is monitoring the software I have installed for updates (even if they are only security updates as you say). It says that right on their site.
Ryan, I think Ian is correct. Secunia PSI doesn’t try to keep all your software up to date, e.g., for the newest functionality. It looks for application versions that either have known security holes, or that are end of life, and lists them for you, with convenient links to the download sites for secure versions, when available.
There is a screencast on Secunia PSI here:
[mainstream-guides.com]
I’m sure he is right, I just couldn’t find an instance where Secunia didn’t point me to the latest version.
Well, for about the last several months Secunia has regularly made false positive identification of insecure Adobe software, prompting people to download patches, when in fact those patches have already been applied. They have not updated their system to inspect those relevant files that are actually updated. Adobe does not update any global version, so this can be confusing. However, software like Secunia should not make such error — and so regularly. Just recently, I simply rescanned and got back that I had no insecure files. Others who posted in the Secunia forum just kept downloading re-patching using the recommended Secunia patches, and got nowhere.
Moral: Secunia recommendations must be taken with a grain or two of salt.