The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

The Secunia Personal Software Inspector

Share:
So you have all the patches from Microsoft applied automatically, Firefox updates itself as well as its extensions... But do you still have vulnerable, outdated software? Last weekend I decided to try the Secunia Personal Software Inspector, which is free for personal use, on my home gaming computer. The Secunia PSI helps find software that falls through the cracks of the auto-update capabilities. I was pleasantly surprised. It has a polished normal interface as well as an informative advanced interface. It ran quickly and found obsolete versions of Adobe Flash installed concurrently with newer ones, and pointed out that Firefox wasn't quite up-to-date as the latest patch hadn't been applied.

When I made the Cassandra system years ago, I was also dreaming of something like this. It is limited to finding vulnerable software by version, not configuration, and giving links to fixes; so it doesn't help hardening a system to the point that some computer security benchmarks can. However, those security benchmarks can decrease the convenience of using a computer, so they require judgment. It can also be time consuming and moderately complex to figure out what you need to do to improve the benchmark results. By contrast, the SPI is so easy to install and use that it should be considered by anyone capable of installing software updates, or anyone managing a family member's computer. The advanced interface also pointed out that there were still issues with Internet Explorer and with Firefox for which no fixes were available. I may use Opera instead until these issues get fixed. It is unfortunate that it runs only on Windows, though.

The Secunia Personal Software Inspector is not endorsed by Purdue University CERIAS; the above are my personal opinions. I do not own any shares or interests in Secunia.
Edit: fixed the link, thanks Brett!

Comments

Posted by brett maxwell
on Tuesday, September 22, 2009 at 09:15 PM

fyi, your link is broken, but I googled and found it and found it very useful, thanks!

Posted by Steve Lodin
on Friday, September 25, 2009 at 02:24 PM

I, too, have appreciated the Secunia PSI tool as another layer of defense.  I’ve been a user since it came out in beta and find that periodically running it to check for missing patches on various Windows systems at home works pretty well.

I agree that a cross-platform version running on MacOS and Linux would be good to identify missing patches or out-of-date software installations.

Posted by Milo Velimirović
on Thursday, October 1, 2009 at 02:48 PM

I’m loathe to install a security application that doesn’t bother with a digital signature to verify its installer’s authenticity. It doesn’t give me a nice warm fuzzy feeling about Secunia to see that they don’t bother with following security “best practices.”

Posted by Pascal Meunier
on Thursday, October 1, 2009 at 03:09 PM

Good point, but you can download it by using SSL, so you at least know that it really came from their servers:

https://secunia.com/PSISetup.exe

Unfortunately, the link that they provide by default is plain vanilla HTTP;  you have to add the “s” manually.  However, I agree that a signature would be even better, so that tampering with the version on their servers would be detectable.  Thanks for your comment.

Posted by Simon
on Tuesday, January 12, 2010 at 06:20 AM

I don’t think adding an ‘s’ manually should be enough to dissuade people from using this. I’ve tried it and it was pretty effective. There were a few things it couldn’t remove, but at least I’m aware of them now.

<a href=“http://www.lexiauk.co.uk”>Phonics</a>

Posted by Kathy Nguyen
on Wednesday, January 13, 2010 at 05:33 AM

I love this product. It makes it so easy to track software updates. It works so much better than competitor TechTracker. Secunia Personal Software Inspector is must to keep the computer safe.

Kathy

Leave a comment

Commenting is not available in this section entry.