Maintaining updates to software on your computer is critical to the overall health of your system and for your protection. The people who dwell on the “underbelly of the internet” devote their efforts to finding vulnerabilities in software to use against you (i.e. identity theft to automatic installation of viruses, trojans, keyloggers, or other code). Granted, in all appearances, the popular software programs are the primary targets; however, do not let this make you complacent. A vulnerability can be found in any software that will allow a criminal hacker to use it against you to penetrate your system. I know it is very frustrating that every time you turn around you have to update something, but the software vendors take great effort in identifying the vulnerabilities and providing the updates to protect you.
I recently did a post titled, “Too many software updates?”, which featured software (UpdateStar) that was geared toward performing an analysis (scan) of your computer and listing those software packages on your system that needed updating. Today, by chance, I came across another software update scanner, called Secunia PSI (Personal Software Inspector) that is different in the aspect that it is a “security tool” with the sole purpose of helping you secure your computer from software vulnerabilities.
Securnia PSI is not a tool designed to tell you when your system has already been compromised. It is a prevention tool that can monitor your system for insecure software installations, notify you when an insecure application is installed, and even provide you with detailed instructions for updating the application when available. Secunia PSI is software in development and is currently being published as a “release candidate” (Version 0.9.0.6 Release Candidate 4 – RC4, 13th November 2008).
The first time you perform a scan with Secunia PSI, it will take approximately a minute to complete the scan and produce results that will list the insecure program(s), a threat rating and the solution (which is the actual download link for the program update). Another feature is that there are 2-(two) GUI (graphical user interfaces) to select from. By default, the program starts in a “Basic” interface mode. You can enter the “Advanced” interface mode, by clicking on the “Advanced” link at the top right corner of the application window. The “Advanced” mode provides a whole range of information (see list below).
Basic Interface Mode
Scan In Progress
(click to enlarge)
Advanced Interface Mode
(click to enlarge)
The “Advanced” mode tabs provides the following information:
Overview Tab – provides a summary of the scan to include a system score, last full system scan, state of all of the programs, and a pie-chart program overview.
Insecure Tab – displays programs that the Secunia PSI has detected on your computer for which there are known security updates available.
End-of-Life Tab – displays programs that the Secunia PSI has detected on your computer, which the vendor no longer supports.
Patched Programs Tab – displays programs that the Secunia PSI has detected on your computer for which there are no known security updates available.
Scan Tab – detects programs installed on your computer and determine whether any of them are missing any security related updates (Insecure), or whether the vendor has stopped supporting the product (End-of-Life).
Settings Tab – provided options to change the behaviour of the Secunia PSI using the PSI Settings. NOTE: You have an option to “Start Secunia PSI on boot” and to “Enable Program Monitoring”. Both of these setting I unchecked and have opted to perform manual scanning.
Secunia Profile Tab – form is provided to allow you to create and update an online Secunia profile.
Feedback & Support – form is provided to let Secunia know what you think about the Secunia PSI
I found Secunia to be quite good in identifying the software on my system (including external drives). It should also be noted that Secunia also provides a FREE online version of the scanner called Secunia OSI (Online Software Inspector) and a commercial version of the scanner called Secunia NSI (Network Software Inspector).
The Secunia PSI has gone Final. Following this post, Secunia contacted me and advised that Secunia PSI has come out of testing. Version 1.0 has been officially released. You can get the new version by clicking on “Get It Here”