And indeed Secunia seems to have developed a very good reputation, by discovering a number of major vulnerabilities and getting their developers (commercial or open source) to fix them early.
Secunia provides security vulnerability advisories and maintains a list of vulnerabilities discovered by their research specialists (some of which are greyed out and marked "Pending Disclosure" ... interesting).
They also provide "Binary Analysis" reports for purchase but only by certain types of companies and organizations (so as not to help the crooks, I imagine). These are in-depth analyses of a restricted number of vulnerabilities that they apparently regard as the most dangerous and/or interesting.
If you examine the above lists, you should feel rather scared about what you're running on your system! You'll find some very familiar software free and retail products mentioned, ones that many of us use (such as media players, PDF viewers, Office suites, web browsers, and amazingly even security products too.
A lot of them are desktop products that run under Windows, the easiest and largest target for malware, but you'll notice that Linux and various enterprise platforms rate a mention here and there.
Apart from the Binary Analysis reports, Secunia also offers three types of vulnerability scanning:
- - Simple free online scan, run via your browser, and scans some 70 software products on your PC
- - A free personal desktop (home user) utility, called Personal Software Inspector, or PSI.
- - For enterprise users, a retail product called Secunia NSI (watch this Flash demonstration to find out more about NSI)
This article is about the free Secunia PSI desktop utility for Windows.
PSI version 1.0 was released in late November, after well over a year of beta testing by users all around the globe (including yours truly). I've been testing it for a week before posting this report.
Secunia's stated idea for the Personal Security Inspector was to make it possible for all PC users to secure the programs on their PCs, raise awareness about the need for patching insecure programs, bring software vulnerability reports ("which Secunia is famous for") to the end user, in a manner that makes sense and is feasible for all PC users, and provide the end users a single point with all relevant security information and patches.
From my experience, what does al this mean in practice?
PLEASE READ ON...