Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 04 December 2008 14:31

Secunia Personal Software Inspector version 1.0 released

By
HTML clipboardThe first official version of the Secunia Personal Software Inspector (PSI) , a software vulnerability scanner has just been released. This is a top-rating Windows security tool that's free for home users.

HTML clipboard

Danish company Secunia has set itself the target of being "the leading vulnerability intelligence provider and distributor in the world - second to none."

And indeed Secunia seems to have developed a very good reputation, by discovering a number of major vulnerabilities and getting their developers (commercial or open source) to fix them early.

Secunia provides security vulnerability advisories and maintains a list of vulnerabilities discovered by their research specialists (some of which are greyed out and marked "Pending Disclosure" ... interesting).

They also provide "Binary Analysis" reports for purchase but only by certain types of companies and organizations (so as not to help the crooks, I imagine). These are in-depth analyses of a restricted number of vulnerabilities that they apparently regard as the most dangerous and/or interesting.

If you examine the above lists, you should feel rather scared about what you're running on your system! You'll find some very familiar software free and retail products mentioned, ones that many of us use (such as  media players, PDF viewers, Office suites, web browsers, and amazingly even security products too.

A lot of them are desktop products that run under Windows, the easiest and largest target for malware, but you'll notice that Linux and various enterprise platforms rate a mention here and there.

Apart from the Binary Analysis reports, Secunia also offers three types of vulnerability scanning:

  • - Simple free online scan, run via your browser, and scans some 70 software products on your PC
  • - A free personal desktop (home user) utility, called Personal Software Inspector, or PSI.
  • - For enterprise users, a retail product called Secunia NSI (watch this Flash demonstration to find out more about NSI)

This article is about the free Secunia PSI desktop utility for Windows.

PSI version 1.0 was released in late November, after well over a year of beta testing by users all around the globe (including yours truly). I've been testing it for a week before posting this report.

Secunia's stated idea for the Personal Security Inspector was to make it possible for all PC users to secure the programs on their PCs, raise awareness about the need for patching insecure programs, bring software vulnerability reports ("which Secunia is famous for") to the end user, in a manner that makes sense and is feasible for all PC users, and provide the end users a single point with all relevant security information and patches.

From my experience, what does al this mean in practice?

PLEASE READ ON...



Microsoft users are used to regular (often weekly) updates for fixing functions and security of  Windows, Microsoft Office, and other software. Other software providers — commercial, shareware, open source — usually provide some sort of mechanism for automatic or manual checking for updates and installing them.

Importantly, not all software providers offer such mechanisms. Many users have no idea about the overall status of software o their PCs. Are new versions or patches/fixes available? How do I get them for some of the obscure software on my system? If they're security fixes, will I get them applied in time to prevent exploits?

This is where Secunia PSI steps in, and in my opinion does a good job. It provides you with regular and consistent awareness of and control over the patching a wide range of Windows software. That is, it prods and nudges you and gets you to improve your software housekeeping that you might otherwise put off mañana (and we all know that tomorrow never comes).

PSI is a very lightweight utility, with a download size of only 0.5 Mb, and is available in English, Danish and German. It installs quickly, sits unobtrusively in the Windows system tray continually monitoring for threats, popping up warnings and information about software installations/uninstallations.Secunia PSI scan, showing potential security threats.

You start off a scan whenever it pleases you, and it works its way through your system examining a wide range of Windows programs and determining if each one is missing important security patches and updates.

Click on the adjacent thumbnail to see the results of a recent scan on my own system. Here's a brief explanation of the numbered points.

Point (1) shows that I have aback-level version of WinZip installed, which I know about but rarely use and so I'm not at all concerned about this, but at least PSI keeps reminding me about the potential security exposure from WinZip 7.

Points (2) and (3) relate to Adobe Systems software that I have now removed. I've explained that I don't use Adobe Reader any more (see Foxit Reader 3.0 released, now it's even easier to read PDF documents) and Adobe AIR was there for an old test and not used any more anyway.

Points (4) and (5) warn me about version 2 of Firefox and OpenOffice being out of date, but I was about to upgrade to the latest verion (release 3) of both of these anyway, and have done so now.

Point (6) reminds me that I have multiple older versions of Java Runtime Environment installed (there are some technical reasons for this), and I've subsequently updated to the jazzy new version anyway (see Sun releases a major Java runtime and SDK update - Java SE 6 Update 10).

Regarding point (7), I'm not too sure why I even have WinPcap on  my system, but at least I know that it's a back-level version!

Point (8) is a column showing Secunia's threat rating level (amber and red indicate that some action should be taken).

Point (9) is a beauty. If you click on the "download" icon in a given row, you are transferred to the download function (usually a web page) for obtaining the current release of the product in the two of the report, obviating a painful hunt to find how to get and apply the update. And point (10) takes you to the Secunia forum where tou may find out more about issues with the product.

Finally, point (11) is a chart that builds up over time to show status of vulnerabilities over time on your system,

I heartily recommend that you install and keep actively using Secunia PSI.

See all my articles, including podcasts ...
A Meaningful Look at Desktop and Enterprise Computing

Have some fun and test your grey matter at the same time!
Go visit the iTWire TechWords Interactive Crosswords section.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.

JOIN WEBINAR!

BACK TO HOME PAGE
Tony Austin

Worked at IBM from 1970, for a quarter century, then founded Asia/Pacific Computer Services to provide IT consulting and software development services (closed company at end of 2013). These says am still involved with IT as an observer and commentator, as well as attempting to understand cosmology, quantum mechanics and whatever else will keep my mind active and fend off deterioration of my grey matter.

BACK TO HOME PAGE

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments