Revisiting Secunia’s Personal Software Inspector

Security vulnerability research firm Secunia has released a public beta of its Personal Software Inspector tool, a program designed to help Microsoft Windows users keep their heads above water with the torrent of security updates for third-party applications. The new beta version includes the promised auto-update feature that can automatically apply the latest patches for a growing number of widely-used programs.

Secunia first announced in March that it would soon make the auto-update feature available to consumers, noting that the average PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that  typically run on top of it.  The new beta version doesn’t allow auto-updating for all applications, although Secunia says the list of applications that can be auto-updated through its tool will grow as the public beta progresses.

Overall, PSI 2.0 Beta seems to work quite a bit faster and use fewer resources than earlier versions. But my main concern in allowing third-party programs to update through PSI has so far been — ironically — relinquishing control over the update process. That’s because many “free” applications — such as Java, Adobe and Foxit readers — are free because a number of users never bother to deselect the check mark in the box next to offers to install additional software that is often bundled with these products, including virus scanners and various browser toolbars.

I am happy to report that so far this has not been an issue. On my test installation of the PSI 2.0 beta, it allowed auto-updating for 10 installed applications, including Adobe AIR, Flash Player, Foxit, Firefox, Thunderbird, Opera, Pidgin, Skype, Java, and xChat. The PSI tool updated all of those apps without any unwanted add-ons or toolbars that I can see.

Stefan Frei, research analyst director at Secunia, said the company wants to hear from users who receive more than just the security update.

“We always try to provide updates without unnecessary add-ons, but this is exactly the kind of of feedback we are looking for during the beta,” Frei said in an e-mail to KrebsOnSecurity.com. “So far we haven’t received any support cases indicating that we don’t hit it right on, but it is something we [are] aware of and will address if we receive any reports from users who find that it could be optimized.”

If PSI can’t auto-update any programs, it includes a clickable “Install Solution” link in the tool that fetches the executable update directly from the vendor’s Web site.

For those who don’t want to install PSI, Secunia makes available on its site an online version of this tool — Online Software Inspector — although the OSI requires users to have Java installed (PSI does not require Java).

If you’ve used the new PSI Beta, please sound off in the comments with your experiences.

Оставьте комментарий