Secunia’s Auto-patching Tool Gets Makeover

Vulnerability management firm Secunia has shipped a new version of its auto-patching tool — Personal Software Inspector 3.0 – a program for Windows users that can drastically simplify the process of keeping up-to-date with security patches for third-party software applications.

The final release of PSI 3.0 supports programs from more than 3,000 software vendors, and includes some key changes that address shortcomings identified in the beta version that I highlighted back in February.

The 3.0 version of PSI still keeps auto-patching on by default at installation, although users can uncheck this box and choose to manually install all available updates for third-party programs. Unlike the beta version — which was radically devoid of tweakable options and settings — the version released this week provides a more configurable interface that should be more appealing to longtime users of this tool.

Users also can review the history of installed updates, and select which hard drives should be scanned, options absent from the beta release. PSI 3.0 also lets users create rules that tell the software to ignore updates for particular programs.

Overall, the new PSI strikes a fair balance between configurability and ease-of-use, and is a notable improvement over the beta version. However, I had trouble with the program after installing it on my test machine — a Windows 7 64-bit machine with 8 GB of memory. The program seemed to get stuck on scanning for updates, and for an excruciating eight minutes or so the software sucked up most of my machine’s available memory and processing power. The only way I could get my system back to normal was to reboot the system.

I thought I’d give it a second try, but I could not replicate the problem after removing and reinstalling PSI 3.0. Neither could Secunia, apparently, even after I shared with them the program’s event logs.

“From the log file it seems that the application stopped for about 8 minutes and then continued scanning, but we have not been able to reproduce this behaviour at our end,” wrote Morten R. Stengaard, director of product management and quality assurance at Secunia.  “And despite +100,000 users trying the product during the beta, we have not had this type of issue reported before, so we are struggling a bit here. But perhaps we will see more users with the same issue now that we have launched the final product, and have more users signing up.”

Secunia also released some updated stats on the most commonly outdated pieces of software for Windows, based on a random sample of PSI scans from May 2012. According to Secunia, the top three most exposed programs by risk exposure (calculated by percent of market share x the average percentage of unpatched users) are:

Java JRE 1.6/6.x (31% unpatched)(83% market share)(51 CVE)
Apple QuickTime 7.x (35% unpatched) (60% market share)(46 CVE)
Adobe Shockwave Player 11.x (67% unpatched) (31% market share) (50 CVE

The latest version is available here. I’d be interested in hearing from other readers who have installed this updated version of PSI. How did it go? What were your overall impressions? Please sound off in the comments.

Оставьте комментарий