Next version of vulnerable software inspector unveiled by Secunia

News by SC Staff

Secunia has announced the beta launch of the next version of its Personal Software Inspector (PSI).

Secunia has announced the beta launch of the next version of its Personal Software Inspector (PSI). 

The vendor of vulnerability management solutions said PSI 3.0 includes extended automatic patching and a simplified user interface; it is designed "to help reduce the chore of keeping software programs secure and up to date".

Using the Secunia Package System to offer extended automatic patching, the free software removes the dependency on vendors providing silent installers. After examining all the files on the local hard drive, the collected data is sent to Secunia's servers, which match the data against the File Signatures engine, which provides a detailed report of the missing security-related updates for the user's system.

PSI automatically performs scans every seven days to ensure that the latest secure versions of the software is installed. The final product is set for release in June.

PSI is a free security scanner aimed at home computer users, and reduces the number of programs users need to update manually to stay secure. It automatically detects insecure programs from all software vendors and downloads and installs the required updates without any intervention from the user.

Thomas Kristensen, chief security officer at Secunia, said: “Though some of the larger software vendors have begun to provide automatic update mechanisms, we still see too many users ignoring the update requests. With PSI 3.0 we have included silent auto updates for as many programs as possible, because we have learned that the users do not want to be interrupted in order to accept and update when they are trying to work.

“The goal is to be able to help all users over time almost completely eliminate the update burden, by automatically installing all security-related updates for common end-user programs. We are aiming to make PSI 3.0 the only tool users need to keep all their software up to date."

Morten Rinder Stengaard, director of product management and quality assurance at Secunia, told SC Magazine that PSI 3.0 is solely intended for private users and he did not foresee a business edition or capabilities for endpoints to be centrally managed in the final release.

“The whole purpose of the beta is to test the product, but just as importantly to get inputs from the users as to which features they would like to see in the final release,” he said.

Security blogger Brian Krebs said: “When I ran the beta version, it found and automatically began downloading and installing fixes for about half of the apps that it detected were outdated. The program did find several insecure apps that it left alone, including iTunes, PHP and Skype; I suspect that this was based on user feedback.

“It may also just avoid auto-patching busy programs (all three of those applications were running on my test machine when I installed PSI 3.0); for these, PSI presents the ‘run manual update', or ‘click to update' option.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews