A Must Have Security Application – Secunia PSI 3.0 Final Release

I’ve long made it a practice to treat my Windows machines as if they have already been compromised. No, that’s not paranoia – that’s 30+ years of practical hands on computing experience.

If there’s one thing that experience has taught me it’s this – I don’t know what I don’t know. More particularly – I don’t know if any/some/all of the applications (including the operating system), I run on these machines have critical security vulnerabilities that I’m unaware of. And, yet to be discovered critical security vulnerabilities have been, and continue to be, a constant.

A recent example:

The Flame virus went undetected for two years by every online security firm.

Just today:

Chrome 20 fixes 20 security vulnerabilities

Winamp 5.63 fixes four critical security vulnerabilities

Old advice (beating a dead horse advice) –

“Keep all applications (including your operating system) patched, and up to date. Taking this simply step, reduces the likelihood that malware will become an issue a user will have to deal with – significantly. Cybercriminals use vulnerabilities in applications as entry points and gateways to compromise computers which can give access to confidential data such as passwords, online profiles, and bank details. Attacks exploiting vulnerable programs and plug-ins are often not blocked by traditional anti-virus applications.”

Sounds like good, practical advice – and it is. But as those of us involved in computer security know; this is advice that is not always followed. Some hold the view (including me), that it is rarely followed.

One particular application that I have reviewed and recommended a number of times – that assists users in keeping a system fully patched is – Secunia Personal Software Inspector (PSI) – which constantly monitors a system for insecure software installations.

Secunia is justifiably proud of the fact that there are currently 5 Million users running this free protection application – but, from a personal perspective, I’m shocked at this low number. It should be 500 Million users! What is wrong with people that they fail to understand the advantages of ensuring that their system/applications are patched and up to date?

There’s less reason now, than ever, to disregard the critical advice offered above. Today, Secunia launched version 3 of its free Personal Software Inspector (PSI), with a host of new features.

PSI 3 with its dramatically simplified user interface and intuitive preferences, takes the burden out of updating and patching – and, most importantly, helps users safeguard their computer, and data, against cybercriminals.

The new version makes patching software more comprehensive, automatic, and easier than ever. How simple is that?

How simple is it? The following screen captures illustrate.

On program launch a simple click on “Please run a scan” gets things moving.

A full scan takes no more than a few minutes.

In this test, PSI picked up one application that needed updating. You might think that VLC (VideoLAN), would be relatively safe from being manipulated by cyber criminals. Unfortunately, you’d be wrong.

In July of last year VLC, when downloaded from other than the developer’s website, came bundled with malware. A reminder as to why it’s so important to download from the developer’s site, or a recognized download service.

PSI automatically, and in the background, downloaded (from the official site) and installed the most recent version of VLC – raising the machine’s score from 98% to 100%.

Fast facts:

Simple User Interface – Dramatically simplified user interface displays the key information that users need to know: scan results, the security status of installed software, and when these programs are up-to-date.

Automatic Patching – With the Secunia PSI 3.0, users receive automatic updates for all software supported by the application. Previously Secunia only provided automatic updates for vendors that made automatic updates available.

Localization – The Secunia PSI 3.0 can be installed in any one of five languages including French, Spanish, German, Danish and English.

Program Ignore Rules – Users have the ability to ignore updates to a particular program by creating ignore rules. This can, for example, be relevant if a user has an application that depends on an older version of another program or plug-in. Users may reverse this selection at any time. Users also have the ability to view the file location and version number of an installed program.

History – Reports about the updates installed and scans conducted can be accessed at any time through the history feature.

Share – A new share link allows users to post a link on Facebook or Twitter feeds, making it easy for friends to try out the Secunia PSI 3.0.

Settings – The settings menu allows users to select whether or not to install updates automatically, and which drives are to be scanned.

System requirements: Windows 7, Vista SP 1 or later, XP – SP 3 (32 bit and 64 bit).

Available languages:

Download at: Secunia

Secunia PSI 3.0, by installing the latest security updates that a vendor of an application has released, offers a real solution which helps users avoid becoming a victim of a hacker exploiting vulnerabilities in installed software. Installing this free application should be a no-brainer.

For all the critical “yeah, but” experts who troll the Internet – it’s undoubtedly true that no security application is perfect. However, used properly, PSI 3 adds another layer of effective security.

Secunia PSI 3.0 (Beta) – Automatic, Comprehensive Patching Of Insecure Applications

One of the most frequently repeated pieces of advice on this site is – “Keep all applications (including your operating system) patched, and up to date”. Taking this simply step, reduces the likelihood that malware will become an issue a user will have to deal with – significantly.

Sounds like good, practical advice – and it is. But as those of us involved in computer security know; this is advice that is not always followed. Some hold the view (including me), that it is rarely followed.

One particular application that I have reviewed and recommended a number of times – that assists users in keeping a system fully patched is – Secunia Personal Software Inspector (PSI) – which constantly monitors a system for insecure software installations, notifies the user when an insecure application is installed, and then provides the user with detailed instructions for updating the application, when available.

There’s less reason now, than ever, to disregard this critical advice. Today, Secunia launched version 3 (Beta) of its free Personal Software Inspector (PSI), with a host of new features. The new version makes patching software more comprehensive, automatic, and easier than ever. How simple is that? PSI 3 takes the burden out of updating and patching.

Fast facts:

Extended automatic patching using the Secunia Package System (SPS), removing the dependency on vendors providing silent installers.

It automatically detects insecure programs – from all software vendors, not just those from Microsoft – that need updating.

The Secunia PSI then downloads the required security updates and installs them without any effort from the user, making it much easier to maintain a secure PC.

New and dramatically simplified user interface

Non-intrusive authenticated vulnerability and patch scanning

Auto-update of programs

Covers programs and plug-ins from thousands of vendors

Unprecedented accuracy

Reports security status for each.

Wondering just how PSI does its job? Secunia explains:

The Secunia PSI works by examining files on a computer (primarily .exe, .dll, and .ocx files). These files contain non-specific meta information provided by the software vendor. This data is the same for all users and originates from the installed programs on your computer — never from their configuration.

After examining all the files on the local hard drive(s), the collected data is sent to Secunia’s servers, which match the data against the Secunia File Signatures engine. This information can then be used to provide a detailed report of the missing security related updates for the user’s system. The Secunia PSI automatically performs scans every seven days to ensure that the latest secure versions of the software is installed.

The Secunia PSI 3.0 (beta) can be downloaded from Secunia’s website now at Secunia.com/PSI.

Previous reviews of this must have application here include:

Not Running Secunia PSI? Why Not?

Secunia Personal Software Inspector – Insurance Against Vulnerabilities

How secure do you think you are? Run a quick scan of your computer with Secunia Online Software Inspector.

About Secunia:

Founded in 2002, Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats, risks across their networks, and end-points. This is enabled by Secunia’s award-winning Vulnerability Intelligence, Vulnerability Assessment, and Patch Management solutions that ensure optimal and cost-effective protection of critical information assets.

Secunia plays an important role in the IT security ecosystem, and is the preferred supplier for enterprises and government agencies worldwide, counting Fortune 500 and Global 2000 businesses among its customer base. Secunia has operations in North America, the UK, and the Middle East, and is headquartered in Copenhagen, Denmark.

Avoid Accidents On The Internet Highway By Patching Your OS AND Applications

This morning, I read Ed Bott’s latest (Bott is a favorite of mine) – If your PC picks up a virus, whose fault is it? Here’s a summary –

Want to avoid being attacked by viruses and other malware? Two recent studies reveal the secret: regular patching. A fully patched system with a firewall enabled offers almost complete protection against drive-by attacks and outside intruders.

While reading through Bott’s  article, I was certainly put in mind of Yogi Berra’s often quoted “This is like deja vu all over again.” Current Internet security, and the best practices associated with it, really is “deja vu all over again” – and over, and over, and over. The fundamentals haven’t changed. Common sense is as much in vogue now, as it ever was.

In his article (which is worth a read), Bott relies on two recently released studies to bolster his point, that staying safe online, begins with “regular patching …….. the single most important element in any security program”.

Since the underlying theme is something I hammer on here, on a regular basis, it goes without saying that I agree with Bott, and the data generated in the studies. With that in mind, I’m reposting an article which I wrote in July 2010 – If You Get A Malware Infection Who’s Fault Is It Really? – which underscores the importance of patching not only the operating system, but the often neglected patching of installed applications.

If You Get A Malware Infection Who’s Fault Is It Really?

The security industry, especially security analysts, and for that matter, computer users at large, love to dump on Microsoft when they get a malware infection. If only Microsoft got their act together, the theory goes, and hardened Windows more appropriately, we wouldn’t have to deal with this nonsense.

But, what if it isn’t entirely Microsoft’s fault? What if it’s really a shared responsibility split between Microsoft, third party software developers, and the user?

From time to time, I’m accused of being “too frank”; usually on those occasions when diplomacy needs to be put aside, so that realities can be dealt with. For example, I’ve left myself open to criticism, in some quarters, by stating on more than one occasion –

It has been my experience, that when a malware infection occurs, it’s generally safe to say, the user is, more often than not, responsible for their own misfortune.

Computer users, by and large, are lackadaisical in securing their computers against threats to their Internet safety and security.

Strong statements I’ll admit, but if you consider the following, which I have repeated over and over, you’ll understand why I feel comfortable making this statement.

Not all users make use of Microsoft’s Windows Update so that they are current with operating system critical updates, and security fixes. More to the point, few users have given consideration to the vulnerabilities that exist in third party productivity applications and utilities.

Unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses – it’s just plain common sense.

The just released Secunia Half Year Report – 2010, shows “an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored”, supports my view that security is a shared responsible, and blaming Microsoft simply ignores the reality.

The report goes on to conclude, “users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming. Ultimately this leads to incomplete patch levels of the 3rd party programs, representing rewarding and effective targets for criminals.”

Key highlights of the Secunia Half Year Report 2010:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.

In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.

A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The full report (PDF), is available here.

Each week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

There is a solution to this quandary however – the Secunia Personal Software Inspector (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Link: Secunia Online Software Inspector

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Not Running Secunia PSI? Why Not?

Despite the fact that burglaries are at an all-time high in my neighborhood, and despite the fact that the Police regularly caution residents to lock both windows and doors when not at home, one of my close neighbors always leaves at least one window open while she’s out. I have to say – it just boggles my mind.

Throughout the summer she is out of town every weekend and, you guessed it – she still leaves at least one window wide open. Her behavior, not to put too fine a point on it – is idiotic. If you’ve ever wondered why your home owners insurance policy is more expensive than it needs to be, it’s partially due to lamebrains like my neighbor.

Computer systems running insecure and unpatched applications are analogous to the open window in my neighbor’s house, and are a common gateway used by cyber-criminals to infect unaware users’ machines. Worse, unlike the aftereffects of a home burglary, which are rather self evident, a compromised computer can often remain undetected.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you close any “open windows” in your operating system, by keeping your installed applications current and up-to-date. And, Secunia, the leading provider of Vulnerability Intelligence, can help you do just that with its free application – Secunia Personal Software Inspector (PSI).

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

During the install process, you will have an opportunity to select “Auto Updates”. I suggest that you take advantage of this feature.

Again, during the install process, you will have an opportunity to select “full changes in the tray icon”. If you have selected “Auto Updates”, as per the previous window, you should select this option.

The settings menu provides a full range of adjustments so that you can configure the application to more accurately meet your specific needs.

The following screen capture illustrates a security scan in progress. The full scan took under two minutes to complete.

According to the scan results, my test machine is 12% more secure compared to non-users of PSI in my local area. This is no cause for celebration though, since the test machine is running two insecure applications. One of which, VLC Media Player, has been a recent target of cyber criminals. Ouch!

The following screen capture shows the full test results and you can readily see, that both Adobe Flash Player and the previously mentioned VLC, are both insecure. Adobe Flash Player, dramatically so. Double ouch!

Additional data on an insecure program can be gathered by double clicking on the program, as shown in the following screen shot.

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how to resolve it.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.