Not Running Secunia PSI? Why Not?

Despite the fact that burglaries are at an all-time high in my neighborhood, and despite the fact that the Police regularly caution residents to lock both windows and doors when not at home, one of my close neighbors always leaves at least one window open while she’s out. I have to say – it just boggles my mind.

Throughout the summer she is out of town every weekend and, you guessed it – she still leaves at least one window wide open. Her behavior, not to put too fine a point on it – is idiotic. If you’ve ever wondered why your home owners insurance policy is more expensive than it needs to be, it’s partially due to lamebrains like my neighbor.

Computer systems running insecure and unpatched applications are analogous to the open window in my neighbor’s house, and are a common gateway used by cyber-criminals to infect unaware users’ machines. Worse, unlike the aftereffects of a home burglary, which are rather self evident, a compromised computer can often remain undetected.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you close any “open windows” in your operating system, by keeping your installed applications current and up-to-date. And, Secunia, the leading provider of Vulnerability Intelligence, can help you do just that with its free application – Secunia Personal Software Inspector (PSI).

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

During the install process, you will have an opportunity to select “Auto Updates”. I suggest that you take advantage of this feature.

Again, during the install process, you will have an opportunity to select “full changes in the tray icon”. If you have selected “Auto Updates”, as per the previous window, you should select this option.

The settings menu provides a full range of adjustments so that you can configure the application to more accurately meet your specific needs.

The following screen capture illustrates a security scan in progress. The full scan took under two minutes to complete.

According to the scan results, my test machine is 12% more secure compared to non-users of PSI in my local area. This is no cause for celebration though, since the test machine is running two insecure applications. One of which, VLC Media Player, has been a recent target of cyber criminals. Ouch!

The following screen capture shows the full test results and you can readily see, that both Adobe Flash Player and the previously mentioned VLC, are both insecure. Adobe Flash Player, dramatically so. Double ouch!

Additional data on an insecure program can be gathered by double clicking on the program, as shown in the following screen shot.

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how to resolve it.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Secunia PSI Updated – Version 2.0 Released

Secunia has just released (December 20, 2010), Version 2.0 of their award winning vulnerability and patch scanning free application – Secunia PSI.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you keep your installed applications current and up-to-date. Insecure and unpatched applications are a common gateway used by cyber-criminals to infect unaware users’ machines.

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

Following the initial scan of two Hard Drives – which took only two and a half minutes, PSI found two end-of-life applications, and one insecure application. The insecure application (VLC Media Player 1.1.14), is currently under attack by cyber-criminals. So, that was a good catch.

Updating VLC Media Player 1.1.14, was a snap – I simply clicked on “Install Solution”. Boom – done!

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

Improvements in Version 2.0.

• Automatic Updates: Functionality for Auto Updates is now implemented as a core feature in the Secunia PSI.
• New User Interface: A new User Interface has been implemented. The design has been updated to make it simpler and easy to use the Secunia PSI, as well as improving the overall look and feel.
• Integration with Secunia CSI: The new Secunia PSI features integration with the commercial Secunia CSI. Secunia CSI customers can learn more about this feature with the release of the Secunia CSI 4.1.
• Improved Presentation of Scan Result: The presentation of scan results have been significantly improved, using techniques that have been tested during the Technology Preview. The Scan Results are grouped according to their installation and patch state, which in turn makes it simpler to identify the programs that actually requires the latest security patches.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, is quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How Secure Are Your Software Applications – Not Very, It Seems

Most of us, I expect, are familiar with the expression – If you fail to plan, then you plan to fail. If you accept the findings of Veracode’s second edition of their State of Software Security Volume 2, which reports unfavorable on the security reliability of more than half of the 2,922 web applications tested, you might  wonder if application developers are familiar with this expression.

This report, coupled with the Qualys Vulnerability Report, which I receive weekly, leaves little doubt in my mind that software developers, by and large, need to focus more intently to ensure their applications are appropriately hardened against security vulnerabilities.

The following partial listing taken from the Qualys Vulnerability Report, from several weeks ago, highlights this lack of focus on this point. Frankly, I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the IT security community. It’s as if, application vulnerabilities are a dirty little secret.

Critical Vulnerabilities – Widely Deployed Software

(1) HIGH: Adobe Reader / Acrobat Font Parsing Buffer Overflow Vulnerability
(2) HIGH: Mozilla Firefox Multiple Vulnerabilities
(3) HIGH: Apple Safari Multiple Security Vulnerabilities
(4) HIGH: Google Chrome Multiple Security Vulnerabilities
(5) HIGH: Apple iOS Multiple Vulnerabilities
******************************************************************
Comprehensive List of Newly Discovered Vulnerabilities from Qualys
–  Third Party Windows Apps
10.37.1  – HP Operation Agent Privilege Escalation and Remote Code Execution Issues
10.37.2  – Tuniac “.pls” File Buffer Overflow issue
10.37.3  – Microsoft Internet Explorer CSS Handling Cross-Domain Information Disclosure
— Mac Os
10.37.4  – Apple Mac OS X Mail Parental Control White List Security Bypass Issue
— Linux
10.37.5  – Linux Kernel “keyctl_session_to_parent()” Null Pointer Dereference Denial of Service
10.37.6  – Linux Kernel “IrDA” Protocol NULL Pointer Dereference Denial of Service Issue
10.37.7  – oping Local Information Disclosure
10.37.8  – Linux Kernel “irda_bind()” Null Pointer Dereference
10.37.9  – Linux Kernel “SIOCGIWSSID” IOCTL Local Information Disclosure Issue 10.37.10 – Linux Kernel “XFS_IOC_FSGETXATTR” Information Disclosure Issue
— Novell
10.37.11 – Novell Netware SSH Remote Buffer Overflow Issue
— Cross Platform
10.37.12 – Blackboard Transact Multiple Insecure Password Handling Information Disclosure Issues
10.37.13 – Zope Unspecified Denial of Service Issue
10.37.14 – httpdx “h_readrequest()” Remote Format String
10.37.15 – Techlogica HTTP Server Remote File Disclosure
10.37.16 – Arno’s IPTABLES Firewall IPv6 Detection Remote Security Bypass
10.37.17 – Hitachi JP1/Desktop Navigation Unexpected Data Denial Of Service Issue
10.37.18 – Google Chrome Multiple Security Vulnerabilities
10.37.19 – LDAPUserFolder Emergency User Arbitrary Password Authentication Bypass Issue 10.37.20 – ffdshow “.avi” File NULL Pointer Dereference Denial Of Service Issue
10.37.21 – Squid Proxy String Processing NULL Pointer Dereference Denial of Service
10.37.22 – VLC Media Player “smb://” URI Handler “.xspf” File Buffer Overflow Issue

Veracode’s State of Software Security Volume 2, reveals what may well be the true state of the software we have come to rely on.

The following are some of the most significant findings:

More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10.

Cross-site Scripting remains the most prevalent of all vulnerabilities.

Third-party applications were found to have the lowest security quality.

The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business.

Equally as important – 57% of all applications were found to have unacceptable application security quality. Even more troublesome, more than 80% of internally developed and commercial web applications failed to comply with the OWASP Top 10 which is shown below.

OWASP Top

1. Injection – Examples of injection flaws are SQL, LDAP, HTTP header injection (cookies, requests), and OS command injections.
2. Cross Site Scripting (XSS) – Malicious scripts are executed in the victim’s browser allowing the attacker to hijack the user’s session, steal cookies, deface web sites, redirect users to malicious web sites, and remote browser control.
3. Broken Authentication and Session Management – Flaws used against one account may be replicated against an account with higher privileges.
4. Insecure Direct Object References – Attack occurs when an authorized user can change a parameter value that refers to a system object that they are not authorized for.
5. Cross Site Request Forgery (CSRF) –  CSRF attacks can complete any transactions that the victim is permitted to perform such as access data, transfer funds or make purchases.
6. Security Misconfiguration – Attacker exploits unsecured pages, default accounts, unpatched flaws or any other vulnerability that could have be addressed by proper configuration.
7. Failure to Restrict URL Access – Links can be obtained from: hidden fields, client-side code, robots.txt, configuration files, static XML files, directory access.
8. Unvalidated Redirects and Forwards – Unvalidated parameter allows an attacker to choose a destination page where they wish to send a victim to trick them into disclosing private information.
9. Insecure Cryptographic Storage – The most common reason for this attack is that data that should be encrypted is stored in clear text.
10. Insufficient Transport Layer Protection – Most commonly, this attack occurs when a site does not use SSL/TLS for pages that require authentication where an attacker can monitor network traffic to steal an authenticated user’s session cookie.

The full report in PDF format is available here.

So how do you ensure that your software installations are relatively secure? Unfortunately, there’s no perfect answer – but you can reduce your overall exposure by installing the free  Secunia Personal Software Inspector, (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

Installing this small free application will definitely assist you in identifying possible security leaks.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7

Download at: Download.com

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Update Your Applications With CNET TechTracker

Despite the reality, that critical vulnerabilities continue to be discovered in popular software applications, virtually on a daily basis, very few computer users monitor their system for insecure software installations.

In fact, according to recent statistics from Secunia, the rate of patching and updating compliance this year, is even less than in previous years. Nothing like going out of the way to help a cyber criminal – as if they need any help!

Experienced users, on the other hand, are unlikely to fall behind in ensuring their systems are patched, and it’s improbable (I hope), that they have insecure programs running on their machines.

So, what makes experienced users different from typical users in this critical area? There’s no great mystery – it’s pretty simple really.

Experienced users are generally more aware, that free, automated applications, designed to take the burden out of updating and patching installed applications,  are readily available for download.

CNET’s TechTracker is one of these free services designed to scan a user’s computer to seek out outdated installed applications, and then provide the mechanism to automate updating of outdated software.

According to CNET, their software catalog accesses over 80,000 software titles, making the database “the most comprehensive and trusted database of software products and updates in the world.”

The following screen capture  shows the results (in the Taskbar), of my first scan on an outdated test system.

The full report is fairly comprehensive, and shows both outdated and up to date applications. In the following screen capture, I’ve focused on those applications that are out of date.

Updating the out of date applications was easy. A simple click on the “download now” button, gets things underway.

I’d like to see a “download them all” button, or something similar, built into this application. Not very hard to do, I don’t think.

A very cool feature included in TechTracker is setting a preference to receive installed software update notification by email.

System requirements: Windows XP, or newer.

Browsers: Firefox 3+, Internet Explorer 7+, Safari 3+, Chrome current version.

Download at: CNET (registration required).

Similar applications reviewed here:

Secunia Personal Software Inspector

FileHippo Update Checker

It’s important to understand that all software of this type may well have shortcomings of one type, or another. For example, this application may not support all programs.

This should not be surprising, given the enormous quantity of available applications. The most popular applications, of course (the ones you are most likely to have installed), are covered.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If You Get A Malware Infection Who’s Fault Is It Really?

The security industry, especially security analysts, and for that matter, computer users at large, love to dump on Microsoft when they get a malware infection. If only Microsoft got their act together, the theory goes, and hardened Windows more appropriately, we wouldn’t have to deal with this nonsense.

But, what if it isn’t entirely Microsoft’s fault? What if it’s really a shared responsibility split between Microsoft, third party software developers, and the user?

From time to time, I’m accused of being “too frank”; usually on those occasions when diplomacy needs to put put aside, so that realities can be dealt with. For example, I’ve left myself open to criticism, in some quarters, by stating on more than one occasion –

It has been my experience, that when a malware infection occurs, it’s generally safe to say, the user is, more often than not, responsible for their own misfortune.

Computer users, by and large, are lackadaisical in securing their computers against threats to their Internet safety and security.

Strong statements I’ll admit, but if you consider the following, which I have repeated over and over, you’ll understand why I feel comfortable making this statement.

Not all users make use of Microsoft’s Windows Update so that they are current with operating system critical updates, and security fixes. More to the point, few users have given consideration to the vulnerabilities that exist in third party productivity applications and utilities.

Unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses – it’s just plain common sense.

The just released Secunia Half Year Report – 2010, shows “an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored”, supports my view that security is a shared responsible, and blaming Microsoft simply ignores the reality.

The report goes on to conclude, “users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming. Ultimately this leads to incomplete patch levels of the 3rd party programs, representing rewarding and effective targets for criminals.”

Key highlights of the Secunia Half Year Report 2010:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.

In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.

A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The full report (PDF), is available here.

Each week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

There is a solution to this quandary however – the Secunia Personal Software Inspector (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Link: Secunia Online Software Inspector

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Secunia Personal Software Inspector – Insurance Against Vulnerabilities

Secunia PSI – Checks for Software Vulnerabilities

A recent article on IE 6 and the inherent dangers involved in running such an outdated Browser, supports the view that not all of us make use of Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes.

As important as that is, it’s equally as important that we keep our installed applications current, and up-to-date. Every week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

Should we be worried? Well, I think we should be. In a recent survey, Secunia, the Danish computer security service provider, well known for tracking vulnerabilities in software and operating systems, concluded that less than one in 50 Windows driven computers, are totally patched. This is a perfect scenario for the redistribution of malware.

Secunia goes on to report that the rate of patching and updating compliance, is even less than in previous years. This, despite the fact, that on a daily basis critical vulnerabilities continue to be discovered in popular software applications.

Some recent application vulnerabilities included, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader, Sun Java Run-Time, Macromedia Flash, AOL Instant Messenger, Windows/MSN Messenger, Yahoo Instant Messenger, Bit Defender, and RealPlayer.

Survey statistics:

Survey sample size – 20,000 users

User exposure – 98.1% have one or more insecure programs

User exposure – 30.27% have one to five insecure programs

User exposure – 25.07% have six to ten insecure programs

User exposure – 45.76% have eleven or more insecure programs

It has been my experience, that when a malware infection occurs, it is generally safe to say, the user is often responsible for their own misfortune. This survey points out, once again; computer users need to be more vigilant in order to ensure their own Internet safety and security.

The Secunia Personal Software Inspector (PSI) can help dramatically with this task. PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7

Download at: Download.com

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Play Russian Roulette – Don’t Update Your Applications

I’m a games player, and I bet you are too. But unlike most computer users, I do not play games with my computer’s security. I don’t play games where the odds are stacked against me, and neither should you.

Many of us now store a large volume of confidential personal information on our home computers, including information concerning our personal finances, taxes, health, and perhaps personal documentation of other types.

Yes, I know you think that your data is well protected from cyber-criminals since you run the most expensive anti-malware suite available, and you are careful and cautious while surfing the Internet. But, unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses. In a sense, this amounts to playing Russian Roulette with cyber-criminals.

Playing Russian Roulette with cyber crooks is a mugs game – the six-shooter is loaded with SIX bullets. Unfortunately, you get to go first, and ducking is not an option in this game. The bad guys will win; you will lose. But hey, you might get lucky!

So how do you ensure that your software installations are secure and remain patched? There’s an easy answer – download and install, the free  Secunia Personal Software Inspector, (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

Let me offer you this recent quote from PSI Partner Manager, Mikkel Winther, “PC users need to patch! They need to patch all their vulnerable programs and they need to do so as fast as possible after the patch has been issued from the vendor. It is only a question of time – and luck – as to when your system will be compromised.”

He adds “The best solution is to have a program taking care of your patches and your vulnerabilities. Secunia Personal Software Inspector is the only tool that does this and since it is available for all private users for free, there is really “no excuse” not to patch.”

I couldn’t agree more Mikkel.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you need to update, or add, additional security applications to your computer, then checkout, Need Spyware, Virus, and Browser Protection? – Free Solutions, on this site for reviews and free security application downloads.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Secunia PSI – Checks for Software Vulnerabilities

Not all of us, it seems, make use of Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. More to the point, few of us have given consideration to the vulnerabilities that exist in our currently installed productivity applications and utilities.

In a recent survey, Secunia, the Danish computer security service provider, well known for tracking vulnerabilities in software and operating systems, concluded that less than one in 50 Windows driven computers, are totally patched.

Secunia goes on to report that the rate of patching and updating compliance, is even less than in previous years.

Virtually on a daily basis, critical vulnerabilities continue to be discovered in popular software applications. Some recent application vulnerabilities include, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader, Sun Java Run-Time, Macromedia Flash, AOL Instant Messenger, Windows/MSN Messenger, Yahoo Instant Messenger, Bit Defender, and RealPlayer.

Survey statistics:

Survey sample size – 20,000 users

User exposure – 98.1% have one or more insecure programs

User exposure – 30.27% have one to five insecure programs

User exposure – 25.07% have six to ten insecure programs

User exposure – 45.76% have eleven or more insecure programs

It has been my experience, that when a malware infection occurs, it is generally safe to say, the user is often responsible for their own misfortune. This survey points out, once again; computer users, by and large, are not up to the task of securing their computers in order to ensure their own Internet safety and security.

The Secunia Personal Software Inspector (PSI) can help dramatically with this task. PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum “where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related”.

Shocking – 98% of Computers are Insecure

Recently, both I, and fellow Blogger Rick Robinette, over at What’s On My PC, have written on Secunia Personal Software Inspector (PSI), a free application that ensures all installed applications on your computer are either patched, or up-to-date.

Here’s one more reason to bring this free application to your attention once again. According to Secunia, the Danish security firm responsible for PSI, 98% of computers running Windows operating systems, are open to a successful malware attack.

Not all of us, it seems, make use of Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. Even worse, virtually none of us have given any consideration to the vulnerabilities that exist in our currently installed productivity applications, and utilities.

Less than one in 50 Windows driven computers, according to Secunia’s released statistics, are totally patched. Secunia goes on to report that the rate of patching and updating compliance, is even less than in previous years. Now, how dumb is that?

Virtually on a daily basis critical vulnerabilities are discovered in popular software applications. Some recent application vulnerabilities include, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader 7.02, 6.03, Sun Java Run-Time, Macromedia Flash 7, WinZip 8.1, AOL Instant Messenger 5.5, Windows/MSN Messenger, Yahoo Instant Messenger 6.0, Bit Defender, and RealPlayer.

Just this morning, for example, according to anti-malware company BitDefender, a new Trojan horse program identified as Trojan.PWS.ChromeInject.B which works as a Firefox plug-in, has been discovered.

Two files, one Javascript and one Windows executable, are being used to steal user logon credentials when logging on to one of 103 bank domains. Scary.

Survey statistics:

Survey sample size – 20,000 users

User exposure – 98.1% have one or more insecure programs

User exposure – 30.27% have one to five insecure programs

User exposure – 25.07% have six to ten insecure programs

User exposure – 45.76% have eleven or more insecure programs

It has been my experience, that when a malware infection happens, it is generally safe to say, the user is primarily responsible for their own misfortune. This survey points out, once again; computer users, by and large, simply refuse to take responsibility for their own Internet safety and security.

The following are the essential details from a recent article on Secunia Software Inspector.

Check Software Vulnerabilities – Free Secunia Software Inspector v1.0 Released

The Secunia Personal Software Inspector (PSI) constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

(Click pic for larger)

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

(Click pic for larger)

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum “where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related”.

Check Software Vulnerabilities – Free Secunia Software Inspector v1.0 Released

If you are a security conscious computer user you are, most likely, generally well armed when it comes to ensuring your system is not open to compromise, or exploitation, by malware in the wild.

It is probable you have protected your machine with an appropriate defense system including a firewall (either software or hardware), a sound and effective malware suite (including anti-virus and spyware), and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire developed by PC Tools.

You can relax and you can consider yourself relatively safe, or perhaps even invulnerable, right? Well, maybe not. Sure, most of use Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. You can determine whether or not you are running the latest WUA by visiting Windows Update.

But, and this is a critical “but”, where many of us may still be vulnerable is in the lack of consideration we have given to the vulnerabilities that exist in our currently installed applications.

(Click pic for larger)

Some recent application vulnerabilities include, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader 7.02, 6.03, Sun Java Run-Time, Macromedia Flash 7, WinZip 8.1, AOL Instant Messenger 5.5, Windows/MSN Messenger, Yahoo Instant Messenger 6.0, Bit Defender, and RealPlayer.

So, wouldn’t it be great if there was an application that could do the job of ensuring that all installed applications were either patched or up-to-date? Well, there is; and it’s free. After 17 months of in-depth beta testing, Secunia has just released Version 1.0 of its free Personal Software Inspector (PSI).

(Click pic for larger)

The Secunia Personal Software Inspector (PSI) constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum “where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related”.