Excluding the Human element, software patching can be one of the most difficult and time consuming tasks of any user or sysadmin. When you consider the number of applications we rely on and how often bugs are found and fixed it is a near insurmountable task to stay up to date with latest and most secure versions of your favorite programs.
Obviously some vendors have provided tools to ease the headache like Windows Updates and Apple auto-updater. (Which will gladly help you update Quicktime & iTunes as well as install Safari if you aren’t careful.) However, the challenge becomes keeping track of the other 25 apps we use during the week. Even if I install the latest version how can one be sure that the older insecure version is adequately removed. Wouldn’t it be nice if there was a way to scan and locate insecure versions of software and if problems are detected then provide links for upgrade or mitigation?
Enter Secunia’s Software Inspector series. I’ve long been a big fan of their Online Software Inspector (OSI) but just recently tried out the Personal Software Inspector (PSI). PSI is an application that requires download and installation unlike it’s web counterpart but it provides much more information and scans for numerous applications. Secunia’s Vulnerability Scanning page states that OSI scans for 70 applications whereas PSI scans for 6900+.
PSI provides unprecedented information about your programs and patches and the scanning is very efficient. If it detects an insecure version it will provide version numbers and links to latest patches. My favorite feature can prove frustrating to resolve but Secunia does a great job of detecting older versions of software that you would have assumed were uninstalled during upgrade. It can be a hassle to remove some of the these remnants but you will be surprised at the legacy products it will locate.
If you are new to Vulnerability scanning feel free to start with the OSI but for a more comprehensive analysis I highly recommend Secunia’s Personal Software Inspector.
