Last week we pointed out multiple vulnerabilities in commonly used client software. Several readers replied to my request asking for tools used to update third-party software, and the most recommended tool for Windows is Secunia PSI (Personal Software Inspector), still in Release Candidate (RC-1) state, for personal use only (they also have a commercial version).
Other options are UpdateStar (Windows), SUMo - Software Update Monitor (Windows), VersionTracker [Pro] (Mac and Windows), RadarSync (Windows), UDC - UpdateChecker (Windows), Belarc Advisor (Windows), and App Update Widget (Mac). For Linux you are pretty much tied to the software package manager of the distribution you like to use. I strongly encourage you to evaluate the best tool that meets your needs.
Thanks to all the readers for submitting their suggestions!
I've been testing Secunia PSI in a few computers recently and I got a good first impression. The tool scans the system and detects not only vulnerable installed software but remnant installations that still could lay around on the file system. It is focused on outdated vulnerable third-party software - just from a security perspective. Additionally, it can detect small pieces of software that do not appear in the "Add and Remove Programs" list, such as the Adobe Flash Player Plugin and ActiveX components. My main concern about this tool (shared by Kelvin too) is that the data about your installed applications is sent to Secunia to match it against their File Signatures engine, as they state on their website. The impact of someone getting access to all that information is pretty serious.
No matter what process (even manual if it works for you) or tool you use, all your installed software must be updated in a timely fashion! I know you are aware of it, but some responses to my request came from outdated vulnerable browser versions. Blame on my as well, as the software update checks not always work as expected. More about this is a near future post...
-- Raul Siles - www.raulsiles.com
Feb 15th 2008
|Thread locked Subscribe||
Feb 15th 2008
1 decade ago