Secunia Software Inspector
Main Navigation
- Home
- Secure Passwords
- Staying Safe
- Securing Your Computer
- Phishing and Social Engineering
- Mobile Phones and Traveling
- Security Training
- Tools and Downloads
- Safe Handling of Sensitive Information
-
Contact Us
Secure IT
Northwest Annex C
3rd Floor - Mailcode 6507
860 Lincoln Drive
Carbondale, Illinois 62901
F: 618-453-5261
security@siu.edu
Main Content
One of the main ways for malicious users to gain control of your computer is by exploiting unpatched software. Older applications are often riddled with security holes, and it is critical to frequently update these 3rd party applications (as well as applying Windows Updates) to keep your computer protected. Updating, or patching, can be a confusing process due to poor documentation and technical complexity. Some software companies provide their applications with built-in update mechanisms, but these mechanisms are not always reliable. However, the entire process is simplified and streamlined with the use of application update notification tools.
Secunia's Personal Software Inspector (PSI) is a freeware application that actively scans your computer and compares it with its repository of updates, checking for out-of-date software. Unlike most update notifiers, PSI is skewed towards security updates instead of all patches. This means that unless an update is a critical security issue, PSI will not notify the user of an available patch. It should be noted that PSI also scans for available Microsoft patches, in addition to third-party software.
To download Secunia PSI, click this link to download
A window should pop up, prompting you to save the installer file. Click "Save File."
After fully downloading the installer file, an icon like the one below should pop up on your desktop. Double-click it to start the installation process.
Click "Run" at the security warning.
Select the language you're most comfortable with.
The setup wizard should start, and you should hit the "Next" button to get the ball rolling.
Read the license agreement, then check the "I accept . . . " checkbox and click the"Next" button.
Secunia PSI is only available for personal use, so this is not for use on campus computers. Go ahead and select "Personal Use" before clicking the "Next" button.
If you'd like to learn more about Secunia PSI, go ahead and read the readme. If not, click the "Next" button.
Choose your install location. For our purposes, the default location should work fine.
After a short installation, you will be taken to the PSI home screen.
Believe it or not, to start the scan of your computer for out-of-date applications, click the "Start Scan" button.
The scan will take a few minutes, depending on how many applications you have installed on your computer. If your computer is entirely devoid of out-of-date software, the following message will pop up.
However, if there are any unpatched programs present on your computer, a message similar to this will be displayed:
Clicking the "View Insecure Programs" button will take you to this screen, which lists all known unpatched applications on your computer.
As you can see, I have installed an older version of Adobe Reader on my computer for this tutorial, which is a "category 4" threat. Reader is a very commonly exploited program, so it's best I fix this problem as soon as possible.
In order to fix problems such as this, click the "Download Now" button on the right side of the screen.
Clicking this button will cause PSI to automatically download the necessary installer file from the vendor website in order to correctly patch the specified program. IT IS STILL NECESSARY FOR THE USER TO RUN THE INSTALLER FILE TO FINISH UPDATING THE APPLICATION.
After successfully downloading and installing the required patch, click the "Rescan" button to rescan your computer and verify the update installed correctly.
(Some updates may require you to reboot your computer after installation before the update can be detected as being installed)
A window like the one below should appear.
Let the process run in its entirety, and if the update has been applied correctly you will receive the message below.
On the flip side, if something went wrong and the application remains unpatched, the message will be this:
If you receive the message above, I recommend visiting the vendor's site directly and downloading the patch there. If the problem still persists, uninstall the offending program and download/install the newest version from the appropriate vendor. Always rescan after making a change.
Advanced Mode
For more proficient users out there, PSI has an "Advanced" version of its interface. In the version, more settings and modifications are enabled, more information is presented about out-of-date programs, and harder to patch applications are displayed (the default PSI mode, or "Simple" mode, won't display some programs it deems too difficult to remedy by the average computer user). To toggle "Advanced" mode on, click the word "Advanced" in the top righthand corner of the home screen:
The advanced home screen looks like this:
As shown above, there are many more options and menus in advanced mode. The "Insecure" tab displays the same page as before that lists any unpatched programs on your computer. "End-of-life" refers to any applications that no longer receive updates and should be uninstalled from your machine immediately. Obviously, "Scan" is where you go to run a scan of your computer. The "Patched" tab will give you a screen like the one below:
A comprehensive list of completely updated programs installed on your computer is displayed, as well as their relative threat rating (according to Secunia). This page is a handy way to quickly get the version number of various programs.
In advanced mode, there are a few settings to play with:
By default, PSI starts running upon boot-up, but that option can be toggled off here. Also enabled by default is the feature "program monitoring." With this monitoring, PSI is able to perform an (almost) real-time tracking of the applications installed on your system. So, if you were to remove an old program and install a new one, PSI will alert you with a speech bubble in the system tray:
Click on the speech bubble for more information regarding the program changes.
In 2008, Secunia determined that 95% of personal computer
s were vulnerable to exploit because of unpatched software. Using PSI can greatly reduce your chance of a system compromise. Be smart, download Secunia PSI today.