Find reviews of the best free software

Security

Internet and networking

Photography, audio & video

Productivity applications

Disk management

Utilities

Programming

Home > 2009 > May > 28

Top Story, May 28, 2009

Shavlik, Secunia top Windows Update alternatives

Susan Bradley By Susan Bradley

If you followed the instructions in my May 21 Top Story to build new systems without installing the trouble-prone Windows Genuine Advantage app, you may want to patch your PC using something other than Windows Update, which offers again and again to install WGA.

My favorite third-party software update service is currently the Shavlik Patch Google Gadget, although Secunia's Personal Software Inspector is a worthwhile alternative.

In today's article, I compare several third-party patching tools that act as replacements for Windows Update and Microsoft Update. (Windows Update patches only Windows itself, whereas the more-thorough Microsoft Update finds patches for Microsoft applications in addition to Windows.)

My conclusion: You need to pick one tool you like best and stick with it. An update service may work well for one person and not so well for another, depending on your specific needs and preferences. One good patch checker should be all you need.

UPDATE 2009-07-30: In her July 30, 2009, Top Story, Susan Bradley describes patches that protect against two new vulnerabilities that target Internet Explorer and other applications. The existence of security threats such as these underlines the importance of using third-party patching tools to keep your apps up-to-date.


The following are the best and worst features of what I consider the four most-significant updaters for home users and small businesses:
  • Shavlik Patch Google Gadget. The biggest factor in this service's favor is that I've come to trust Shavlik. I use the company's business-class patch platform at my office. That tool has correctly identified many programs that Microsoft's own updaters got wrong.

    The Patch Gadget's biggest drawback is its reliance on the Google Desktop program. In 2006, several reports questioned Google Desktop's ability to keep your search activities private. One such report is available as a downloadable PDF from the University of Michigan. The school's Information Technology Security Services went so far as to recommend against deploying Google Desktop.

    I'm also concerned about Google Desktop's use of your PC's resources as well as its annoying news pop-ups. I wouldn't blame you one bit if you uninstalled Google Desktop each time you finished using the Shavlik update tool and reinstalled it only when the time came to check for patches again.

    To get Shavlik's program, visit the company's download page.
  • Secunia Online Software Inspector (OSI). The online version of Secunia's software-update service lets you scan your system for security patches without your having to install anything. Unfortunately, the service requires Java to run and doesn't work well within the new Internet Explorer 8, although you could try running the service in IE 8's compatibility mode.

    More importantly, OSI sometimes generates inconsistent results, requiring that you scan your system repeatedly. For example, the service properly noted that I had two versions of the Java Runtime Environment on a test XP system: the outdated version 6.7 and the most-recent version 6.13. However, OSI didn't instruct me to uninstall Java 6.7.

    To run OSI, visit Secunia's vulnerability scanning page.
  • Secunia Personal Software Inspector (PSI). Secunia's standalone updater is more robust than the firm's online scanner. In addition, the installed updater constantly checks your PC to determine whether your software is fully patched. However, when I've used PSI to update machines, on rare occasions the scan has failed and I've had to reinstall PSI to get it to scan properly.

    Even worse, many of the scanner's results are inconsistent. If you use PSI, I recommend that you run Secunia's OSI online scan in addition to PSI, just to double-check the standalone scanner's results.

    For more information on the Personal Software Inspector, visit Secunia's site.
  • Belarc Advisor. This venerable and free system-maintenance utility has an interface only a geek could love. The program provides information on all the software on your PC, including serial numbers and key codes. It also lists all hardware installed and other information about your system.

    Unfortunately, Belarc reports only on missing Microsoft patches. If you're looking for a tool that updates only Windows and Microsoft apps, this program may be the only updater you need. However, anyone looking for a tool that identifies out-of-date third-party software should use one of the updaters described above.

    You can download Belarc Advisor from the vendor's site.
Shavlik Patch Google Gadget Figure 1. In one case, the Shavlik Patch Google Gadget identified on a test machine an out-of-date version of the Adobe Flash Player 6, a fact that Secunia's Personal Software Inspector had missed.
__________


Although I'm not thrilled with Shavlik's use of Google Desktop as its platform, I do like its thoroughness.

Secunia's tool recently missed the fact that a test machine I was scanning was running an unpatched build of Adobe Flash Player 6. Shavlik correctly pointed me to an Adobe alert indicating that the version of the player on my test PC was seriously out-of-date. (See Figure 1.)

Interestingly, the Shavlik updater also proactively recommended that I install the patch described in Microsoft Knowledge Base article 953155 for the Internet Printing service.

While this printing service isn't installed on most Windows XP systems, it could be used on some — which explains why you want to patch proactively. Neither Secunia's PSI nor Microsoft's own updater indicated that the new patch was missing on my XP SP3 machine.

Once you've installed the Shavlik Patch Google Gadget, click Begin Scan. When the scan is done, choose View details, accept the product's EULA (the first time you use it), and install any of the patches the program offers you — except WGA.

Whichever third-party updater you choose, be sure to run it on all your PCs within a few days of each Patch Tuesday — the second Tuesday of the month — when Microsoft releases new patches.

If you prefer, you can run Redmond's own Microsoft Update and then follow that scan with a Shavlik or Secunia scan to catch patches needed for non-Microsoft applications.

But today, third-party scanning programs have progressed to the point where they can keep all your Microsoft software and all your major non-Microsoft software safely patched. That's a claim Microsoft Update can't make.

 Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.

Help people find this article on the Web (explain):

All Windows Secrets articles posted on 2009-05-28:Premium content

Top Story Shavlik, Secunia top Windows Update alternatives
Known Issues Free program from Microsoft stops WGA
Wacky Web Week Thanks to Amazon, reading is fun again
Langalist Plus Undo accidental reformats of external drives Premium content
Perimeter Scan Three free programs improve your PC's security Premium content
Patch Watch Microsoft calls IE 8 an important security patch
  (Show all articles on a single page)