By Ryan Russell Secunia’s much-lauded patch scanner is now out of beta. The service gives you many more options than the updaters built into Windows and other Microsoft products.

Stay safe by keeping your PC’s software patched

I reviewed the beta of Secunia’s Personal Software Inspector (PSI) program in my May 8 column. Well, the free software-update tool recently “shipped” and is now version 1.0.0.1 (download page).



I’m not the only Windows Secrets editor who likes Secunia’s stuff, though. Susan Bradley has mentioned PSI and Secunia’s Web-based Online Software Inspector (OSI) on numerous occasions, most recently in her Dec. 4 column.

OSI is perfect for when you have to maintain someone else’s machine and just want to do a quick scan. But the Web-based scanner doesn’t cover nearly so many programs as PSI. Also, the desktop version lets you monitor your apps in real time.

Secunia also offers a corporate version of its product, Network Software Inspector, which I have not reviewed. (Secunia’s NSI competes with products from my employer.)

Advantages of a non-Microsoft patch scanner

Microsoft Update (MU) isn’t bad for what it is: a utility that scans only for Microsoft programs that are out of date. (The exception is the rare third-party program or control that Microsoft makes special arrangements to support.) But why not check the currency of more programs? This is the basic advantage of a third-party patch scanner. PSI fits the bill nicely.

Both MU and PSI will periodically check for updates and notify you via pop-up when some program needs attention. MU’s only advantage is that you can configure it to install the patches automatically. I don’t recommend that, though. For one thing, some updates cause problems, so it’s best to wait a day or two before installing a patch while you watch for reports of glitches. Also, Microsoft has been known to slip DRM, Windows Genuine Advantage, and other not-so-welcome components into its automatic updates.

Along with supporting more applications, PSI gives system tweakers more knobs for monitoring and customizing their scans. With MU you just click OK and do whatever Microsoft recommends. Great for your mom, maybe, but not for you.

View update history, uninstall at-risk relics

PSI’s Overview screen shows a graph representing your updates over time. Me, I like to see all green on this chart. I want to have all my installed software patched, and if I can’t patch it, I uninstall it.

I appreciate PSI’s ability to track both unpatched and end-of-life software. Rather than a patch-based approach, the program is vulnerability-centric: if there’s no patch available, you’ll be advised to remove the risky program from your machine.

I’m a packrat, so most of my old machines exist on my new one in the form of a directory I created named c:old. Yes, PSI is going to find many out-of-date programs in that directory. They pose no risk to me, so it’s easy to tell the program to exclude c:old from its scan. Done!

Under the Patched tab, PSI shows me all the programs it has identified. This gives me a nice warm fuzzy about how many things Secunia is checking for. On my PC, OSI reported 10 up-to-date programs, while PSI shows 134 apps installed on the machine. PSI’s list won’t be completely comprehensive, but the program can account for more apps and utilities than any other similar product I’ve seen.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Related posts:

1. Free tool roots out software vulnerabilities
2. UR1 — not an update, not a service pack
3. And Now, A Free MS Office Update CD
4. Windows Update Reminder
5. XP SP2 patches missed by PM software