IT Employment optimize

Secunia PSI now has Auto Update

Not keeping computer software up to date is a gamble that pays the bad guys. A new release from Secunia should help even the odds.

I would like to side-step all pretenses about how and why software is flawed. And, instead, focus on what we can do to protect ourselves from the vulnerabilities caused by the flaws. Have you heard: "Make sure your software programs are up to date?" It's becoming a tired mantra, but alludes to one of the best ways to stay safe online.

Not so simple

Keeping updated seems simple enough, but becomes complicated when put into practice. Questions occur. For example:

  • How do I know if a program is up to date?
  • How often do I need to check for updates?

Some software companies cover the questions by having an automated client application and scheduled updates. Microsoft, for instance, uses Windows Update to roll out patches the second Tuesday of every month. If there is a serious problem, Microsoft will issue an out-of-sequence patch.

Google is another example. The Chrome web browser automatically updates in the background without any user interface.

Unfortunately, Microsoft and Google are the exception. Other software developers tend to update at their convenience or if a major issue surfaces. Which begs the question: How are we supposed to know when that is?

Secunia

One company makes it their business to know. That company is Secunia. They have developed scanners for the corporate world and a freeware version for consumers called Personal Software Inspector (PSI). It is reassuring to fire up PSI and check if programs are up to date. If not, PSI will offer suggestions on what to do. It works well, if you remember to update.

Having to manually update is the chink in PSI's armor. By not automating, the process tends to be hit or miss.

Auto Update

That has changed with version 2.0 of PSI. Jakob Balle, VP of Product Development for Secunia refers to the new update feature:

"Secunia aims to solve this problem with Secunia PSI 2.0, featuring updates that are truly automatic. In the sense that, if the user prefers, Secunia PSI 2.0 can install most security updates without requiring the user to download, run, or otherwise perform manual actions to patch their PC."

Secunia received a vote of confidence on PSI 2.0 from the Online Trust Alliance:

"The Online Trust Alliance applauds the launch of the Secunia PSI 2.0. OTA has been working with Secunia for over two years to develop best practices and solutions."

Installation

Downloading (less than 2 MB) and installing PSI is painless. Also, the install is one of two places where you configure the auto-update feature:

The next configuration PSI asks about is whether you want to have the tray icon show all the details:

If you are a current PSI user, you will notice the user interface screen has changed dramatically. I asked several system admins what they thought about the new interface. All commented it was an improvement:

Alternative settings

Advanced users may not like having programs update automatically. Having thought of that possibility, Secunia offers the choice of only allowing updates to install with user approval:

Final thoughts

I asked the same system admins what they thought about Secunia overall. To a one, they said it was one of few applications that has never disappointed them. I tend to agree.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

58 comments
SecSupport
SecSupport

Hi, First off, I represent Secunia, and so I'm probably biased. ;) Consider yourself warned. How the PSI deals with limited/restricted users. In the PSI 2.0, we have divided the functionality into 3 separate components. The user interface, the tray icon and the Update Agent. This means that the PSI can now be used by unprivileged users, who can be notified of program changes via. the tray icon, and then subsequently log into a privileged account to apply patches, or simply use the 'runas' feature when opening the User Interface (The PSI opens 'runas' by default if the tray icon is clicked while on a limited account). For information about which systems the PSI supports, you can have a look here: http://secunia.com/vulnerability_scanning/personal/system_requirements/ However, it should (unofficially, no promises) work on non-supported systems newer than XP if you configure Internet Explorer as explained here: http://secunia.com/vulnerability_scanning/personal/faq/#s3 The PSI has the ability to scan every file and folder on your system (excluding only things like the recycle bin, etc). However, in the new version we by default only select the drives containing the system root (usually C:) and Program Files (also usually C:). To enable other drives for scanning, select them under Settings > Drives. We have approximate 31.000 programs in our database currently, though for various reasons (file info, no suggestions, etc) we do not detect all of them, and unfortunately only a minority are auto-updatable (though most of most frequently exploited programs are now automatically updated in the PSI). Please note that we can only automatically update a program if the vendor has properly prepared their installers and patches with silent install flags. You can see all programs in our database here: http://secunia.com/advisories/product/ If you are missing a program and would like to have it detected, you can submit a 'software suggestion' by clicking 'Are you missing a program?' on the scan results tab and fill out the form. We have also improved the handling of multiple installed versions of the same program in the PSI 2.0. In earlier versions, it would frequently be a problem that installation leftovers would continue to show on the 'Insecure' tab while the newly installed and up to date version would show up on the 'patched' tab. This would lead users to believe their programs had not been updated, when in reality this issue is caused by vendors failing to properly clean up after themselves. In the PSI 2.0, all detections for the same program are grouped into one, the insecure, end-of-life and patched tabs have been united into scan results, and the security status is determined based on the newest/up-to-date version. Obviously, though, you can still see every instance by clicking "+" next to the programs entry on the scan results tab (which is helpful if you want to remove the installation leftovers we have named 'zombie files'). The PSI will not report on insecure programs without a patch available, with the exception of the information presented on the Secure Browsing tab (which can be enabled under settings). The secure browsing tab will alert you about unfixed security issues in browsers and their plugins. If you need notification of insecure programs without patches available, contact sales@secunia.com for information about our Vulnerability Intelligence Manager (VIM) product. The PSI does not have any protection from malware, and does not claim to benefit users who have already had their systems infected. The PSI helps you keep up to date, which helps avoids malware infections in the first place. If ZA or any other AV/Anti-malware product flags the PSI as malicious, this is a false positive on their part. It happens occasionally, and the vendors usually 'catch up' reasonably quickly (though it helps if users make them aware of the problem). The PSI API could most likely be used to create buildpacks, and we strongly recommend users/developers to make as much use of the API as they can! I hope this answers all your concerns and questions! If you feel anything has been left unanswered, require elaboration or have further questions, please post on our community forum, http://secunia.com/community/forum/, or write us at support@secunia.com. We do try to monitor sites such as these, but you will have your response much sooner if you either of those 2 channels. Hope this helps. Kind Regards, Emil R. Petersen Secunia PSI Community Support

Michael Jay
Michael Jay

and feel of Secunia, the auto updates worked well except for java and adobe, which for some reason leave enough of their former selves in the system that you get false positives, (that was said earlier i believe) so called zombie installs. No biggie, just a manual uninstall of all the previous installs and down load the latest. At first I was puzzled that it did not pick up all programs on the system, then saw the button to inform them of software they were not programed for, a nice touch. All in all a sweet package and a large step above their previous effort, also a link for developers who want to help out with making it a better product was nice to see. Thanks, Michael, as always you are on top of it.

PoppaTab
PoppaTab

I use Windows 7 Pro 64bit and installed the PSI v2.0. The program often generates an error in Wow 64 as hung application, when open on normal setting for program window I have run together text and jumbled output, and sometimes I'll open the program and minimize it until scanning is complete and when maximized the window is black and sometimes does not show info after a few seconds. I have not tested compatibility and note PSI runs as 32bit program, so compatibility may be the cause. I have already elevated to run as administrator and trying in compatibility windows XP SP3 right now. Will see how things go very soon. I used the other version of Secunia PSI without much trouble and I do like the updated GUI more. The auto update is nice if you want that to run. I got the new version when I read this the other day. My biggest complaint is the window does not scale well on my monitor (Samsung 216 bw). That could be due to what type of scaling I use. I don't remember if using native or video card scaling. Still faults: Faulting application path: D:\Program Files (x86)\Secunia\PSI\psi.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 0f8243a8-138b-11e0-988a-0019d184dfd7. This does not happen all the time. I'm changing window size back to normal. Oh well; it's a good tool for those who don't want to bother with individual updates.

TobiF
TobiF

I have noted that the previous version of Secunia PSI had problems to cope with temporary network problems (like dropped packages or where I have to log in to a network before I get access to the rest of the world). At least that has been the case when my network interface has a good and stable connection to my wireless router, but the connection provided by my ISP, hmm, could be much better... Now that I know I can opt out of automatic updates, I'll give the new version a good try.

TobiF
TobiF

In your text, you refer to sysadmins, so I think it could be relevant to mention that the free product (as in "free beer") Secunia PSI is only for personal use. The corresponding commercial product, where CSI make their money, is CSI. Oh, and thanks for this information. I've hesitated about going to PSI 2.0, since I want to decide myself, when to do an update, or not. And, one more thing, Altough Chrome automatically updates itself, it persists in leaving the old version around on the hard drive. So every now and then, PSI notifies me about an old version of Chrome, but then, in most cases, the flagged version has already been sidestepped by a newer one, and I just need to delete the directory with the older version.

AnsuGisalas
AnsuGisalas

It claims, after advanced heuristics (I gather that's a sandbox install and examination) that PSI is zombie software that terminates itself upon execution to avoid AV attention, but which can be used to execute malicious code on certain conditions or upon intruder command... Perhaps PSI has some kind of thing to spoof malware trying to stop it installing? Like, writing itself to install during boot - and download inspection takes that the wrong way?

Michael Kassner
Michael Kassner

Secunia, a favored program for finding vulnerable software just got better. Find out what's in version 2.0.

TobiF
TobiF

Thanks a lot, both for PSI v2 and for the clarity you bring to our table here. Tobi

AnsuGisalas
AnsuGisalas

That was a long round-up ;) Thanks for the feedback!

Michael Kassner
Michael Kassner

I have the same problem with Adobe. Reloading Acrobat would be a pain, so I am trying to get some insight from Secunia.

Michael Kassner
Michael Kassner

I will pass your thoughts along to the Secunia team.

Michael Kassner
Michael Kassner

Hearing your thoughts about PSI 2.0. I also will pass them along to Secunia.

Michael Kassner
Michael Kassner

I mentioned that PSI was the consumer version in the article. I confer with my system admin friends, as they are subject matter experts. Who also are consumers and happen to use PSI on their personal computers. As for Chrome, I was not referring to new major releases. I know of few applications that do not require what you suggest with major version changes. It is the in between updates that are unnoticed. Edit: Spelling

Michael Kassner
Michael Kassner

With PSI 1.0 initially. Then the false positive cleared up. I suspect 2.0 may be too new and ZA is not up to speed about it.

Michael Horowitz
Michael Horowitz

Mr. Kassner, I have read many of your previous articles and found them to be reasonably thorough but this one left out a number of very important issues: 1. How PSI deals with limited/restricted users. Not everyone runs as an admin user at all times. 2. Which versions of Windows it supports (including any 64 bit issues) 3. Whether, like their online product, PSI has a "search everywhere" mode or if it only looks in the standard folders for applications. For example, if you install an application into a non-standard folder, will PSI find it? Also, does it find portable versions of popular apps for which there is no such thing as a standard installation folder. 4. How many applications does it support? In your testing, did you find applications that it did not support. 5. How it deals with software for which there are multiple current versions. For example, Adobe for a long time kept both v8 and v9 of their Reader up to date, security wise. In fact, because Reader 8 did not have Flash it was arguably more secure than v9. 6. How PSI deals with known buggy software for which there is, as yet, no bug fix. This is a big problem, in my opinion, with their online product, as it fails to report on this in any way.

Jellimonsta
Jellimonsta

I don't think I installed it on my Win 7 boxes. :0 BTW, Michael, have you used the EMET tool from Microsoft at all? May be worth you looking into it a little if you haven't. :)

Neon Samurai
Neon Samurai

I wouldn't build a personal Win machine without PSI now. CSI sits pretty high on my professional wishlist too. The auto-update feature is great for home users who won't keep up manually. In a business setting, you know where to focus techs for maintenance along with discovery of user added or end of life software.

Michael Kassner
Michael Kassner

I have tried to send you a message. I suspect there is s disconnect between your email address and TR.

Michael Jay
Michael Jay

It seems that all of the older versions of reader when updated just add the new one, leaving the old one still on board but not installed. I found that I had to uninstall the reader, delete the adobe folder and install the latest to make Secunia happy.

TobiF
TobiF

This morning, I simulated a situation with connectivity down. (Computer was connected to wifi and had received valid DHCP settings, but I was not yet "logged in", so connectivity to the rest of the world was missing. In this situation, the previous version of PSI would throw up a window, saying "Secunia PSI cannot continue to run", and close. Secunia PSI now has the back-end running as a service, and that part was not affected. I tried to launch the front-end while my network connection was down. The GUI loaded an empty frame and showed "Checking for network connection". However, after I logged in to the network, the PSI GUI was stuck in the same state for some 10 minutes, until I closed it. When I then restarted it, everything worked as normal again. So, it behaves better than the previous version, but some improvements are still possible.

TobiF
TobiF

1. Color coded tray logo - Good 2. Tracking multiple installs and "zombies" - OK 3. UI for Limited users - Good Side-notes: -"Secure browsing" is hidden by default -Same unclear indication of scan progress -Not yet checked behavior during network outages In more detail: 1. Color coded tray logo - Good Secunias red "three bows" logo turns green when all is patched. - Convenient! 2. Tracking multiple installs and "zombies" - OK When PSI finds several instances of the same file, it will list them together. If several different versions are found, then it will mark the outdated ones as "zombie" installs. I have slightly mixed feelings about this. But, in most cases, this is probably optimal behavior. This probably means that the issue I mentioned about the Chrome browser leaving old version behind now will be silently handled as a case of zombie install. Typically, also an "imported dll", used as an in-place runtime library by some other application, will silently be marked as zombie if they are outdated. Of course, it's not risk-free and trivial to update such dll's anyway, and their "host" is usually still in the latest available revision. So I guess this is ok. It's very neat, though, that you can sort the list of applications on any column. So, by sorting "count of copies" in descending order, you can quickly check for "zombies" on your system that you may want to delete or update. 3. UI for Limited users - Good Of cource, in order to do its job, PSI 2.0 needs to run with administrator privileges. But Secunia has made sure that a limited user still can have some information about what's going on. And one of the settings in PSI allows you to decide whether limited users should be allowed to get detailed notifications about automated changes in the system. I think this is good. Hmm. This goes hand-in-hand with some added integration towards corporate structures. With my private computer not connected anywhere, I have no clue how these things behaves, but Secunia now clearly starts using PSI as an integral part of CSI. "Secure browsing" is hidden by default The "Secure browsing tab is hidden, until you enable it in the settings. In general, I believe this is wise. To me, this information is interesting, and sometimes useful. But I can imagine that a lot of people might feel uncomfortable, should they know that their system almost always has known vulnerabilities that haven't been patched yet by the vendors. (Some low-risk font problem has been around for years in IE; every now and then Adobe Reader has known security holes; Right now, the world is waiting for VLC player to be patched.) Same unclear indication of scan progress This is just a note. In the same way as in the previous version, the images used to show scanning progress look the same (or almost the same) for tasks that have been performed and tasks still remaining to be done. It's possible that Secunia simply have forgotten to reset tasks to "undone" when a new scan is initiated. (Thus making it impossible to tell apart "done earlier" and "done right now") This is no big deal, but it makes it a little bit hard to understand what is happening during a scan. Especially, since some tasks may be performed in parallel, i.e. not everything is done sequentially. Not yet checked behavior during network outages I didn't want to pull the plug while my wife was surfing the net. So this one I haven't tried yet.

TobiF
TobiF

1. I know. Just felt that I'd like to mention it specifically. 2. Of course. Somehow, IT professionals very often know more about computers than most other people. 3. Here I just referred to a specific behavior I've noticed with Chrome on my computer. The automatic update typically installs a new version, but leaves the old version instact on the HDD. When you run Chrome, you'll be using the new version, so everything is fine. But PSI warns me about the old version in a parallel directory. So, in the case of Chrome, my solution when PSI flags an old version is usually that I just need to delete the now overruled version. This was just an off-topic side note to your interesting and useful article. Oh! Happy Holidays to you and your sysadmin friends!

AnsuGisalas
AnsuGisalas

When I got around to trying to run the file, it turned out to be incomplete. I read in their boards that their server can drop downloads prematurely if it's gridlocked, so I guess that's why it was suspicious looking to ZA... Very nice program now that I got the complete download :)

auogoke
auogoke

Mr. Horowitz, These are indeed important issues. How about doing some research and sharing your findings?

Michael Kassner
Michael Kassner

There are many reviews of this particular application. I wanted to make sure the members were aware of PSI now having the ability to auto update.

santeewelding
santeewelding

The only big toe you had. No big loss, though, since it went by the name of, hubris.

TobiF
TobiF

Just happen to know (from my own use of it)... 1. How PSI deals with limited/restricted users. Not everyone runs as an admin user at all times. PSI 2.0 has a notion of how much information would be revealed to a limited user. So I guess this issue is somewhat covered by the solution. 3. Whether, like their online product, PSI has a "search everywhere" mode or if it only looks in the standard folders for applications. For example, if you install an application into a non-standard folder, will PSI find it? Also, does it find portable versions of popular apps for which there is no such thing as a standard installation folder. PSI searches your whole drive. It will group together multiple instances found of one program. If you click into more details, you may see where these files were found and exactly what versions were found. 4. How many applications does it support? In your testing, did you find applications that it did not support. My personal take is that I'm surprised how many applications it recognizes and supports. Haven't noted any serious white spots at all. Well. It doesn't find my sudoku game. But, on the other hand, I don't think there has ever been any update published to it... And, if you find a program they don't recognize, then Secunia begs you to tell them about it. 5. How it deals with software for which there are multiple current versions. For example, Adobe for a long time kept both v8 and v9 of their Reader up to date, security wise. In fact, because Reader 8 did not have Flash it was arguably more secure than v9. New main versions are treated as separate applications. Outdated versions are flagged as out-of-support. 6. How PSI deals with known buggy software for which there is, as yet, no bug fix. This is a big problem, in my opinion, with their online product, as it fails to report on this in any way. In general, they consider this out of scope. But there's one exception: If you look at browser security, then you'll find information about known but not yet patched security holes. On a general note: This is a forum where people interested in IT-related issues socialize and share their experience. Together, people on this forum have a great deal of knowledge. But it may pay off to be a bit more humble. Ask rather than demand. Help, rather than criticize and so on. Oh, and if you'd have read the full discussion thread to this article, you'd actually have found at least some clues to several of your questions... Maybe you can even try PSI out yourself and supply your findings! That would be a nice contribution! :)

AnsuGisalas
AnsuGisalas

you look to these blogs for the be-all-end-all documentation of all features real and imagined? Documented or no? That says more of you than of what and who you comment on, if you don't mind my saying so. Even more, if you knew how Mr. Kassner works, you'd realize that these are questions you could ask. And for which you would be appreciated. Instead you seem to whine about your thoughts not having been wordlessly anticipated. That's a behaviour usually not found in adults. Again, if you don't mind me saying so.

Michael Kassner
Michael Kassner

I will dive in further now that you brought it up. I was concerned by MS mentioning that some software is incompatible with EMET. MS quote: "The security mitigation technologies that EMET uses carry an application compatibility risk with them. Some applications rely on exactly the behavior that the mitigations block. It is important to thoroughly test EMET on all target computers by using test scenarios before you deploy EMET in a production environment. If you encounter a problem with a specific mitigation, you can individually enable and disable the specific mitigations. For more information, refer to the user's guide that is installed with EMET."

Michael Kassner
Michael Kassner

Running into a strange issue with my Adobe Acrobat 9.0 though. I may have to start a ticket.

TobiF
TobiF

Hi Michael, I've emailed you separately. Will try to play with my profile when I get around to it, but have been a bit busy lately.

AnsuGisalas
AnsuGisalas

I don't feel entirely certain about the wisdom of keeping old versions on HDD... it just becomes too unpredictable - who says that malware can't raise an old version from the dead? And since java and adobe updating is apparently easily broken (I've had numerous issues with unupdatable instances of those), it's not something I'd want to risk. I think digging them up and putting them on the pyre is probably the for the best...

Michael Jay
Michael Jay

I think somewhere I read that it was insecure and I did uninstall it and that was some time ago, but Secunia saw it and showed the folder it was in. So I deleted the folder and rescanned, it still showed. Regedit, I removed all references to the file, rebooted and google toolbar was gone. Secunia at 100% cool. Still it did not notice that I had an outdated version of IOLO's System Mechanic, but you can't win them all. Happy New Year Michael

Michael Kassner
Michael Kassner

I have quizzed Secunia about Adobe and Java. I will report back with anything I get from them. Until the article, I thought my issue was an isolated incident.

Michael Jay
Michael Jay

right? Even with Secunia not realizing it, the hole the update patched is fixed, correct? Adobe and Java as well, need a better cleanup after their updates.

Michael Kassner
Michael Kassner

Adobe Acrobat appears to be acting in a similar manner. Yet, to reinstall it at each update would be painful. Acrobat takes up to 45 minutes to fully install.

Michael Kassner
Michael Kassner

Not sure why a reset is needed. Passing that along as well.

AnsuGisalas
AnsuGisalas

have them all side-by-side on your computer, PSI tells you which one (if any) has "only" zero-days to worry about :) I had trouble with one update, but PSI niftily supplied direct links to the vendor download pages; no need to even go through their front door or deal with ads or anything. Very good.

TobiF
TobiF

Advanced vs basic view was a part of the previous version. Not so now. I'd say that "Basic view" now is replaced by "Automatic updates". So, MKassner was right when he said that the interface is completely changed. That's true. And I'd say - for the better.

Neon Samurai
Neon Samurai

I have portable Unison handy. I hadn't thought about it but turns out, the Windows version bundles in gtk libraries required by the app. PSI actually marked the gtk libraries as outdated and provided a link to fetch the latest gtk for Windows. I could see marking Unison as outdated and requiring update but to mark an otherwise unlisted dependency separate from the whole.. That one impressed me a little. TobiF, did you look at the advanced interface or only the basic? You may find the missing functions in the advanced view.

santeewelding
santeewelding

How much, for that? Whatever it is, I will pay without complaint.

Neon Samurai
Neon Samurai

I like that it has the autoupdate feature and that it's on by default. I only suggest disabling it for users like myself and our EAU regular.

Michael Kassner
Michael Kassner

At the people that do not want to mess with updates or those that are not familiar with the need to update. You are neither.

Michael Kassner
Michael Kassner

I now get your point about Chrome. Also, I value your opinion, as I consider you an expert as well. I should have been a bit more clear in the article.

Neon Samurai
Neon Samurai

Google announced some business friendly features in the latest Chrome version. centralized install and management I think primarily. I'd hope it would include better install/uninstall management though. That was the primary reason it came back off the work test machines; crap a mess all over the hard drive in the name of circumventing administrative controls. (edit): With PSI v2, uncheck auto-update and still get the updated PSI engine less that function. I'm not a fan of auto-update either and often not even "notify before installing updates" options.

AnsuGisalas
AnsuGisalas

The same basics as PSI could also generate a template list and store it as a file. That wouldn't need to be anything other than version-specific indentification of the applications... PSIs technology could then be modified to read the template (rather than the present system) locate the installers, and presto, buildpack-on-demand, even when a disk has been totaled. In fact someone in the know could maybe write that with the PSI API...

Neon Samurai
Neon Samurai

Make a directory; \name-buildpack\ Create a vesioned directory for each third party app: \name-buildpack\Adobe Flash Player v10.1.102.64 \name-buildpack\Adobe Reader v9.09.332 \name-buildpack\Oracle Java RE v7.5.323 Each app directory contains the installer: \name-buildpack\Adobe Flash Player v10.1.102.64\install_flash_player.exe \name-buildpack\Adobe Flash Player v10.1.102.64\install_flash_player_ax.exe Monthly, work down the list of app directories checking for updates: \name-buildpack\Adobe Flash Player v10.1.102.64 \name-buildpack\Adobe Flash Player v10.1.105.37 \name-buildpack\Adobe Reader v9.09.332 \name-buildpack\Oracle Java RE v7.5.323 \name-buildpack\Oracle Java RE v7.5.482 So, you update Adobe Flash and Java along with your Patch Tuesday (14:00'ish EST). Aditionally, you may want to write the following: \name-buildpack\install.cmd \name-buildpack\regStandardWindowsXP.reg \name-buildpack\skelWindows\su.cmd \name-buildpack\skelDesktop\update buildpack.cmd With directories: \name-buildpack\skelDesktop \name-buildpack\skelDesktopAll \name-buildpack\skelPortablePrograms \name-buildpack\skelProgramFiles \name-buildpack\skelWindows For install, script as much as you can.. bash, powershell.. whatever your going to have standard on your systems. I create icons and "all in one" installs in relevant skeleton directories then copy them into place. If I didn't version my directories, I'd probably have the script run the relevant .exe or .msi for each app. The real next step would be building custom .msi for each; automate or set defaults for setup wizard. On a flashdrive, I have a .cmd which updates the flashdrive from a centrally stored version a-la-xcopy-/eiy. I also have a .cmd which xcopies the flashdrive directory to the workstation's admin desktop. When you update the central version, delete the older versioned directories (or .zip and move 'em elsewhere). It should have only the most current of each versioned directory or latest changes too a skeleton dir. When you update the workstation/s the copy from network or flashdrive adds the newer versioned directories leaving the older ones to mark the need to upgrade and delete the old (it's a To-do list recursion?). Manually delete the skeleton directories if you've made changes since then shouldn't change frequently. It still sucks to go through each third party update manual download but if you've got more than one machine it starts to pay off quick. Add PSI into the mix if it's a personal machines build pack and you know exactly what updates to go find rather than rechecking the entire list each month. Things like Flash and Java's own notifications provide the same function as PSI. Oh.. rem su.cmd rem install: copy su.cmd to \windows\ or any directory in your path rem use: win+r = su, enter admin password @echo off runas /user:administrator "cmd /T:0C /K cls" exit

AnsuGisalas
AnsuGisalas

Seeing the list of programs is daunting... going through them (when remembering to do so) one by one to see if they're up to date, it's not likely to happen in a timely manner. So PSI is definitely a great help. I had two updates pending... one problematic, but now at least I know to deal with it.

Michael Kassner
Michael Kassner

Let me know what you think after you use it for awhile. Your opinion is important.

Michael Kassner
Michael Kassner

Thank you. If you feel there is a need, I will gladly put an note in my queue to write a complete review. In fact, if you have anything you want looked at, please let me know.

auogoke
auogoke

I figured the information is available elsewhere. I was actually more concerned about his tone.

Michael Kassner
Michael Kassner

He writes for ComputerWorld. You may find some information regarding your inquiries there. My intent was to point out the new auto update feature. The Secunia Community Page has an abundance of information: http://secunia.com/community/

Jellimonsta
Jellimonsta

That is why I have EMET default to DEP for all applications, in order to mitigate against buffer overrun. I also have most every app mitigated against stack overflow and make use of address space randomization. :) It may not be perfect, but for free, it is a pretty nice bolt on for Win7 boxes. Unfortunately, XP cannot make use of most of the advanced features of EMET 2.0, but at least DEP will help XP somewhat.

Jellimonsta
Jellimonsta

EMET 2.0 has a pretty nice GUI so it is easy to navigate to include or exclude applications from mitigation. I have it running on a couple of personal systems, but so far, have not had any issues with any of the apps I am running. I need to give myself a reality check every now and then though. I was starting to slip into a false sense of security because of browsing with Chrome (and the sandboxing of processes it does), using Adobe Reader X (and the same sort of sandboxing), and then running EMET. I sometimes thought my system was pretty secure. ;)

Michael Kassner
Michael Kassner

I have updated Acrobat 9.0. Adobe confirms it, but PSI still registers I need to run the update.

Neon Samurai
Neon Samurai

been ok on my systems with Adobe Reader but no Acrobat at home and no CSI commercial license for use at work.