I would like to side-step all pretenses about how and why software is flawed. And, instead, focus on what we can do to protect ourselves from the vulnerabilities caused by the flaws. Have you heard: "Make sure your software programs are up to date?" It's becoming a tired mantra, but alludes to one of the best ways to stay safe online.
Not so simple
Keeping updated seems simple enough, but becomes complicated when put into practice. Questions occur. For example:
- How do I know if a program is up to date?
- How often do I need to check for updates?
Some software companies cover the questions by having an automated client application and scheduled updates. Microsoft, for instance, uses Windows Update to roll out patches the second Tuesday of every month. If there is a serious problem, Microsoft will issue an out-of-sequence patch.
Google is another example. The Chrome web browser automatically updates in the background without any user interface.
Unfortunately, Microsoft and Google are the exception. Other software developers tend to update at their convenience or if a major issue surfaces. Which begs the question: How are we supposed to know when that is?
One company makes it their business to know. That company is Secunia. They have developed scanners for the corporate world and a freeware version for consumers called Personal Software Inspector (PSI). It is reassuring to fire up PSI and check if programs are up to date. If not, PSI will offer suggestions on what to do. It works well, if you remember to update.
Having to manually update is the chink in PSI's armor. By not automating, the process tends to be hit or miss.
That has changed with version 2.0 of PSI. Jakob Balle, VP of Product Development for Secunia refers to the new update feature:
"Secunia aims to solve this problem with Secunia PSI 2.0, featuring updates that are truly automatic. In the sense that, if the user prefers, Secunia PSI 2.0 can install most security updates without requiring the user to download, run, or otherwise perform manual actions to patch their PC."
Secunia received a vote of confidence on PSI 2.0 from the Online Trust Alliance:
"The Online Trust Alliance applauds the launch of the Secunia PSI 2.0. OTA has been working with Secunia for over two years to develop best practices and solutions."
Downloading (less than 2 MB) and installing PSI is painless. Also, the install is one of two places where you configure the auto-update feature:
The next configuration PSI asks about is whether you want to have the tray icon show all the details:
If you are a current PSI user, you will notice the user interface screen has changed dramatically. I asked several system admins what they thought about the new interface. All commented it was an improvement:
Advanced users may not like having programs update automatically. Having thought of that possibility, Secunia offers the choice of only allowing updates to install with user approval:
I asked the same system admins what they thought about Secunia overall. To a one, they said it was one of few applications that has never disappointed them. I tend to agree.
Michael Kassner is currently a systems manager for an international company. Together with his son, he runs MKassner Net, a small IT publication consultancy.