Windows

Review: Secunia Personal Software Inspector

For anyone who has had to (or wanted to) keep up with all application updates on a machine, from a single point of contact, Secunia PSI might be just the tool.

When you manage systems one of the most critical aspects is keeping applications up to date in order to avoid security problems or to install new features. This isn't a problem for the operating system itself, because Windows informs you when updates are available. But for those many applications you have installed on your PC(s), having a way to keep track of when an update is available would certainly make the administrator's job all that much easier.

One tool is the Secunia Personal Software Inspector. This tool keeps track of all applications installed on your machine and when/if they have updates available. From within a simple GUI window, the administrator/user can click a single button to act upon the latest information. Nearly 100% of the time, these actions will be in the form of an update.

Specifications

  • Supported operating systems: Windows (32 and 64 bit) 7, Vista, XP, 2000
  • Privileges: Must have administrative privileges to use
  • Connectivity: Must allow access to Secunia servers which are SSL-encrypted as well as access to Microsoft Windows update servers
  • Windows update: Must have the most recent updates from Microsoft
  • Additional vendor information

Who's it for?

For anyone who has had to (or wanted to) keep up with all application updates on a machine, from a single point of contact, Secunia PSI might be just the tool. This tool allows you to manage a single PC's updates with a simple point and click interface. If, however, you want to be able to manage numerous machines from a single location, you will need to look into Secunia Corporate Software Inspector. The cost of CSI (starting at $2,700.00 annually), however, will bring many users back to PSI.

What problem does it solve?

If you manage PCs you know how critical it is to keep applications updated. But going through and manually checking for updates is a very time-consuming task. Instead of doing this manually, Secunia PSI actually handles this process for you. When application updates are available, the Secunia PSI dashboard will list them and allow you to update them by clicking the update button. This process will then automatically open the applications latest download (from within Internet Explorer) and then allow you to install the update.

Key features

  • Uses vulnerability Intelligence (by Secunia)
  • Update verification
  • Quick access to patches
  • Covers all MS programs and third-party programs
  • Verifies  vulnerabilities in applications and plugins
  • Multiple user access
  • Reporting
  • Monitor hosts for insecure installations
  • Runs through browser
  • Free
  • Threat level warning

What's wrong

One of the biggest problems with making the decision to install Secunia is deciding if the application is closer to spyware than it is a useful tool. But after scanning PSI with multiple tools I have found it to be fairly safe. The other, bigger issue is that larger companies are not going to be able to justify the extra time system administrators would have to spend going to each machine in order to make sure they are fully updated. One other nitpick I have with the application is that no matter what browser you have set as your default, Secunia will only work through Internet Explorer.

Bottom line for businesses

If you (or your IT administrator) doesn't mind going from machine to machine to ensure applications are up to date, and you like the free price, Secunia PSI might be the most useful update solution you will find. If, however, you (or your IT administrator) feel moving from machine to machine for this task is a waste of time, then you might have to shell out for the corporate version of the tool. Either way, Secunia is an outstanding means to keep all installed applications up to date. With all of your applications up to date, you can at least know that any recent security holes are patched (so long as the applications' developers have patched said holes and released the patches).

Competitive products

User recommendation

Have you encountered or used Secunia Personal Software Inspector? If so, what do you think? Rate your experience and compare the results to what other TechRepublic members think. Give your own personal review in the TechRepublic Community Forums or let us know if you think we left anything out in our review.

Read our field-tested reviews of hardware and software in TechRepublic's Product Spotlight newsletter, delivered each Thursday. We explain who would use the product and describe what problem the product is designed to solve. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

20 comments
TobiF
TobiF

I have used Secunia PSI for a while on Vista and Win7. The installer clearly reminds that PSI is for personal use. So, the recommendation in the article may not be fully correct. However, I've been using it on my private computers, and I'm quite happy with it. Pro: PSI will very quickly notify me when a security update has been released for flash etc. PSI continues to help me always keep my software updated. Cons: CSI regularly contacts the Secunia server to update its list of latest versions of different applications. If such a connection attempt fails, the program won fails and exits. (This is version 1.5.0.2). Secunia uses flash to run. So, if you update flash as prompted by PSI, the previous version won't be uninstalled, then you have to remove it manually after you've restarted PSI or rebooted the computer. My workaround: when a new flash installer has downloaded, I exit from PSI before I run the installer. A couple of times, I've had situations where PSI didn't correctly an updated version of a program, but these situations where usually corrected within a week or so. Secunia recently released version 2 in beta. This version shall automatically update software, but I haven't tried it. (I prefer to regain my control on what, how and when to download & install updates.)

Web95
Web95

I like this program. It has been very useful to alert me to program updates that I have been forgetting to check. I have used it for about a year and mine has always worked with Mozilla Firefox.

rwbyshe
rwbyshe

I'd be interested in having you explain this comment you made in your review. "One of the biggest problems with making the decision to install Secunia is deciding if the application is closer to spyware than it is a useful tool." Please explain why, when you are essentially recommending this product, that you made the spyware comment. Thanks

GreyTech
GreyTech

I have been using PSI for several year on several PCs at home. It has always worked well on XP, Vista and W7. The most useful feature is how easy it is to find the out of date software left around by poor uninstallers. As previously mentioned Java and Flash are both common culprits. Usually they are either in use or in the case of flash old dlls not removed because Adobe often don't bother to unregister them when updating. Using the "Open Folder" option will take you to the reported vulnerable or out of date version rather than necessarily the current version. The feature to show "Secure Browsing" Keeps Mozilla updating but Google and Microsoft don't seem to bother fixing their vulnerabilities. Overall a worthwhile product particularly for literate or at least fairly competent PC users.

garry_k
garry_k

I have used it for some time now. I like the concept, but it has some faults. Often it will show problems with a pogram needing updating, even after it has been updated. Java seems the worst one, and Windows is another.

bkindle
bkindle

I have installed and started using the 2.0 Beta of PSI, the auto updating feature is working great for many applications such as java and adobe products.

Neon Samurai
Neon Samurai

I understood PSI to be for non-comercial use based on the license so one would need CSI for honorable business use. Does the PSI license actually permit business use? This is really the only thing that has stopped me from using it outside of personal machines so I'd love to find out business use is permitted.

Mark W. Kaelin
Mark W. Kaelin

What tools do you use to track whether your organization's application software is patched and up to date?

Neon Samurai
Neon Samurai

I've been wondering why the Flash update left the previous version behind with PSI continuing to complain about out of date software.

Neon Samurai
Neon Samurai

I'm not sure if PSI downloads the latest update data and compares it locally or if it delivers an inventory of your software up to the PSI central servers for review. I'm guessing the first option of local comparison. It does relay stistical information back up to the central server though. Harvesting and providing information to an unknown third party places it closer to the spyware category though it may be desirable and voluntary.

ultimitloozer
ultimitloozer

This has to do with the files that need to be updated being in use already. The most common one I see (and get complaints about) is Flash, followed by Java and Windows components. The Windows stuff almost always requires a reboot of the system for it to show that the files have actually been replaced. The Flash issue can be avoided by closing all web browser windows and any other applications using Flash (including PSI), uninstalling what you currently have, then installing the new version. The Java issue can normally be resolved by ensuring that no Java apps are currently running (including web applets in browser windows) before installing the update. A complete uninstall of Java and fresh install of the latest version will often offer better results and a cleaner system (I have yet to see a Java install actually removed the old version completely by itself). On PSI in general, it works well, but it only reports on updates with security fixes. There may be an update for a product that has feature enhancements, but they will not be reported if they do not also include a security patch (as of v1.5.0.2). As for the CNet TechTracker mentioned by someone else here, I stopped using it months ago since it had an annoying habit of misidentifying some of my installed programs and listing updates for software that was not even installed on the machine and after an update to the TechTracker app itself, it would hang in the "scanning" state and required a restart (only to do the same thing no more than 2 days later). After displaying a complete lack of concern over the results of their update (the only change made to the machine in question for nearly 3 weeks), I removed it from all of my machines.

Neon Samurai
Neon Samurai

I've had the same thing happen. I believe it is because PSI doesn't catch all system changes right away. I've not yet seen it miss an update when rerunning the system scan manually though. If you don't get a "something has changed" popup when doing your Java, try the manual scan (a tab under advanced view). One that surprised me was being told that the GTK library in behind Unison was out of date; here's where to get the library in a zip file so you can drop it in place. I'll have to see if PSI2's autoupdate takes care of that level of detail.

john3347
john3347

Secunia offers a non-free Corporate Software Inspector (CSI) for commercial enviroments/users. Secunia's description of CSI is very similar to PSI. http://secunia.com

Ron_007
Ron_007

I've been using it since it was in beta. I like it a lot. I especially liked my first few runs. I found lots of (old) software I wasn't even aware was installed. That included a bunch of applets I had sitting uninstalled in my "download" folder. They were quickly moved to off line storage. Others have already mentioned that the corporate version is CSI. It does have a few quirks: - it needs Adobe Flash to render it's graphics - it focuses on security patches, it does not list simple non-security related upgrades - browsers are almost always listed as insecure because the have known unpatched vulnerabilities - it doesn't see all apps - as others have pointed out, it likes to tell me to update my Office 2003 and 2007 installations to 2010. But I don't want to do that, I just want it to check that I have all current patches applied - it has separate entries for some executables for the a single program. I have one program with 6 entries: 1 for V13.x 64bit (on a 32 bit machine, should investigate that), 2 for V13.x and 3 for V15.x - it has a real problem identifying my HP laptop vendor specific applets (it doesn't find many of them) and has lots of problems finding valid download links to the ones it does find I see you already mentioned SUMO, I also use FileHippo Update Checker (http://www.filehippo.com/updatechecker/) and Software Informer (http://www.informer.com/) . These apps, plus Windows Update, find many apps on my machine. It does take a while to work through all the hits they find, since not all of them are valid. But they are improving.

paul.froehle
paul.froehle

I like PSI, but sometimes I get a Windows fatal error in PSI, the application will be terminated. I haven't tried it on my Windows 7 machine yet. I just use the OSI when I get around to it. I'm not using the beta version. Anyone know how to get around the crashes other than just restarting it manually?

zachelect
zachelect

I've been using Secunia since it started, and it does have some idiosyncrasies, like when you update an app, and it still says it needs the update. Also for MS products, to offer an update for Word 2003 as Word 2007/2010 is just stupid. It does however allow you to ignore them, when that happens. I used both Secunia & Techtracker, at the same time, and one would advise an update, while the other ignored it. So they both do certain things well, but not everything. They both require tweaking in their scanners.

grassiap
grassiap

the old ocx is locked in use by PSI itself. this somehow also happens with some windows DLLs (older MSXML). My usual W/A is reboot and manually remove the offending file.

jmbrasfield
jmbrasfield

Have used PSI for the last year or so on my M$ Windows machine, it is not necessary for my three Linux machines, and have found it useful with all the various updates to Windows software that are out there. Another similar program is Cnet Tracker, it too helps you track software updates. Both do an excellent job of monitoring your non-M$ software and aiding you in staying up to date and secure on a per workstation basis, which is not much of a problem with Linux. (Great, another Linux fanatic, just what we need!)

Neon Samurai
Neon Samurai

No updates outside of AV signature files should be done automatically anyhow. Shutdown PSI, do the update dance though various utilities, reboot if needed, rescan with PSI and confirm results.

Neon Samurai
Neon Samurai

Unless something better comes along, CSI is on my wishlist for work when/if justified. It was the central management aspect and integration into WSUS that had me running the 60 day trial. The mention of business use of PSI is what threw me off. If PSI in business use was within it's license and CSI's central management was the "value add" proposition then I'd probably be installing PSI on all the machines today. We're not a big network in the hundreds of nodes so walking machine to machine is not a problem. I have to put my vote in for how repository based distributions do things though. I've said more than once that Windows should be moved to a proper repository rather than Windows Update only including drivers outside of MS products. It would remove a huge point us penguinistas gloat over but it'd bring worlds of benefit to the end user. Business politics pretty much negates this from happening any time soon. Heck, even if MS provided a plugin framework for the central Windows Update utility in Vista/Win7 so Java, Quicktime and such could simply notify and download updates or go all in on a *nix like repository where the package manager will use third party repository addresses just as it uses distro provided ones. I dream of the day my Windows install involves checkboxes for all my third party goodies under Windows Update or a simple cli based package manager I can script against. Msiexec just needs to tap the repository list and the .msi format could be acceptable as the standard Windows package.

Editor's Picks