Secunia PSI: The Best Software Update Tool You've Never Heard Of
Secunia is an Internet security company, based in Denmark, with a truly global reach. In addition to its highly regarded security and vulnerability assessment tools, the company is also well known for its reporting on and handling of security vulnerabilities of all kinds.
Secunia Personal Software Inspector (PSI) is a software tool for Windows XP, Vista, and Windows 7 that Secunia makes available to users free of charge. The free software comes in a downloadable version. A companion version, Secunia Online Software Inspector (OSI), may be accessed via an online scan as well.
A commercial version of this software, Secunia Corporate Software Inspector (CSI), is available to businesses and corporations for a licensing fee of $2,700 for up to and including 100 users. The program works with a centralized server and can be configured to perform specific scans on corporate PCs, as well as providing corresponding patches and updates.
What makes Secunia PSI and its brethren such great security tools? The program is easily configured to run regular scans of software installed on the PCs where Secunia PSI runs (once a week, by default). When the program recognizes an application or a system component that's out of date or needs a security update, it provides a report to the user[md]and it can even be configured to download and automatically install most such patches without requiring user intervention.
Installing and Using Secunia PSI
At the Secunia PSI download page, users download a 1.66MB file named PSISetup.exe. The program works with any version of Windows 7 or Windows Vista, and with XP versions that have had Service Pack 3 applied. Download and installation are quick and easy, and the program itself is pretty easy to use. It installs a quick launch icon into the Windows Vista or 7 notification area, or it can be launched from the Start menu as Secunia PSI. Figure 1 shows the initial screen for the program.
Figure 1 Home screen for Secunia PSI.
To check your PC for missing patches, fixes, or updates, click the Scan Your PC entry at upper left. This action launches the Secunia PSI scanner, producing a display like that shown in Figure 2.
Figure 2 Scan progress screen for Secunia PSI.
The program begins its work by downloading a constantly updated set of search rules from the Secunia servers. Next, it searches all files on local hard disks and other installed storage, after which it collects information about all the files it has found. At the same time (on multithreaded or multicore PCs), it checks the operating system and then launches a Microsoft security patch check by comparing what it finds in the Windows Update history file to what PSI itself knows about Microsoft updates. Once the various searches are completed, PSI checks that data against its file signatures engine, and it reports the results of any missing updates, patches, or fixes to the user.
Figure 3 When no updates, patches, or fixes are needed, Secunia PSI grants a 100% system score.
Figure 4 Each program in need of an update or fix docks the overall security score by a prorated percentage.
Individual details on programs can be expanded by clicking the plus sign (+) at the left, as the Google Chrome item in Figure 4 shows. Further information is also available by double-clicking the final line in the Google Chrome display pane. This additional detail is shown in Figure 5.
Figure 5 A detail sub-pane for Google Chrome provides access to more controls and information to drive the patching or update process.
Google happens to be very good about updating itself as soon as it's launched in Windows 7. So instead of using the Install Solution link at the top of the right-hand pane in that window, I simply launched Google Chrome through the Start menu to trigger the update process. Once that process was complete, I clicked the Re-scan Program entry just beneath the Install Solution link. In this case, I observed an interesting anomaly that you encounter occasionally in Secunia PSI (captured in Figure 6).
Figure 6 PSI detected the Chrome program as patched, but still shows a "zombie installation" in the Detected Installations pane at the bottom of the display.
What causes this anomaly? The PSI re-scan is so fast that it completes before the Google Chrome post-install cleanup is finished. If you wait another minute or so after the install is finished (or close and then reopen Chrome), that spurious entry disappears!