- slide 1 of 4
Secunia is a relatively new player in the field of security software. They recently released a final version of Personal Software Inspector (PSI), an impressive program that is free for home use. You can download it from here. Setup is quick and simple and does not require a restart. The program takes up little in the way of hard disk space or CPU cycles.
- slide 2 of 4
Why do I need PSI?
A large proportion of malware attacks on Windows-based computers exploit security vulnerabilities found in applications (as opposed to the Windows operating system itself). Microsoft Office may be the best known set of applications that attackers exploit, but many other products are vulnerable (including software from Apple and Adobe). The companies that produce these applications often respond quickly to identify and fix these holes once they are reported, but the fixes are useless if you don't know about them and update your applications. This is the role of PSI: it scans your system, matches the results against its online database, and reports which applications are insecure.
Is this a widespread problem? Secunia released a study, based on the reports of over 20,000 users of its products, that claims over 98% of PCs inspected contain insecure (out-of-date) applications. I can tell you from my experience administering PCs that this claim is quite plausible; I have never yet installed PSI on a system that was completely up-to-date. I was a bit embarrassed to find my own system, recently built and rigorously patched, had more than ten applications listed as insecure. How could this happen?
- slide 3 of 4
How PSI Works
PSI does a more thorough inspection than the average user. It checks application files, but also scans libraries and system files, as well as checking for outdated versions that were not completely removed. This last category is where the most security-conscious user can be surprised. Java, for example, is famous for frequent updates; what you may not know is that it leaves every previous version on your system by default. This may be useful for backward compatibility, but it is not a good idea from a security perspective.
Once a scan is complete, PSI presents a report listing the insecure applications, along with a severity ranking from 1 to 5 reflecting the likelihood of malware exploits trying to take advantage of the situation. The report also provides convenient links to downloadable patches, when available, and help files.
I like the fact that PSI does not settle for static protection: it remains active after the initial scan, tracking your software changes and alerting you to new patches. Secunia's online database is extensive and frequently updated; I have seen PSI report patches that were less than twelve hours old. You can control the frequency of scans and reporting, but the default settings seem to work fine for most users.
- slide 4 of 4
PSI is a highly recommended addition to your Windows security setup. It does its stated job very well and you can't beat the price.