Secunia releases Security Patch tool for Windows Applications

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: SATNAC 2005 Summary
< Ciao! We're off to Italy | Forrester says Deloitte rocks the Enterprise Risk Management Party >

Sunday, July 29. 2007

Secunia releases Security Patch tool for Windows Applications

A big problem in the win32 world is managing patches for the various applications you have installed. Windows does a good job of patching itself with Microsoft Update, but other apps aren't as good. Some, such as Adobe, have their own updater, but these updaters aren't consistent and leave you trying to manage several different updating tools, with several different schedules and capabilities (e.g. does it support your proxy), and you still end up with more than half of your win32 apps not having an updater at all.

In the *nix world, package managers have mostly done a good job of fixing this problem. In this spirit, Secunia has released their Personal Software Inspector, which will alert you when *security* patches (not every update, much like security.debian/ubuntu.org) are available for over 4200 apps. It does this by using file signatures and .dll/.ocx version numbers. Communication with the Secunia servers is secured with SSL, and they only collect version information and not personal info. At worst, they will know who is using which apps, but they claim to delete even that info after 12 months, so not a large privacy concern.

This could be a useful tool beyond the personal desktop by adding it to the auditor's arsenal. When auditing a machine, give the PSI a run, and see if *all* apps have been patched or just windows.

Posted by Dominic White in Security at 21:45 | Comments (0) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry