Secunia releases Security Patch tool for Windows Applications

A big problem in the win32 world is managing patches for the various applications you have installed. Windows does a good job of patching itself with Microsoft Update, but other apps aren't as good. Some, such as Adobe, have their own updater, but these updaters aren't consistent and leave you trying to manage several different updating tools, with several different schedules and capabilities (e.g. does it support your proxy), and you still end up with more than half of your win32 apps not having an updater at all.

In the *nix world, package managers have mostly done a good job of fixing this problem. In this spirit, Secunia has released their Personal Software Inspector, which will alert you when *security* patches (not every update, much like security.debian/ubuntu.org) are available for over 4200 apps. It does this by using file signatures and .dll/.ocx version numbers. Communication with the Secunia servers is secured with SSL, and they only collect version information and not personal info. At worst, they will know who is using which apps, but they claim to delete even that info after 12 months, so not a large privacy concern.

This could be a useful tool beyond the personal desktop by adding it to the auditor's arsenal. When auditing a machine, give the PSI a run, and see if *all* apps have been patched or just windows.

Sunday, July 29. 2007
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

Name
Email
Homepage
In reply to
Comment
	Remember Information? Subscribe to this entry