You’ve almost certainly already got Internet security and firewall software installed – these are obviously key to keeping safe when using the Internet. However, software which you use is also likely to contain weaknesses which are discovered and then patched by the company. These weaknesses could potentially put your computer at risk – so it’s best to avoid them. However, it’s not always easy to check whether your software needs updating. Much of it probably won’t alert you, or might only very occasionally run a check. That’s where Secunia Personal Software Inspector comes along to rescue you.
The name is a bit of a mouthful, and my weary hands and addled mind do not want to keep repeating it; so I’ll be likely to refer to it as PSI at times here. The file size is very small – the download coming it at about 530 kb. Once you’ve installed the software and opened it, a window will pop up, which, after loading, will allow you to run a scan of your computer. During the scan PSI is sifting through all your software and checking them against its database. This database contains the versions of software, and the security issues related to them. Be patient during this phase. After scanning, it’ll then let you know if it’s found anything that needs sorting out.
It will list the software name and version; the threat rating; a link to a patch or update download; and a link to a forum for the issue. Clicking on the threat rating, which appears as a bar with a number of coloured squares within, will take you to a Secunia webpage with more information about the issue and its severity. You can click the arrow underneath the ‘Solution’ column to download patches or updates to fix the issues which it found. If you’d rather not take this route, you could manually download a newer version of the software which it’s getting upset about. Once the issues have been fixed, PSI should automagically realise this and remove it from the list. If not, simply scanning again will give it the nudge which it needs to appreciate your efforts.
There’s also the option to view the advanced interface. This looks a little bit deeper, but makes things more confusing. For example, when changing to advanced mode PSI picks up around ten threats on my desktop; but these are all from software which is more hidden away in windows folders; or the remnants of updated software, rather than installed and used applications. The advanced mode also provides links to the folders containing the software with which it finds issues, which will allow you to have a wander around and decide whether you’re willing to tamper with it or not. For most users I’d suggest not changing to advanced, as simple mode seems to provide all the functionality needed.
Secunia PSI will continue to run in the system tray even when you’re not using it. It will keep an eye out for software updates and security patches. If you install a new application it’ll check it against its database to see if there are any known security issues, and will then advise you as to updates and patches. Similarly, if issues arise with software you are running, it will diligently alert you to this, too. You can also go back and run a full scan as often as you wish – just to make sure everything’s up-to-date and secure.
Overall, a rather spiffing bit of kit. Once the first scan and update is completed, you’ll have very little else to do other than follow the updates as and when PSI lets you know about newly discovered security issues. You can download it from www.secunia.com/vulnerability_scanning/personal.
The past week or so has seen two critical security vulnerabilities surface in Adobe’s products. The first, discovered on the 20th February, is a vulnerability in the Adobe Reader software, used for reading PDF files by both home and business readers. Currently a malicious PDF document could run code on a computer which allows them access to the system. This vulnerability is currently ranked ‘Extremely critical’ by Secunia, the industry leader in security warnings.
Adobe Flash Player, another extremely popular and common product, was also found to have several major security issues. The alert for Flash Player was made just five days after Adobe Reader’s. However, this vulnerability is not deemed to be as dangerous since in order to be exploited the user must be physically using the computer. Nevertheless this could pose a risk in businesses, where a malicious user may exploit the vulnerability and gain access to personal information stored on the computer or network, even potentially gain privileges on the computer network in order to cause damage to the system or gain further access to sensitive information. This set of vulnerabilities creates a list of four currently unpatched and critical issues which affect Flash Player 9 and 10, Flash CS3 and CS4, as well as Adobe’s relatively new AIR product.
It is advised that users do not open PDF files from sources they do not trust. Some also suggest that alternatives are used in the place of Adobe’s Reader application – such as Foxit. Fixes for the issues are not expected until 11th March.