Secunia PSI 3.0 silently deploys security patches for Windows software

Danish vulnerability intelligence and research firm Secunia has launched version 3.0 of its Personal Software Inspector (PSI) patch management program, which can silently install security updates for a large number of software applications.

PSI leverages Secunia’s vulnerability intelligence to determine if software programs installed on a user’s Windows computer are missing security patches. The product is free for personal use and supports applications from over 3,000 software vendors.

[ Learn how to secure your systems with Roger Grimes’ Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The first version of the program was only capable of notifying users about available security updates and providing them with links to download them.

That changed in version 2.0, which added the ability to automatically download and silently install patches for a limited number of popular applications like Adobe Reader, Flash Player and Java.

The new PSI 3.0 extends the silent patching functionally to all supported applications. However, users can enable and disable the feature at will from the program’s interface.

Secunia is able to provide a patching experience that doesn’t require any user interaction or effort by encapsulating all vendor patches into a proprietary installer that suppresses their dialogs.

“Updating software is a daunting task,” said Thomas Kristensen, Secunia’s chief security officer, via email. Most software vendors don’t provide proper automated and silent updating mechanisms for their programs, which causes many users to fail to keep up with security updates, he said.

Statistics recently gathered by Secunia from PSI users in the U.S. showed that 16 percent of the unpatched vulnerabilities detected on their computers were located in the operating system, 18 percent in Microsoft programs and 66 percent in software applications from other vendors.

Oracle’s Java, Apple QuickTime and Adobe Shockwave Player were found to be the most exposed programs based on their market share and unpatched rate.

Java, which is one of the most commonly targeted applications in exploit-based attacks, was installed on 83 percent of the scanned computers. However, 31 percent of them were running an outdated version.

In order to prevent the automatic update feature from causing problems for users who need an older and insecure version of a program for compatibility reasons, PSI 3.0 allows users to create ignore rules for particular applications.

In addition to automatic updates for all supported applications, the new PSI 3.0 comes with a significantly simplified user interface compared to version 2.0 and supports five languages — English, French, Spanish, German and Danish.