Monday, October 27, 2008

Trying Secunia Vulnerability Scanning

One feature which most Unix systems possess, and that most Windows systems lack, is a native means to manage non-base applications. If I install packages through apt-get or a similar mechanism on Ubuntu, the package manager notifies me when an update is needed and it's easy for me to install them. Windows does not natively offer this function, so third party solutions must be installed.

I had heard about Secunia's vulnerability scanning offerings, but I had never tried them. I decided to try the online version (free for anyone) and then the personal version on a home laptop I hadn't booted recently.

You can see the results for the online scanner below. All that was needed was a JRE install to get these results.



The online scanner noticed I was running an older version of Firefox, and I needed to apply recent Microsoft patches. The fact that it checked Adobe Flash and Acrobat Reader was important, since those are popular exploit vectors.

Next I tried the personal version and got the results below.



This scan added more results, but only after I unchecked "Show only 'Easy-to-Patch' programs" on the Settings tab. I like that Secunia told me that my Intel wireless NIC driver needed patching. If I look for details I see this:



Clicking on the Download Solution icon took me to an Intel Web page, but at that point I needed to know what NIC driver I needed. That's why Secunia says "If you have the technical knowledge to handle more difficult programs, then we strongly recommend that you disable this setting" with respect to the "Show only 'Easy-to-Patch' programs" option.

I noticed Secunia doesn't check to see if WinSCP is patched, so I used the easy "Program missing? Suggest it here!" link to offer that idea to Secunia.

What do you use to keep the various applications installed on Windows up-to-date?

15 comments:

Brian said...

I have been using PSI for quite a while and have been impressed with its results. I've only recently noticed that there are some programs not being checked and I am still waiting on a response/update that includes it. It also does a pretty good job monitoring newly installed/updated programs. Generally speaking, I am very happy with it.

Steve Lodin said...

I, too, have been using Secunia PSI since its first beta as one of the tools in my arsenal. It sure beats the NIST Windows Gold Disk. I don't have it running all the time in the background though.

Anonymous said...

You may want to check out Appupdater, it is an interesting free option. While it's database isn't always current it offers the capability to build your own repository and populate it with custom signatures.

It's at: http://www.nabber.org/projects/appupdater/

PS- it has WinSCP ;)

Brian said...

@steve lodin: I agree that it's one of the best tools in the arsenal, but I am not sure how it compares to the Gold Disk. They are two unrelated tools - one providing STIG compliance while the other checks to ensure you have the latest version of a software.

Joe said...

PSI has been the most reliable tool I've used for keeping my Windows box up to date.

John Ward said...

I remember years ago CNet used to offer a free tool similar to this called Catchup. They discontinued it without notice a few years after starting it. It was great. I never bothered to look for a replacement. I'll give this a spin and see how it goes.

James said...
This comment has been removed by a blog administrator.
Anonymous said...

It's a good product and a fantastic idea.

Steve Lodin said...

@Brian

You're right, I mixed my apples and oranges.

Anonymous said...

I've been a long time user of PSI and, being the family geek, I install it on every computer I touch.

While it won't automatically patch programs, it at least offers a very quick glance at what needs updating.

This is a very, very cool program.

Anonymous said...

Secunia is not serios, the believe in criminal hackers mostly from arabien countries who deliver to Secunia false informations.. Thats only a marketing trick from Secunia to sale better there software.... They dont even check the informations from a crazy hacker site, named www.milworm.com based in Texas US..

111 said...
This comment has been removed by a blog administrator.
kiss said...
This comment has been removed by a blog administrator.
kiss said...
This comment has been removed by a blog administrator.
wow gold said...
This comment has been removed by a blog administrator.