I keep my OS and browser up to date and I run an anti-virusscanner. Since Patch Mania, I check plugins as Adobe and Quicktime as well. But how do I know in an userfriendly way if I got them all? What about all the other packages on my system? Since Windows patches by themselves are not enough anymore, I tried a free tool from Secunia.
Secunia Personal Software Inspector is an extension of the company's web based checker but is much more powerful. It's still in beta. Yesterday, I gave it a try. It's free for home users.
After installation, it wouldn't run. It gave me a dll error. Fault of the beta status? No, I was still at SP1. I skipped SP2 because it limited raw access to the network socket and some other reasons. Since I use live cd's like BackTrack anyway these day, I upgraded to SP2. But this also meant I needed to re-apply all patches since SP2. This was a major pain in the b*tt. So I decide to use autopatcher.
How many times did you have to leave your computer, after a format, to download the updates you had before it? How many times did you have to go do something else, leaving your friend's computer download the load of updates with their poor little dial-up modem? How many times have you wished for the updates to be portable from one computer to another and not require but a few mouse clicks to install?
The benefits are one download file, I can reuse for other PC's and one big upgrade operation limiting the number of reboots. It has also enhancement options to improve security and performance. For example, you can remove $IPC shares en remote registry access etc etc........ Give it a try. It made me life easier.
After the whole upgrade process, Secunia SPI worked like a charm. It uses Windows Online Update to check for the windows patches (under the hood) and checks all other packages against a Secunia database through a SSL connection. So you need access to the internet (Windows Update and the Secunia website) to run it. What was my score?
36 unsecure software out of 200 packages installed.
Oh my? I do upgrade most software but it also seemed to find and report previous installed versions. Probably leftover dll's who are still present but not used. So these 36 insecure packages need to be viewed with a grain of salt. If these old files can be misused/removed, is for another experimentation evening.
For some software packages, they provide a direct link to the related upgrade software (page) which is quite nice. This software is being licensed to other companies so this functionality might popup in other products.
Bonus: two anti-malware websites: StopBadware.org and Spyware Warrior
Wednesday
Free utility to scan for missing security patches
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment