Computer security is more important than ever. Almost everyone has basic virus protection. But did you know that many of today’s hacker attacks and security threats take advantage of vulnerabilities in the programs you have on your computer? Recently I stumbled across a free program, Secunia Personal Software Inspector (PSI), that gives home users the ability to identify – and, in most cases – fix problems that let hackers into your computer so they can use your computer for their own (often illegal) purposes.
According to Secunia, 98 of 100 computers have 1 or more “insecure” programs installed. In fact, almost half have 11 or more. (The first scan on my older desktop system revealed 15 problems – and I thought I kept up with patches supplied by software companies!)
The program is almost too easy to use. Download it. Install it. It scans your computer. When the scan is finished – and it doesn’t take long – you’ll see something like the screenshot below. The programs listed [1] are those that have problems. The threat rating [2] that tells you how serious the problem is.
Move your mouse over the threat bar and you’ll see a brief explanation. Click on the threat graph and it will take you to a web page with more information.
The programs on this screen all have an easy fix. Click on the “Solution” button [3] and, in most cases, PSI will download and install a “patch” that fixes the threat. In some cases – programs that use ActiveX controls – PSI takes you to the software vendor’s website to fix the problem. To get more information, go to a PSI online forum [4] before you do anything.
You’ll notice that the Adobe Flash player and Sun Java JRE show up multiple times. I was puzzled by this at first. But, when you move your mouse over the name of the problem program, PSI tells you where the particular program is on your computer.
By checking the multiple listings of the same program, I discovered that the insecure program (Sun Java JRE in this example) was used by different software programs – and each had installed the Sun Java JRE in different places on my computer. Each separate installation had to be fixed.
Advanced View
If you stop here, you will have taken care of most of the serious issues with your computer. Run another scan to make sure everything is copasetic. If the second scan comes back clean, you’re done. Well, maybe you’re done. See the “Advanced” link at the top of the screen? Click on it to see what’s really going on inside your computer.
PSI will first try to discourage you from continuing; it will tell you that you are entering the world of the computer geek. But don’t fear. It’s not all that geeky and if all you do is look, there’s nothing you can do to hurt your computer.
After the advanced screen comes up, the first thing you’ll see is that there may be many more problems than the simple scan told you about.
Remember my first scan showed only 15 problems – now it’s up to 45. Ouch! (Since, according to Secunia, the average user has 30-60 programs installed, this probably says more about my propensity to try everything at least once – and to not uninstall anything…)
The new programs are listed in two groups: insecure programs and end-of-life programs.
Insecure programs are those where the software vendor has acknowledged the threat and has created a security update to protect your computer. You should let PSI fix these programs for you. If you don’t, you may want to uninstall the program so hackers can’t take advantage of the problems.
End-of-life programs are ones the vendor no longer supports. That is, the company that created the program is not going to fix it because they’ve moved on to bigger and better things – usually “upgrades” you get to pay for. Secunia recommends that you buy the upgrade or uninstall all these programs – there is no way to fix them.
The third set, the “Patched” list, lists programs for which there are no known security updates available. Secunia says these programs do “not require further attention from you.”
But, if you look at them (by clicking on the “Patched” tab at the top of the screen), you’ll see that some of these programs do pose a potential threat.
So, why is that they don’t “require further attention”? Click on the ‘+’ to the left of the program name.
Bottom line? Yes, there could be a security threat. But the company that created the program has not yet created a patch to fix the threat. Click on “Online References” and you’ll be able to open a web page with details on the threat. If you want to see what others are saying about this particular program, click on “Community Forum.” To remove the program, click on that link and the Windows control panel opens so you can do that. Presumably “Ignore Program” means it won’t come up in future scans by PSI.
You’ll see a similar screen when you click on the ‘+’ in the “End-of-Life” screen and the “Insecure” screen. In the programs listed in the “Insecure” list, however, the “Download Solution” is not grayed out. Click on it and PSI downloads the patch for you or takes you to the vendor’s website so you can do it. Install the patch and, presumably, you’re secure – at least until the hackers find another hole in the program.
The real quandary you’ll face is what to do with those “End-of-Life” programs – especially if you still use them frequently. I’m just not sure that I want, for example, to pay $150+ to upgrade my Adobe Acrobat Professional 6. The additional features and “benefits” of the latest version aren’t important to me. I guess it comes down to deciding how much I worry about the security problems of the older version – knowing that Adobe isn’t going to do anything about them – versus how much I use the program.
Privacy concerns
Secunia is upfront that they collect information about your computer and send it to their servers. This information includes “unique text strings and data about executable files and installed applications on your system, including hostname and langroup, and Microsoft KB numbers.” They say the data “is generic, standardized [sic], and originates from installed programs on your computer.” Short of installing a packet sniffer, I don’t know if that’s true or not. But it’s not at the top of my list of things to worry about.
They also say “[a]ll data will be deleted automatically no later than 12 months after you terminate using the program or immediately after you cancel your registration.” This last statement suggests that maybe it’s a good idea to register before you run your first scan. That’s not as easy as it may first appear because as soon as you start PSI it starts scanning. So, here’s what you have to do.
- As soon as the program starts running after installation, click on “Stop Scan”
- Click on the “Secunia Profile” tab and fill out the information. Be sure to check “Personal” and then click on “Save Profile.”
- Shut down Secunia by clicking on the red X in the top right corner or by hitting alt-F4. (You have to close PSI and restart it for the profile to ‘take.’) However, that didn’t really stop PSI. It is still running. Find it in the task bar at the bottom of your screen, over with the icons where the date and time probably are. It will be on the bottom right of your screen unless you’ve moved things around. Find the icon for PSI (it is 3 red wavy lines), right click and click on ‘Exit’. You’ll get a message telling you that PSI will no longer be able to check your computer. Go ahead and click on “Yes.”
- Check your email. You’ll see an email with the subject “Secunia Profile Verification.” Click on the link.
- Start PSI again. When you click on the “Secunia Profile” tab again, you should see your username, etc filled in. You’ll notice the screen now reads “Update Secunia Profile.” At the bottom of your profile information there is now a link that says “Cancel registration and delete Secunia Profile.” According to their privacy statement, if you click that, any information sent to their servers will be ‘immediately’ deleted.
- Click on the “Secure Your PC” tab and then on “Start Scan.”
Finally, there is also an online version – but it only checks 70 programs according to Secunia’s website.)
Sphere: Related ContentRelated articles from WalterBristow.com:
Loading ...
