Tip: Scan Windows Applications for Security Bugs
James Delahunty
1 Jul 2012 8:17
How do you keep your (or a family member's) Windows PC/Laptop secure? Most of the time, the first answer to that question is to ensure that all security updates have been installed. Windows downloads updates automatically in the background for the operating system, but many users neglect ensuring that third-party software is updated, which can present a big risk to security and privacy.
There are many ways to check if third-party software is updated and safe. One such solution is an application called Secunia PSI (Personal Software Inspector). If you have used this application before, then you know how useful it can be. If not, you should try it on your system or a system you are cleaning/repairing.
Why update third party apps?
Third party applications (media players, word processing/office software, web browsers & plug-ins, etc.) are often found to be vulnerable to attack. Web browsers and their third-party plug-ins are well known as a source of malware infection in Windows. Sometimes, just visiting a specially crafted webpage can trigger an exploit that could lead to a PC's security being completely compromised. Sometimes these vulnerabilities can make news on tech sites like AfterDawn, but many (most...) will be under the radar and might pose a threat to your system's security.
Therefore, it is recommended that you keep your third-party applications up to date, and be aware of security issues that affect your installed software to the best of your ability.
Secunia PSI v2.0
Secunia PSI v2.0 (pictured) is a useful tool that can help you keep software up to date. It will probe third-party software on your system to check for version information, and then compare that information to an online database. The database contains information on vulnerabilities that affect versions of specific software, and on patches (if any) that have been distributed by the vendor.
It will also alert you if software you have installed has reached its
"End-of-Life" phase. This could mean that the software itself is no longer developed and/or supported altogether, or that a major version change has occurred (such as a program chaning from v2.xx to v3.xx) where no more support will be provided for older versions.
Secunia PSI will also examine your operating system to check if all the latest major updates have been installed. It has the ability (if you allow it) to update many tools/plugins automatically in the background, and to monitor program changes as you install/uninstall software on your system.
NOTE: While Secunia PSI 3.0 has been released, this mini-guide is based on
Secunia PSI v2.0. There are many reasons for this decision, but the main reason is that v3.0 seems to lose some of the better abilities / features of v2.0. I know it is ironic that this piece is written about keeping software up-to-date by using an out-of-date version of an application, but Secunia PSI v2.0 is secure for use. I would suggest that you try v2.0 first as I direct here, and you can check out v3.0 later on and see if you want to keep the update. Major changed may have occurred in Secunia v3.0+ since this was written also.
Install and Run
Download Secunia PSI v2.0 from AfterDawn: Secunia PSI v2.0.0.4003
Download Secunia PSI v2.0.0.4003 from the link above. During the installation you will be asked whether you want to install updates automatically.
When the setup is complete, you will be able to run the application right away. As soon as it runs, it may take some time to loan up properly, and it will carry out a scan of third party applications on the system right away. You should see the scan results immediately, but if not, you can click on
"Scan Results" in the left pane.
Secunia PSI - Scan Results
Secunia PSI will list all the applications that it found and which it supports. The vast majority of all will show a
Program State of
"patched". This does not mean that these apps are definitely up to date though; instead it means that there has been no update with security fixes since that version. Secunia PSI is not a tool to track the all updates of application, it is only intended to track updates with security fixes and to flag those on your system which are vulnerable.
In the list of results shown above, you will also notice that Secunia PSI says
Windows 7 is insecure. This is because I intentionally neglected to install this month's patches from
Microsoft. Some results, such as
Java,
Flash and even Microsoft Updates may be automatically updated by Secunia PSI (if you agreed to that in the Setup), but most third-party updates will need your intervention.
Secunia PSI will show more detailed information if you double-click on any of the results. In the image above,
Secunia PSI flags the installed version of the
Daemon Tools software, and then tells me the latest update from the vendor that included at least one security fix. Remember, this does not mean that the update Secunia PSI recommends is the latest for any given software, it's just the latest one with security fixes.
Clicking
"Install solution" will direct you to a download of the latest version with security fixes, but you might want to manually go to the vendors website and search out the absolute latest download, which itself will be secure too.
Sometimes Secunia PSI offers no solution at all for a problem. This simply means that the vendor has not addressed the problem yet, and so you should be extra careful when using that application.
The image above shows another important thing to remember about Secunia PSI. If there are multiple instances of the same software on your system, then Secunia PSI will list them all, even if they are the exact same program version.
In the example picture, Secunia PSI flags VLC media player 0.x as being at the
"End-of-Life" state. I have already installed the latest VLC Media Player some time ago, so why is this listed? Well, pay attention to the path to the VLC executable file.
What Secunia PSI has found is a version of VLC that was bundled with the
Gmote Server application, which is a tool that lets you use your Android phone to launch movies, music or to control the Desktop of a Windows PC. So while I have the latest version of VLC installed, Secunia PSI still found this portable version used with another application and flagged it as
End-of-Life.
The program will detect a lot of portable applications in this way. You can even use it, as I do, to scan a USB key which includes numerous portable apps (portable Firefox or security tools, etc), since it examines individual executable and DLL files.
Secunia PSI - Secure Browsing
Another good feature in Secunia PSI 2.0 is
"Secure Browsing." Before I explain what it is, first you have to enable it. In the left pane of Secunia PSI, click
Configuration, and then click
Settings. In Settings, you will see an option to
"Enable Secure Browsing Page," and several other options you might be interested in. When you check the box beside this option,
"Secure Browsing" will appear under scan results in the left pane.
Click it.
Now, Secunia PSI does not offer a secure browser, and it does not protect your browser in any way. However, if you have multiple browsers installed, this feature can be useful. It will check your installed browsers, and their plug-ins, to see if they are secure or not. Why put this extra feature in here instead of just adding this to the main results?
The problem is that vulnerabilities in web browsers aren't always fixed immediately. While this is true for most other software too, web browsers are far more vulnerable because their entire purpose is to retrieve information from the Internet. For this reason, holes in web browsers and browser plug-ins are responsible for a huge share of all malware infections and similar nasty consequences on Windows PCs, particularly Windows XP.
The Secure Browsing page in Secunia PSI is there to tell you if your browser is secure or not, and more specifically what part of it is not secure. If you look at the example pic above (click to enlarge if you need to), you will notice that my Chrome and Internet Explorer 9 browsers are vulnerable to attack due to
Adobe Flash and
Java, but at this time there is
"no vendor solution."
The idea is that if one browser is insecure, use another one until the vendor has patched the problem. In this case, both browsers on my system are insecure but at least I know what is insecure. I can disable both Java and Flash if I want to feel more secure in the browser settings. Again, the reason web browsers are singled out is because they are also singled out by cybercriminals and malware authors.
Vulnerabilities that affect media players may require you to open a crafted media file, and vulnerabilities that affect Office software might exploit a flaw in how a document is rendered by the application. In both cases, you need to actually receive the malicious file and open it yourself. With web browsers, it is often the case that you only need to click a malicious link, so the attack vector is far more attractive to criminals, and they do put a considerable amount of resources into finding bugs to exploit.
Conclusion
Secunia PSI is not perfect. Sometimes it might give an inaccurate result, and as I mentioned, it does not link you always to the absolute latest version of software. Still, it is good to know if something on your system is vulnerable, so that you can take whatever action you wish to take later. The newer version of Secunia PSI, v3.0, is more simplistic in appearance but seems to offer much less detail and usability as v2.0, which continues to work just fine.
You might also like
Security: Run potentially dangerous software safely in a Sandbox
Encryption: Create hidden encrypted volume within a file using TrueCrypt
Remote: Remote Assistance with TeamViewer (Remote Desktop, File Transfers, Video/Text/Audio Chat etc.)
Security / Performance: Analyze all Autorun / Auto-start programs in Windows
Malware / Security: How to remove a TDSS (Alureon, TDL) rootkit
Malware / Security: How to remove a Bootkit
Windows: Unlock files in Windows
Censorship: How to reach seized or blocked websites