28
Feb 12

PSI 3.0: Auto-Patching for Dummies

facebooktwittergoogle_plusredditpinterestlinkedinmail

A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don’t already have auto-updaters built-in. The new version is a welcome development for the sort of Internet users who occasionally still search their keyboards for the “any” key, but experienced PSI users will probably want to stick with the comparatively feature-rich current version.

PSI 3.0 Beta's simplified interface.

PSI 3.0 introduces one major new feature: Auto-updating by default. The program installs quickly and immediately begins scanning installed applications for missing security updates. When I ran the beta version, it found and automatically began downloading and installing fixes for about half of the apps that it detected were outdated. The program did find several insecure apps that it left alone, including iTunes, PHP and Skype; I suspect that this was based on user feedback. It may also just avoid auto-patching busy programs (all three of those applications were running on my test machine when I installed PSI 3.0); for these, PSI presents the “run manual update,” or “click to update,” option.

But users familiar with previous versions of PSI may be frustrated with the beta version’s intentional lack of options. The beta is devoid of all settings that are present in the current version of PSI, and the user dashboard that listed updated software alongside outdated programs and other options no longer exists. In fact, once a program is updated, it is removed from the update panel, leaving no record of what was updated (I had to sort my Program Files folder by date to learn which programs were touched after running PSI 3.0).

In a blog post accompanying this beta release, Secunia said it wanted to offer a new version that answered the question, “Would your grandparents, or mum or dad, be able to use it easily?” I’d have to agree that this version has a decent chance of succeeding on that front. But assuming that this beta will morph into a standard offering, I hope that Secunia continues to offer two versions of this useful free product: a speedier, more reliable version of the geek-friendly traditional PSI program, and the “light” version for all of our non-geek friends and family.

Tags: , , , ,

26 comments

  1. Agreed, Brain; the configurability of v2.0 would make it the obvious choice for virtually all technically-inclined users.

    As Secunia still make v1.5 available at their site (as of this writing), one might be reasonably optimistic that they’ll also keep v2.0 available as well.

  2. I think that PSI still only knows how to auto-update some applications, for the others it only offers a download link. Personally, I found the auto-update functionality problematic – it assumes default installation paths, all it does is running the installer in background with default settings. If you have an application installed under a non-default path it will create a huge mess. E.g. recently it “forgot” its settings and decided to update Firefox 3.6 on my machine. Now Firefox 3.6 is only installed for testing purposes – the main Firefox install was Firefox 9 at the time. So while attempting to update Firefox 3.6 PSI partially replaced Firefox 9 (which was running) with Firefox 3.6 thus breaking my Firefox 9 install while failing to update Firefox 3.6.

    In other words, Secunia PSI 3.0 doesn’t look like something I will install, the auto-update functionality will stay off by default here and only used for a few applications. But yes – it might be a viable option for “grandma”.

  3. I suspect this is part of the dumbing-down of the UI that is going around. Unity, touch screens, you name any recent invention in UI design and it’s aimed at someones granny. Or maybe the Jersey Shore/Survivor crowd, I can’t make up my mind. The AOL’ers have finally won. :-) (If your ‘Net experience is shorter than 20 years that sentence won’t make much sense. Sorry for any inconvenience.)

    • UI is always a balance between being usable for less experienced users and offering the features requested by the geek crowd (who also happen to be the early adopters). You probably won’t argue that less experienced users should be able to use PSI – after all, that’s the users who get the most benefit from it. But I hope that Secunia still comes up with some way to provide advanced functionality to geeks like the two of us. At least it would be a wise move – while advanced users aren’t as numerous, they are definitely the most active (=useful) part of the community.

    • It would be terrific if Secunia can offer a simplified user interface (dumbed down) IF it works AND a “detailed” interface for power users. For the improvements in 2.0, I still miss some of the granular detail in version 1.

      Hopefully Secunia digests feedback on this Beta and will offer both – PSI is wonderful – it’s as close as Microsoft PC users can get to the convenience of the Apple App Store “Update All” feature.

  4. Non-technical users outnumber the techies by what 100,000 to 1? Many are very savvy in their own fields, but find computers mystifying (I would find assembling wheel bearings in a car totally beyond me.)

    These people will choose default install locations and providing them with options will only result in the same kind of mess W. Palant mentioned in reverse.

    So long as both are available, it sounds like a great idea because keeping up with all the patches by yourself can be very time consuming.

  5. What about the man who doesn’t want Secunia indexing any of their info? I don’t think you can tell the software not to send info back to them. Is this correct?

  6. Excuse me Miss Secunia. I’m old, butbut I am not dumb. I like version 2 just fine.

  7. FileHippo.com’s Update Checker works better for me. It detected more programs, and was less of a hit on the system than Secunia.

    • I use both PSI 2.o and FH, but prefer notification of specific need to update something so I can manually undertake those as and when convenient for me, not the instant that the Windows OS or an individual app decides while the machines in my network are engaged in doing something else I consider of more immediate importance — the only exceptions are MSE and ZA Pro, which can freely auto-update themselves…

  8. I wonder why the new version (3) still pops as version 2. Maybe that’s part of the reason 2.0 is not available for download any longer.

  9. Right-click is your friend for advanced options. All the really cool stuff in my apps is on a right-click menu somewhere. Its unobtrusive, so it doesn’t generate newbie questions or get invoked accidentally. Its context sensitive, so you don’t have sort through a ton of unrelated options. And its easy to walk through in an email, so when a user needs it I can tell them how to find it.

    kz

  10. This is an absolutely critical piece of software that more consumers should run.

    CNET techtracker is now free and can also update people’s software.

    • I agree. If the choice is between having 10 computers run by geeks secure or 10,000 computers run by idiots secure I’ll take the 10,000. Running Secunia isn’t going to stop the botnets and hackers but if everyone ran it, it would at least make the bad guys work a little harder. Making granny’s computer even a little more secure is always a positive because it’s granny’s computer that is most likely the zombie.

      • > it’s granny’s computer that is most likely the zombie

        Sorry, but your wrong. As far as I can report from the abuse-desk most bots still run on Mr. Dumba$$ Wannabe-Pro’s pcs:

        “Hey, abuse-desk. My Antivirus didn’t find anything, but your instructions on how to secure my PC are way to complicated – I finally re-installed Windows from CD so I didn’t have to format the system.” */facepalm*

      • It would be nice to see an EMPIRICAL demographic study to see just whose computer(s) are most likely to be infected.

  11. CNET techtracker is now free and can also update people’s software.
    ———————————–
    I thought we were no longer trusting CNET due to ‘unannounced and undisclosed’ extras. LOL

  12. PSI has been wonderful for supporting family members remotely. Along with Soluto and Malwarebytes (paid version), I now don’t have to spend so many evenings trying to figure out what’s wrong with the parent’s computer, where do they go for updates, why is it so slow…..

    I do wish that PSI allowed for the optional autoupdating of new versions of installed apps. While some apps continue updates for earlier versions, many will support only the new version. Rather than EOLing the current version and pointing to the new version for manual config, it would be great to use the same mechanisms as auto-update to step up to the new version.

    As always, buyer beware but in situations such as with my parents, I (and they) will take our chances rather than be stuck at the outdated version.

  13. Points for Honesty

    Solved this problem years ago when I got my parents on Apple hardware.

  14. I installed the beta, ran it and it said everything was fine. The tray icon shows red instead of green. Ran it again, nothing needed updating, icon is still red.

  15. Hi,

    this Version is a big step back.
    – Cant configure shit
    – autoupdate is still very limited
    – manual update is broken (at least for VLC)

    For me it detected VLC als a security risk. No Autoupdate, just a download link from the secunia site.
    Bit the vlc installer.exe from there wasnt working, i had to download it again from the VLC site.

    I dont mind a clean up userinterface, but this looks like apple software, one button to rule them all ;)
    there should be some expert mode.

    And its true the tray icon stays red, but this is pretty much a bug ;)

  16. “but do you know how to check and is there any point checking when we already know NSA/KGB, etc etc have the globe encircled with satellites?”

    try lining your windows with tinfoil and check it after a few months. You’ll discover straight LINES and DOTS (tiny peep holes). This is with the tinfoil on the inside of the windows’ surface, in-house/apartment. What causes this?

    I believe most, if not all consumer computers and devices are, if not monitored, swept and mirrored by big bro using satellite technology.

    One anonymous poster to pastebin, claiming to be representitive of Mossad, fired a shot across the bow of Anonymous and other hackers by saying, paraphrased, “All of your hard drives are mirrored in (locations A,B,C as I forget which countries were mentioned) certain places on Earth anyway.

    I find this to be true, I’ve used Microsoft’s SysInternals programs to monitor processes and discovered my drives being swept, a chat program running I never installed and could find no trace of, files where they had the most interest were mp3 and graphics files, but they scraped the whole drive, and an iso creator/mirroring utility was running.

    You only make it easier for them if you willingly install video streaming programs (VLC) with command line counterparts, music programs with command line counterparts, Office programs, which I noticed PDF files were being made in the background, and all of this activity was happening when I was monitoring a computer isolated from any wired/wireless/LAN network(s).

    Google: Subversion Hack archive for a glimpse into this mysterious activity

    It’s all about the waves.

  17. “When I ran the beta version, it found and automatically began downloading and installing fixes for about half of the apps that it detected were outdated.”
    Are we then to assume that you are less than diligent with your apps – which is now the best defacto way of intruder entry.

  18. I hope your point was to teach us not to blindly download and install programs. It took 2 hours to restore my PC after installing this beta. It replaced firefox 10.2 with 3.6 as well as backleveling 7zip and a few other things. It also installed Opera and a few other programs I did not want.

    I get the message.


Read previous post:
Feds Request DNSChanger Deadline Extension

Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet...

Close