June 29, 2012

Vulnerability management firm Secunia has shipped a new version of its auto-patching tool — Personal Software Inspector 3.0 – a program for Windows users that can drastically simplify the process of keeping up-to-date with security patches for third-party software applications.

The final release of PSI 3.0 supports programs from more than 3,000 software vendors, and includes some key changes that address shortcomings identified in the beta version that I highlighted back in February.

The 3.0 version of PSI still keeps auto-patching on by default at installation, although users can uncheck this box and choose to manually install all available updates for third-party programs. Unlike the beta version — which was radically devoid of tweakable options and settings — the version released this week provides a more configurable interface that should be more appealing to longtime users of this tool.

Users also can review the history of installed updates, and select which hard drives should be scanned, options absent from the beta release. PSI 3.0 also lets users create rules that tell the software to ignore updates for particular programs.

Overall, the new PSI strikes a fair balance between configurability and ease-of-use, and is a notable improvement over the beta version. However, I had trouble with the program after installing it on my test machine — a Windows 7 64-bit machine with 8 GB of memory. The program seemed to get stuck on scanning for updates, and for an excruciating eight minutes or so the software sucked up most of my machine’s available memory and processing power. The only way I could get my system back to normal was to reboot the system.

I thought I’d give it a second try, but I could not replicate the problem after removing and reinstalling PSI 3.0. Neither could Secunia, apparently, even after I shared with them the program’s event logs.

“From the log file it seems that the application stopped for about 8 minutes and then continued scanning, but we have not been able to reproduce this behaviour at our end,” wrote Morten R. Stengaard, director of product management and quality assurance at Secunia.  “And despite +100,000 users trying the product during the beta, we have not had this type of issue reported before, so we are struggling a bit here. But perhaps we will see more users with the same issue now that we have launched the final product, and have more users signing up.”

Secunia also released some updated stats on the most commonly outdated pieces of software for Windows, based on a random sample of PSI scans from May 2012. According to Secunia, the top three most exposed programs by risk exposure (calculated by percent of market share x the average percentage of unpatched users) are:

Java JRE 1.6/6.x (31% unpatched)(83% market share)(51 CVE)
Apple QuickTime 7.x (35% unpatched) (60% market share)(46 CVE)
Adobe Shockwave Player 11.x (67% unpatched) (31% market share) (50 CVE

The latest version is available here. I’d be interested in hearing from other readers who have installed this updated version of PSI. How did it go? What were your overall impressions? Please sound off in the comments.


54 thoughts on “Secunia’s Auto-patching Tool Gets Makeover

  1. Foreign Reader

    I have just used (after reading your post) PSI 3.0 in a Core i7 with Windows 7 64-bit machine and 8 GB of memory laptop

    Scan completed in 2 minutes 45 seconds aprox
    CPU use 25-30%
    RAM memory use: 2,9 – 3 GB out of a total of 8 GB

    All perfect. Where is the problem? XD

    Very interesting and useful all your posts.

    Regards from Spain/E.U.

    PS: I must say that my computer had been 100% securized with PSI 2.0 some days before using this 3.0 version today.

  2. Mike

    I tried it – I simply cannot get past the icon-based view with little to no information. If there were an option for a listing, like 2.0 had, I could live with the other changes. I never liked the separate dashboard and scan pages, so having one screen is nicer. I just need more information – and a tabular listing is easier to interpret than a bunch of large icons.

    I went back to 2.0, and won’t be updating any of my machines to 3.0, at least until there is a list available.

  3. Foreign Reader

    Mike, put the arrow of the mouse over the icon of each program, then secondary button and click in show details. You will see the specification/versions of each program although it´s true that there is not a detailed list.

  4. Bob

    I prefer the little Update Checker program from File Hippo. It gives me control and is simple to use. I think Secunia has fallen victim to the common misconception of application providers that theirs is the most important program on your computer.

    Regards,

    1. JCitizen

      I like FH update checker too; but it doesn’t tell me when my stuff is – end of life, insecure despite no update available, or Microsoft “forgot” to give me all my updates.

      Secunia PSI does all that and more.

  5. Gary Pritts

    Have used PSI Version 2.0 for perhaps a year. Upgrade was smooth and no problems running.

    After clicking on the “History” button which showed only 5 program updates from 2012; I know there have been many more. Possibly the history is incomplete as a result of the upgrade.

    Not terribly excited about the new user interface and lack of options — but, I can’t remember any feature from Version 2.0 that is missing that I really need.

    Have been very pleased with Version 2.0 and look forward to a good experience with this one.

  6. John

    Hi Brian,

    I downloaded 3.0 with no problems onto a Windows XP Home Dell laptop. The initial scan took 8 minutes, and slowed everything down.

    Other than that, the only problem I had was Secunia could not update Google Chrome.

    I have a Toshiba laptop with Windows 7, 64-bit — but I haven’t downloaded Secunia 3 to that yet.

    I like the panel of Secunia 2 better, but I suppose I’ll get used to this.

    Thanks for all your great articles!

  7. Wladimir Palant

    I’ve installed the update on Windows 7 x64 and the first scan went without issues. They are trying really hard to please less experienced users which means in particular far less information or options but I don’t really have a problem with that – I don’t care about the UI as long as it notifies me about updates. My main concern was the inability to disable auto-updates (these cause horrible issues if applications aren’t installed in the default directory) but this option has been added in the final release. So the only issue is their user interface starting up horribly slow, too bad that they have to download the interface from a US-based web server each time (and I keep wondering what this server can do to my system if it turns malicious).

  8. Mike

    That is true – if I cannot disable auto-updating I can’t use the software. It screws up too much and tries to auto-update even things that have built in auto-updating.

    How hard would it be to give the more knowledgeable users some options? A detail listing and some settings like in 2.0 would be nice.

    IMHO the PSI should be a tool to tell us what needs to be updated, with an OPTION to update it if needed. I don’t think it should be mandatory.

  9. paul martin

    flawless install [auto removed older version]
    both pcs took about 15 sec to scan [16 GB, 12 GB]
    i love this tool but sometimes your email alerts notify me about an update [ie java etc.] before Securnia knows about it.

    thanks

  10. Greg

    Brian,

    Thanks for turning me onto this software. Checking my Windows system now.

    I run Parallels Mac/Windows XP. Is there a similar system for Mac OSX?

    -Greg

  11. Brian Fiori (AKA The Dean)

    What timing. I just noticed the new 3.0 version on the Secunia website earlier this morning and was wondering if there had been an improvements in the program. I have used past versions with mixed results.

    I use the Secunia website checker all the time with clients machines, just for a quick look at how they have been keeping up on their updates. But I always liked the idea of the PSI for my computer. If only it didn’t have so many little quirks. I will probably test the 3.0 version vs the FileHippo tool.

  12. Sid

    It scanned well & is a definite improvement from Beta stage. I think I can also like the new interface – its quite nice! For a change, it also detected all my programs.

  13. JimV

    Installed v3 on my Win7 Pro x64 laptop without any problems — the automatic uninstall of v2, new installation (it recognized my previous preference and left the option for automatic updates unchecked), and its initial scan were all done within 3-4 minutes from the launch of the installation executable.

    However, I absolutely detest the UI and wish I had looked at the Secunia forum messages first — this thread in particular:

    http://secunia.com/community/forum/thread/show/12848/psi_3_0_huge_disappointment

    Mirrored my initial impressions exactly. So, I’ve since uninstalled v3 from this one computer and reinstalled the latest v2 it was previously running. I plan to stick with the latter and won’t be installing v3 on any of my other computers.

  14. John

    Rapid and trouble free installation. Thanks for the alert Brian!

  15. Bill

    I can’t stand it. Okay, it works, but like I said in the Secunia forum post on this disappointment, ” Make something idiot proof, fine. But don’t treat me like one.” (see “Huge Disappointment” – http://secunia.com/community/forum/thread/show/12848)

    @Brian – you said, “the version released this week provides a more configurable interface that should be more appealing to longtime users of this tool.”

    Where are those options? I’m looking for the old Advanced or “Expert Mode” menus us “longtime users” like to see.

  16. meh

    Does this tool simply run the appropriate patching processes in your name or can you set it to auto update through domain admins?

    I think half the problem with patching is regular users don’t have the rights to do it and admins are too lazy/busy to do it themselves every time.

  17. Barbara Barkow

    Well – I just download the new Secunia and it doesn’t even open for me.

  18. chesscanoe

    I’ve been a long time user of PSI2 on Win7 x64 Pro. I tried to uninstall PSI2 via control panel, but it would not complete, so I deleted it from control panel program listing when given that choice. After restart I tried to install PSI3 but got “Error opening files for writing: c:\program files(x86)\Secunia\psi\sua.exe”. I tries Ignore but got the next file name with same error. I aborted, downloaded again, and had the same sequence. I deleted the Secunia folder and installed again with admin rights. It had an undefined burp but did work and all seems well. A program scan is faster than PSI2, but it still only shows 97 programs installed.

  19. Ben

    Just installed this on my Win7 x64 desktop with no issues. It scanned very quickly (I have an SSD) and found about 11 apps that were out of date.

    I’ve never used version 2, but version 3 worked fine for me. The software it found was Java, Flash, Air, Quicktime, and some other apps. They all updated without issue.

  20. Writeman47

    When I first tried to install it on my WinXP SP3 desktop, it said it wasn’t compatible with my 32-bit OS. I downloaded again, and this time it installed, but I had problems similar to yours (couldn’t tell if it had quit or not for a long time). Finally, it came back and told me I had to manually install an update for Java. At this point, I used system restore to revert to PSI 2.0 and I’m a happy camper again.

  21. gtodon

    I’ve been using PSI 2.0 but didn’t get an alert for 3.0. So I went to the Secunia website to download it. When I try to run it, I get this: “Error opening file for writing: C:\Program Files\Secunia\PSI\sua.exe. Click abort,” etc. This is on a Dell desktop running XP.

  22. Charles

    Install of PSI v3 on a Win 7 64bit machine occurred without a problem but uninstalling PSI v2 was painful. I decided to uninstall PSI v2 before installing v3 but the uninstaller stopped responding almost immediately. I had to use Task Manager to kill the task and then restart the machine. In the process of restarting Win 7 reported completing an update. Following restart I was able sucessfully uninstall PSI v2. Uninstall of v2 and install of PSI v3 on a Win XP 32bit machine was clean and easy. I have one more Win 7 machine to go.

  23. Robert Goth

    Installed 3.0 and chose Scan. Locked up Windows XP Pro 32 bit. Took forever to end program so I could reboot. Did manual reboot and tried again. Same problem. Uninstalled 3.0 thinking file was corrupted. Downloaded 2.0 and 3.0 exe files and haven’t gone any further until I get done checking some of my regular sites.

  24. Dirgster

    I’m running Windows 7, 64-bit and had been running Secunia v.2. I went to the given download site for Secunia v.3, downloaded the new version by following the wizard, which first uninstalled the old version and then installed the new one. The process was quick and smooth. I checked the “update automatically” option but will still manually do updates immediately after Brian recommends them. Thanks for keeping us safe, Brian!

  25. anonymous

    I didn’t try it and don’t need it since I don’t run microsoft on my computers.

  26. Surfer100fl

    I gave up on Secunia years ago because of freezing and time to scan issues.

    Have been using File Hippo. Just ran a scan on Windows Vista, 32 bit. Took 14 seconds!

    You control the downloads. Very, very simple. Have you tried it?

    P.S. Thanks for your wonderful work.

    1. JCitizen

      On Vista x64, I just let it scan on its own schedule. It would always pop up on the limited account to let me know how the scan went. I noticed no performance hit. I’m downloading v. 3 now!

  27. squirrel eating scrotum balls

    is the tool open source? if not, fsck it.

  28. Nic

    Downloaded the PSI 3 installer. It uninstalled PSI 3 beta then installed itself with no problems. The scan took about 10 seconds. (Desktop running Win7 64 bit, 16 GB RAM, 120 GB SSD)

    PSI does seem to have a problem with Firefox. PSI is convinced I have version 12 installed. Firefox is convinced that I have 13.0.1 installed. I will see what happens after the next FF update.

    1. Nic

      Update on Firefox.

      Turns out the at some point the FF13.0.1 update installed to a different folder instead of upgrading the existing install and PSI was flagging the old install.

      1. Wladimir Palant

        That was probably PSI “auto-updating” your Firefox install – Firefox itself always updates in-place but PSI installs updates to the default directory.

Comments are closed.