Security vulnerability research firm Secunia has released a public beta of its Personal Software Inspector tool, a program designed to help Microsoft Windows users keep their heads above water with the torrent of security updates for third-party applications. The new beta version includes the promised auto-update feature that can automatically apply the latest patches for a growing number of widely-used programs.

Secunia first announced in March that it would soon make the auto-update feature available to consumers, noting that the average PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that  typically run on top of it.  The new beta version doesn’t allow auto-updating for all applications, although Secunia says the list of applications that can be auto-updated through its tool will grow as the public beta progresses.

Overall, PSI 2.0 Beta seems to work quite a bit faster and use fewer resources than earlier versions. But my main concern in allowing third-party programs to update through PSI has so far been — ironically — relinquishing control over the update process. That’s because many “free” applications — such as Java, Adobe and Foxit readers — are free because a number of users never bother to deselect the check mark in the box next to offers to install additional software that is often bundled with these products, including virus scanners and various browser toolbars.

I am happy to report that so far this has not been an issue. On my test installation of the PSI 2.0 beta, it allowed auto-updating for 10 installed applications, including Adobe AIR, Flash Player, Foxit, Firefox, Thunderbird, Opera, Pidgin, Skype, Java, and xChat. The PSI tool updated all of those apps without any unwanted add-ons or toolbars that I can see.

Stefan Frei, research analyst director at Secunia, said the company wants to hear from users who receive more than just the security update.

“We always try to provide updates without unnecessary add-ons, but this is exactly the kind of of feedback we are looking for during the beta,” Frei said in an e-mail to KrebsOnSecurity.com. “So far we haven’t received any support cases indicating that we don’t hit it right on, but it is something we [are] aware of and will address if we receive any reports from users who find that it could be optimized.”

If PSI can’t auto-update any programs, it includes a clickable “Install Solution” link in the tool that fetches the executable update directly from the vendor’s Web site.

For those who don’t want to install PSI, Secunia makes available on its site an online version of this tool — Online Software Inspector — although the OSI requires users to have Java installed (PSI does not require Java).

If you’ve used the new PSI Beta, please sound off in the comments with your experiences.

The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week.

The figures come from security research firm Secunia, which looked at data gathered from more than two million users of its free Personal Software Inspector tool. The PSI is designed to alert users about outdated and insecure software that may be running on their machines, and it is an excellent application that I have recommended on several occasions.

Stefan Frei, Secunia’s research analyst director, said the company found that about 50 percent of PSI users have more than 66 programs of installed.

“Those programs come from more than 22 vendors, so as a first order estimate the number of different vendors you have on your box is the number of different update mechanisms you have to master,” Frei said. “This is doomed to fail.”

Secunia chief security officer Thomas Kristensen said his company is just a few months away from releasing a free, new tool that will automate the installation of software updates for dozens of commonly-installed third party programs. Kristensen said the tool will allow users to exclude certain applications, in the event that they don’t want to automatically update specific programs.

Such an application, if done right, broadly adopted, and not resisted by third-party software vendors, could well reduce the number of Windows users whose machines get trashed by drive-by downloads, as all of these malicious or hacked sites try to silently install malware by targeting security holes in third-party software, such as Flash and Adobe Reader.

If I seem excited about the availability of a free meta-patching tool, it’s probably partly for selfish reasons. Such a tool would almost certainly spell relief for anyone who is unlucky enough to be the appointed tech support guy for their family and friends, since fewer vulnerable applications means fewer compromised PCs, and hopefully less frequent pitiful pleas for help.

A copy of the Secunia study is available here (.pdf)