One of the more frustrating items for me when I review my server logs is seeing the number of older operating systems and browsers. As bad as that is, I know there is another problem with people not monitoring security vulnerabilities with their other programs. Most people don't have the time or inclination to stay current. To help address this problem, we're providing a button to Secunia Software Inspector.

By now, most Windows users are familiar with "patch Tuesday". We've been trained to get the latest security updates. We may even set Windows to automatic updates. But what about software products that aren't included in these monthly patches? How do you determine if security vulnerabilities exist in any of these applications?

Regular readers of this site and newsletter have seen me reference Secunia. They are one of the resources I search to see if security issues exist with my programs. Their latest free project taps into those databases and provides a browser based inspector for finding issues. The goal is to let you know if your programs are insecure so you can take the appropriate action.

How the Software Inspector Works

The service is accessible through most new browsers. The nice thing is it isn't dependent on any plug-ins or ActiveX technology. Instead, the tool relies on a Java applet. Once at the site, you have the option of running in what I call simple mode or thorough mode. Simple mode checks for programs in their default directories. If you're inclined to customize your installations, you should use the thorough system inspection. The thorough inspection does take much longer

The software inspector scans your system and notes the program's version number. It then checks if it has any entries in its Secunia File Signatures database concerning the application. Since Secunia's database covers third party programs, it is a nice complement to the Windows Security Center. Keep in mind that the service alerts you to problems based on what has been reported. It does not correct these vulnerabilities, nor can it tell you of problems that haven't been reported. You might think of this service as getting an independent recall notice about your car.

What the Inspector Searches

Although Secunia has an extensive database of vulnerabilities, this service detects about 60 programs from popular categories. Some examples include:

Internet browsers and plug-ins (IE, Firefox, Opera)
IM clients (AOL instant messenger, Yahoo! Messenger, MSN Messenger)
Email clients (Eudora, Mozilla Thunderbird, Outlook Express)
Media players (RealPlayer, iTunes, Macromedia Flash, Apple QuickTime, Windows Media Player)
Operating Systems (Windows 2000, XP Home, XP Pro, Windows Mobile 2003)
Misc (ZoneAlarm, Skype for Windows, Sun Java, Adobe reader)

As for setup, it couldn’t be easier. At the maximum, we’re talking two clicks and that’s if you’re doing a thorough scan which requires an extra checkbox. (See label 1). Some people may need to get the free Java run-time, but I suspect most users already have it installed.

What the Scan Identifies

After the scan finishes, you'll see a color coded listing of the programs it found. The red entries signal there is a problem. In many cases, there is a newer version of the program that fixes the known security issue. Items listed in green indicate there are no known issues regarding that program. Beside each program name, is a + sign which provides more details when clicked.

In the picture below, the Software Inspector identified that I’m behind on my Windows Updates. I held off the latest Windows updates to see if the Inspector would catch these items. As a bonus, I found out I’m susceptible to an issue with Adobe Reader 7 and should upgrade. You’ll notice that each item has additional details and often links to retrieve files. Another annoyance the Inspector found was I had multiple versions of the Adobe/Macromedia flash player.

There were a couple of glitches I encountered, but nothing that would deter me from using the service. I noted that the scan would stop on thorough scans if I did too much other activity in my browser. I was testing primarily with Firefox 2.0. On several occasions I would open a new tab and work on something else. Later, I would switch tabs to see how the scan was progressing. The timer had stopped although the animated logo was still moving. In addition, the elapsed time for my thorough scan was considerably more than several minutes. My suggestion is if you need to run a thorough scan, do it when you don’t need to use the browser for anything else.

We’re impressed with the service and think you can benefit too. Even though we stay current on our Windows updates, we’re not as good when it comes to other vendors. To make sure we stay up to date, Secunia does offer an email reminder service. The company will send an email if a new version is released that impacts any of your programs.

You can access the service by using the link below.

Additional Secunia Inspector Information

Cost: Free
Requirements: Windows 98, Windows 2000, Win XP, IE 6+ Firefox 1.5, Opera 9 Java Run time Environment 1.5.0_06
URL: http://secunia.com/software_inspector/
Rating★★★★☆ 0.3