Secunia produces free software audit tool

Secunia has produced a free tool that can tell PC users whether they are running insecure versions of common software.


Secunia has produced a free tool that can tell PC users whether they are running insecure versions of common software.

The browser-based program - called SecuniaSoftware Inspector - scans a PC looking for a range of applications including browsers and their plug-ins, media players, instant messaging programs, email programs, and also checks that the Windows OS is up-to-date.

This list is then compared to a Secunia database of 4,000 applications to determine if the PC has application vulnerabilities. If it has, the user can click on the insecure application from a list of those found to find more information on which version should be loaded, and a follow a link to download an update.

A test scan conducted in “thorough” mode on a standard PC took 12 minutes to turn up 15 potentially insecure programs, six of which were versions rated as requiring updates. Interestingly, all the at-risk program versions detected were flash-based players from Adobe and Macromedia, with the exception of Adobe Acrobat Reader used for viewing PDF files. Browsers - another common security worry - were all up-to-date.

"The Secunia Software Inspector is the first application of its kind," said Secunia’s CEO, Niels Henrik Rasmussen. "The best parts about this tool is that it has a really user-friendly interface, it's a browser-based application so you don't need to download anything, it only takes a few seconds of your time," he said.

The usefulness of the program was that it could automate the discovery of out-of-date versions of popular applications in a way that saved a user having to visit multiple websites, he indicated. The software could not determine if an application was vulnerable to an issue for which there was not an update, or to unknown attacks.

Secunia Software Inspector needs the Java runtime environment to be installed, which might put off some admins in larger companies if that application is not part of the approved applications list. Java also has vulnerabilitites of its own from time to time.

Many will consider that a worthwhile sacrifice to run a quick audit on the growing number of popular but troublesome applications being downloaded by users, regardless of whether they are approved. An obvious blind spot that can afflict companies is only to patch authorised programs, ignoring the danger from software that finds its way on to PCs without permission.

Users who sign up for the referral program are given additional statistics gather by the software, including upgrade figures for particular products.

"Recommended For You"

Complacent Apple users make 'QuickTime more dangerous than IE' Third-party software bugs surge in 2010