World-renowned vulnerability intelligence company Secunia announced that version 2.0 of its Personal Software Inspector (PSI) product would provide a unified patching solution. The new technology will allow home users to automatically install security updates for a broad array of applications.
The Secunia Personal Software Inspector (PSI) is a computer program, which alerts users if the various applications installed on their systems are outdated and vulnerable. In addition to determining which installations are insecure, the software provides download links for any available security updates.
A high percentage of today's malware is delivered over the Web in the form of drive-by-downloads by exploiting vulnerabilities in popular software. Widespread programs, such as Adobe Flash Player, Adobe Reader, Java Runtime, Mozilla Firefox or Internet Explorer, are common targets of such Web-based exploit toolkits.
Software developers are strongly criticized by the security community for the constant stream of critical bugs discovered in their products or their inability to address them in a timely manner. Many security experts also blame end users for constantly failing to update vulnerable software on their computers, thus making it worthwhile for cyber-criminals to launch such attacks.
However, Secunia argues that it’s very difficult for users to keep up with the number of patches that need to be deployed. Using data gathered from over two million PSI users during 2009, the Danish security vendor concluded that “an average of 75 patches from 22 different vendors need to be installed, requiring the user to engage in a patch action every 4.8 days.”
At last year's RSA security conference, the company launched an initiative to create a unified method for deploying patches automatically, through collaboration with multiple vendors. Eventually, because only a few industry players displayed an interest for such an idea, Secunia took it upon itself to come up with a working solution.
The company has been testing the new technology since January via its Corporate Software Inspector (CSI) product, PSI's older brother, which now integrates with Microsoft's Windows Server Update Services (WSUS). The solution will be offered for free to home users as part of PSI 2.0, a beta version being scheduled to land next month or at the beginning of May.
"We will push it to more than 2 million users of our free solution for consumers. This will facilitate awareness on security updates for the consumer [...] we can bring simplicity to this. This needs to be dealt with," Niels Henrik Rasmussen, Secunia's CEO, commented for Dark Reading.