July 24th, 2007
Free utility looks for missing security patches
Secunia has shipped a downloadable version of a free utility that scans Windows machines to find missing software patches.
The tool, an enhancement to the Secunia Software inspector (a Web-based scanner I’ve covered before), can be used to inspect and monitor more than 4,200 different PC applications to flag dangerous vulnerabilities.
This is the perfect tool to help figure out whether you are running a vulnerable version of programs like Adobe Flash, Photoshop, QuickTime, Trillian, AIM or Yahoo Messenger. These applications are running on millions of Windows machines but, as previously reported, PC users struggle to keep up with patches for holes that could open doors to malicious hackers.
[SEE: Secunia: 28% of all installed apps are insecure ]
The tool works by examining files on your computer (primarily .exe, .dll, and .ocx files) for meta information on specific software builds installed. After examining all the files on the machine, the collected data is sent to Secunia’s servers and matched against the Secunia File Signatures engine determine the exact applications installed on your system.
It can be used to flag insecure/end-of-life software and find direct download links to missing security updates.
Secunia said it has already licensed this technology to some anti-virus vendors so this is a feature that will likely be bundled into Internet security suites.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
