Updated: April 3, 2010
In Linux, users receive all-including updates, patches and bug fixes from a single centralized utility called the package manager, which covers both the kernel, user applications, fonts, themes, and just about any piece of code that composes their operating system. In Windows, things are a little more difficult.
Your Windows box consists of Microsoft programs and a whole bunch of third-party applications that Microsoft does not officially support. This means that Windows update provides you with fixes for a limited set of installed programs, leaving you the dirty task of manually patching the rest if and when needed. What makes the issue even trickier is that the user has to keep track of all the changes.
With dozens and maybe hundreds of programs installed, manual administration becomes difficult. Security wise, this is not the most efficient way of keeping track after vulnerabilities and patching your machine. Some programs help the user, like most modern browsers, which have the self-update functionality, but the majority of programs still require that you physically visit the website, download the update, install it, and then resume working.
Secunia (not to be confused with Scania, a truck manufacturer), one of the leading security service providers, has decided to help you a bit: provide you with an all-inclusive tracking and auditing tool that lets you scan your machine, Microsoft AND all other third party programs, for security-related issues. This nifty little tool is called the Personal Software Inspector (PSI).
PSI in action
PSI will not make your Windows more secure or alleviate the task of patching, but it will provide you with a situation awareness of what goes on in your installed system. This means hinting at possible troubles with all kinds of programs, including those you would never think of. By giving you a clear picture of your security baseline, PSI goads you into maintaining and keeping your machine health up to date.
Once the first scan is done, you can start exploring the program. This also includes activating the Advanced interface, which will you offer you an in-depth analysis of individual components.
In the Advanced mode:
You can now start exploring the sub-menus, review the software by different categories, including Insecure, End-Of-Life (EOL), Patched, and others. You can also change your program settings and register to the Secunia forums.
There's a difference between the Simple and Advanced modes. In the Simple mode, my score was 100%, but it was reduced to 95% when I switched to geek mode. Secunia flagged one of my programs as EOL, namely an older version of Google Chrome.
The interface allows you to review all security advisories for the listed programs, as well as points to download links, so you can grab the newest version and patch any holes in your defense.
Under Patched, you can examine your installed programs, as well as the history of previous vulnerabilities discovered, if any. A fancy and useful way of keeping track after your software installations.
You can configure PSI to run on boot, so it is always active. If you close the program, it will continue running, hidden in the system tray.
I did find a few issues with the software. For example, it uses geo-location to compare your score to other users in your city/country. If you're keen on privacy, you may not like this too much.
Then, PSI complained about not being able to display graphs, because Flash Player for Internet Explorer was missing. Why the fixation on Internet Explorer? And then Flash? The merry couple that accounts for 90% of Windows security nonsense. A security company ought to know better and use other technologies, as to not force the user into introducing new attack vectors into his/her system, just to be able to see a few fancy graphs.
Of all available choices, Internet Explorer seems like the worst bet. And I definitely do not wish to run Flash in it.
Then, the messages are a little confusing. Here's an example that covers all three big ones in the same frame: the geo-location thingie, the Internet Explorer & Flash fixation and the rather alarming message about my security being worse by 85% compared to users without PSI installed.
First, I do not know what this means. Second, how can my security be worse if I just got a 100% score in the run? There are no security issues with my software, so what can be worse? And what does it mean without? Users not running PSI are safer? Or better protected? I really don't understand.
For more information about Windows security, you may be interested in the following articles:
Safe Web practices - How to enjoy Internet and be safe, without unplugging the cable.
Mail security - How to enjoy mail communication with peers worldwide without getting lost in spam and alluring offers of vast richnesses.
SuRun - How to run a limited account on Windows, easily.
Windows 7 security - Basics of security in the newest Windows release.
Windows 7 security - A few tips more - Intermediate security for Windows 7.
Windows messages - Learn how to answer those prompts, correctly.
You may also want to read the following:
New cool list of Windows must-have programs - Tons of goodies.
A-Z guide to best 2009 Windows software - Quite relevant today, still.
There are a handful more, but I'm sure you'll manage to find them, if you need them.
And that would be all.
Secunia PSI is a handy tool. It's not for everyone, though. Mostly, advanced users will benefit from it. New users may find some of the concepts a little hard to swallow. Nevertheless, the utility is quite useful.
It's similar to Microsoft Baseline Analyzer (MBSA), however it extends to a whole range of product outside the Redmond forges. A prudent user will find PSI a good helper in getting security-related desktop chores done. Most importantly, it does not impose a security regime. In the end, it's up to you to create the right strategy and find the tools to enforce it. Like a good scout, PSI is there to let you know all the info, so you can make the best choice.
There are some problems with the interface, including some confusing messages, but the issues align with the rather advanced nature and targeted audience of the program. Still, recommended.