Table of Contents

1. Introduction
2. How to install and use the Secunia Personal Software Inspector

Introduction

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission. Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently. Thankfully, Secunia has released a program called Secunia Personal Software Inspector that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. This tutorial will walk you through downloading, installing, and using Secunia PSI so that your computer can remain secure.

How to install and use the Secunia Personal Software Inspector

To install Secunia Personal Software Inspector, or Secunia PSI, you must first download the program from their web site. The program can be downloaded from the following page:

Secunia PSI Download Page

Download the program and save it to your desktop. When it has finished downloading, double-click on the Secunia PSI icon that is shown below.

Secunia PSI Icon

When you double-click on the icon the Secunia PSI installer will start. Follow the prompts to install the program and when it asks if you are using this for Personal or Commercial use, select Personal. If you are using this in a commercial setting then you may want to consider using the Secunia CSI version instead.

When the program has finished installing you will be prompted as to whether or not you wish to launch Secunia PSI. You should click on the Yes button to allow the program to launch. In the future if you wish to start the program again, an icon for it can be found in your Windows Start Menu.

When Secunia PSI starts for the first time you will be presented with a welcome screen as shown below.

Secunia PSI Welcome Screen

At the above screen, click on the Close and view scan progress button to watch the program scan your computer for outdated programs. When Secunia PSI has finished scanning your computer you will see a small alert stating how many security threats were found. After you have finished reading this alert, click on the Close button and the scan results will be shown.

Secunia PSI Scan Results

The scan results screen will consist of a top section that displays all of the programs that were found that have a known security vulnerabilities and a bottom section that shows your statistics in terms of outdated programs compared to other users. As we are concerned about protecting our computer from outdated programs, we will focus on the top section that lists the vulnerable programs. This section has three important columns that are labeled Insecure Program, Threat Rating, and Solution.

The Insecure Program (security threat) column contains the list of all of the programs whose installed version have a known vulnerability. If you highlight any of the program names in this column, Secunia PSI will display the full path name to the program.

The Threat Rating column displays an image in each row that designates what threat rating category the risk is. These categories range from Category 1 to Category 5. If you highlight the threat rating it will display a vulnerability summary for the program version that is installed. Furthermore, if you click on the threat rating image itself it will open a web page at Secunia's site that will provide more details on the program's vulnerability.

Finally, and the most important, the Solution column contains a button that you can press that will either open the web page that contains an update for the vulnerable program or your browser will automatically download it for you.

Now that you know what programs are vulnerable on your computer, you should go through this list and download and install each and every update for the programs that are listed. By doing this you remove the known vulnerabilities and secure your computer from being hacked remotely or having malware installed on your computer without your permission. It is important to note that for almost all of the programs you will find listed in Secunia PSI, you can simply download and install the update. If it shows that Sun Java needs to be updated, it is recommended that you uninstall your current version first and then install the latest version afterwards.

When you are done updating all of your programs you can close the Secunia PSI program. It is suggested that you run Secunia PSI weekly to check for new insecure programs that may have become added to Secunia's database.

As always if you have any questions about using Secunia PSI or interpreting the results, please do not hesitate to ask in the AntiVirus, Firewall and Privacy Products and Protection Methods forum.