Secunia: We don't know how vendors will react to our repackaging their updates

Secunia's new Personal Software Inspector 3.0 program will repackage security updates for hundreds of applications

Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary installer and deliver them through the new version of Personal Software Inspector (PSI).

The Denmark-based vulnerability research and management company launched the beta version of Personal Software Inspector 3.0 at the RSA Conference 2012 on Monday. PSI is a free consumer product that helps users keep their software up-to-date.

PSI 2.0 had the ability to automatically and silently install security updates for several popular applications like Flash Player, Adobe Reader or Java.

However, statistics showed that except for those, users hardly upgraded any other programs, despite being notified by PSI that patches are available, said Thomas Kristensen, Secunia's chief security officer.

PSI 3.0 takes a totally different approach and aims to deliver security updates that require as little interaction from users as possible. To achieve this, Secunia will wrap a proprietary installer around security patches for hundreds of popular applications in order to suppress their dialog boxes.

The security updates will be repackaged manually by Secunia's staff and will be pushed to PSI 3.0 users from the company's server, Kristensen said. However, the company will do this without the explicit approval of all the vendors, which might raise some legal issues.

It will be interesting to see how vendors respond, Kristensen said. "There will probably be some challenges. There will be some who will react and we'll have to deal with that."

Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue.

However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said.

In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream.

According to Kristensen, software vendors have a responsibility to get security updates out to their users and there's no reason to ask users if they want to install toolbars or participate in other promotions when they're applying security updates.

"If you're offering new features, a new version, something more fancy -- fair enough -- get them to your website. Secunia doesn't want to get into that game. We don't want to push a new version to your users. That's not our goal," Kristensen said.

However, not all vendors deliver security patches separately from updates that also provide new features. "If they don't want us to repackage their installers, I only have one message for them: Provide a proper silent installer for the user or provide a different update mechanism that works for the user and it doesn't nag them," Kristensen said.

PSI 3.0 will remain in beta for several months, during which time Secunia will add support for additional software. The program is only available for Windows and the company doesn't have plans to release a version for other platforms at this time.

"The goal is to provide an automatic security updater for millions of users," Kristensen said, adding that it will be one of the biggest patch management platforms on the planet, probably surpassed only by Microsoft's WSUS (Windows Server Update Services) and Windows Update service.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?