Secunia: We don't know how vendors will react to our repackaging their updates

Secunia's new Personal Software Inspector 3.0 program will repackage security updates for hundreds of applications

Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary installer and deliver them through the new version of Personal Software Inspector (PSI).

The Denmark-based vulnerability research and management company launched the beta version of Personal Software Inspector 3.0 at the RSA Conference 2012 on Monday. PSI is a free consumer product that helps users keep their software up-to-date.

PSI 2.0 had the ability to automatically and silently install security updates for several popular applications like Flash Player, Adobe Reader or Java.

However, statistics showed that except for those, users hardly upgraded any other programs, despite being notified by PSI that patches are available, said Thomas Kristensen, Secunia's chief security officer.

PSI 3.0 takes a totally different approach and aims to deliver security updates that require as little interaction from users as possible. To achieve this, Secunia will wrap a proprietary installer around security patches for hundreds of popular applications in order to suppress their dialog boxes.

The security updates will be repackaged manually by Secunia's staff and will be pushed to PSI 3.0 users from the company's server, Kristensen said. However, the company will do this without the explicit approval of all the vendors, which might raise some legal issues.

It will be interesting to see how vendors respond, Kristensen said. "There will probably be some challenges. There will be some who will react and we'll have to deal with that."

Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue.

However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said.

In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream.

According to Kristensen, software vendors have a responsibility to get security updates out to their users and there's no reason to ask users if they want to install toolbars or participate in other promotions when they're applying security updates.

"If you're offering new features, a new version, something more fancy -- fair enough -- get them to your website. Secunia doesn't want to get into that game. We don't want to push a new version to your users. That's not our goal," Kristensen said.

However, not all vendors deliver security patches separately from updates that also provide new features. "If they don't want us to repackage their installers, I only have one message for them: Provide a proper silent installer for the user or provide a different update mechanism that works for the user and it doesn't nag them," Kristensen said.

PSI 3.0 will remain in beta for several months, during which time Secunia will add support for additional software. The program is only available for Windows and the company doesn't have plans to release a version for other platforms at this time.

"The goal is to provide an automatic security updater for millions of users," Kristensen said, adding that it will be one of the biggest patch management platforms on the planet, probably surpassed only by Microsoft's WSUS (Windows Server Update Services) and Windows Update service.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?