Secunia: We don't know how vendors will react to our repackaging their updates

Secunia's new Personal Software Inspector 3.0 program will repackage security updates for hundreds of applications

Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary installer and deliver them through the new version of Personal Software Inspector (PSI).

The Denmark-based vulnerability research and management company launched the beta version of Personal Software Inspector 3.0 at the RSA Conference 2012 on Monday. PSI is a free consumer product that helps users keep their software up-to-date.

PSI 2.0 had the ability to automatically and silently install security updates for several popular applications like Flash Player, Adobe Reader or Java.

However, statistics showed that except for those, users hardly upgraded any other programs, despite being notified by PSI that patches are available, said Thomas Kristensen, Secunia's chief security officer.

PSI 3.0 takes a totally different approach and aims to deliver security updates that require as little interaction from users as possible. To achieve this, Secunia will wrap a proprietary installer around security patches for hundreds of popular applications in order to suppress their dialog boxes.

The security updates will be repackaged manually by Secunia's staff and will be pushed to PSI 3.0 users from the company's server, Kristensen said. However, the company will do this without the explicit approval of all the vendors, which might raise some legal issues.

It will be interesting to see how vendors respond, Kristensen said. "There will probably be some challenges. There will be some who will react and we'll have to deal with that."

Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue.

However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said.

In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream.

According to Kristensen, software vendors have a responsibility to get security updates out to their users and there's no reason to ask users if they want to install toolbars or participate in other promotions when they're applying security updates.

"If you're offering new features, a new version, something more fancy -- fair enough -- get them to your website. Secunia doesn't want to get into that game. We don't want to push a new version to your users. That's not our goal," Kristensen said.

However, not all vendors deliver security patches separately from updates that also provide new features. "If they don't want us to repackage their installers, I only have one message for them: Provide a proper silent installer for the user or provide a different update mechanism that works for the user and it doesn't nag them," Kristensen said.

PSI 3.0 will remain in beta for several months, during which time Secunia will add support for additional software. The program is only available for Windows and the company doesn't have plans to release a version for other platforms at this time.

"The goal is to provide an automatic security updater for millions of users," Kristensen said, adding that it will be one of the biggest patch management platforms on the planet, probably surpassed only by Microsoft's WSUS (Windows Server Update Services) and Windows Update service.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?