Secunia: We don't know how vendors will react to our repackaging their updates

Secunia's new Personal Software Inspector 3.0 program will repackage security updates for hundreds of applications

Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary installer and deliver them through the new version of Personal Software Inspector (PSI).

The Denmark-based vulnerability research and management company launched the beta version of Personal Software Inspector 3.0 at the RSA Conference 2012 on Monday. PSI is a free consumer product that helps users keep their software up-to-date.

PSI 2.0 had the ability to automatically and silently install security updates for several popular applications like Flash Player, Adobe Reader or Java.

However, statistics showed that except for those, users hardly upgraded any other programs, despite being notified by PSI that patches are available, said Thomas Kristensen, Secunia's chief security officer.

PSI 3.0 takes a totally different approach and aims to deliver security updates that require as little interaction from users as possible. To achieve this, Secunia will wrap a proprietary installer around security patches for hundreds of popular applications in order to suppress their dialog boxes.

The security updates will be repackaged manually by Secunia's staff and will be pushed to PSI 3.0 users from the company's server, Kristensen said. However, the company will do this without the explicit approval of all the vendors, which might raise some legal issues.

It will be interesting to see how vendors respond, Kristensen said. "There will probably be some challenges. There will be some who will react and we'll have to deal with that."

Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue.

However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said.

In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream.

According to Kristensen, software vendors have a responsibility to get security updates out to their users and there's no reason to ask users if they want to install toolbars or participate in other promotions when they're applying security updates.

"If you're offering new features, a new version, something more fancy -- fair enough -- get them to your website. Secunia doesn't want to get into that game. We don't want to push a new version to your users. That's not our goal," Kristensen said.

However, not all vendors deliver security patches separately from updates that also provide new features. "If they don't want us to repackage their installers, I only have one message for them: Provide a proper silent installer for the user or provide a different update mechanism that works for the user and it doesn't nag them," Kristensen said.

PSI 3.0 will remain in beta for several months, during which time Secunia will add support for additional software. The program is only available for Windows and the company doesn't have plans to release a version for other platforms at this time.

"The goal is to provide an automatic security updater for millions of users," Kristensen said, adding that it will be one of the biggest patch management platforms on the planet, probably surpassed only by Microsoft's WSUS (Windows Server Update Services) and Windows Update service.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?