If you pay any attention to computer security, you know that you should run scheduled checks for Windows or Apple Updates to keep your operating system software up to date, be it Windows XP/Vista/7 or MacOS 10.x. This is a necessary step to protect your computer from attacks that exploit vulnerabilities in software.
Necessary, but not sufficient.
Attackers experiment with software of all types, from browsers and email clients to graphics, business and office software. They find programming flaws and exploit what they find to gain control of your computer. Attackers don't discriminate between free-, share-, or commercial applications: if the application is popular enough, some bad actor is searching for an exploit.
Windows and Apple Updates only keep operating system software "patch current". You need to keep all your software patched to protect yourself as much as possible against known vulnerabilities and exploits.
At first glance, this sounds like an impossible or full-time task. It's not uncommon for a user to install and use several dozen applications over time (my office MacBook has over 100). Not all of these applications offer automatic updates. Searching and finding patches for all your software manually is more than the average user will ever consider. Surely there's an easy way to manage this? Yes.
I've had some success using Appfresh for my Mac, and Secunia Personal Software Inspector (PSI) for my Windows XP/Vista/7 PCs. Let's have a look.
Appfresh scans your Mac to enumerate all installed applications, widgets, and plugins and will check for Apple Updates. Appfresh informs you whether your installed software is up to date or whether an update is available for installed software that is not patch current. Appfresh also tells you when you last used the software: use this to decide whether it's best to simply remove the program.
A right-mouse click on an application provides options to check for and download updates.
Appfresh has native support for commonly used software and supplements this support with information from a reputation-based software tracking community, iusethis. Appfresh lets you register with iusethis so you can obtain comments, notices, and reviews of software you've installed. Appfresh can be scheduled to run automatically at startup or on a day and time that's convenient for you.
Appfresh is still under development but I've found the current version to be stable and useful. Try it.
Like Appfresh, Secunia PSI scans Windows-based PCs for vulnerable or out-of-date programs and plug-ins. Secunia PSI has a simple and advanced interface mode. The simple mode enumerates insecure software and provides a threat rating; a Category 5 threat, for example, is an indication that the insecure software is currently being exploited by attackers on the Internet to gain control of PCs. Simple mode provides a convenient one-click "solution" that connects you to a vendor patch link.
Advanced mode provides more detail for power users. Separate tabs provide details about insecure programs, end-of-life programs, and security issues associated with browser settings and plug-ins. You still have a one-click "solution" that connects you to a vendor patch link.
Secunia supports an extensive database of security advisories for users who want to understand the nature of threats in some detail. This is available from simple or advanced mode. Secunia PSI can run as a service, accessible from the System Tray, to continuously monitor and report on the patch status of your installed software. I've use PSI for several years now and highly recommend that you try it.
Unpatched software leaves you just as exposed to attack as unpatched Operating Systems. Appfresh and Secunia PSI won't automatically update your installed applications but they do warn you when your applications are vulnerable and they make the update process simple. Invest a small amount of your time to regularly scan your software and keep your installed software up to date.
You can follow this conversation by subscribing to the comment feed for this post.