Threats to systems have been traveling up the stack which is to say that instead of operating system exploits attackers are finding incursions through applications. With the wealth of applications and vulnerabilities being discovered and a lack of coherent means to keep them up to date it is a welcome relief to see Secunia.com offer a free tool for checking Windows systems for the most common application vulnerabilities.
Secunia offers both an online test tool as well as a downloadable client for Windows 2000 and higher systems. I tested the online version on both my Windows Professional XP SP2 and Windows Vista Home premium systems. I found vulnerabilities for Adobe Flash and Java on both systems. When you update Adobe Flash player it removes the vulnerable version but the older Java versions must be manually deleted since some application may require them.
On XP running the tool was straightforward. To run the online tool on Vista I had to add the Secunia site to my "Trusted" zone which results in IE running that site with Protected Mode off. When I tried to run the site with Protected Mode on then it threw errors concerning available Windows patches. Running the downloadable executable on Vista was straightforward although I did run the installer as "administrator". The executable is handy as I was able to exclude certain paths such as my other bootable partitions and the $Recycle.Bin.
In every case the Secunia tool gave helpful information and links for the vulnerabilities and fixes available.
I have always like Secunia because you can find how many vulnerabilities exist for a myriad of systems and how critical they are. While some security experts complain about how many patches must be applied to some software I like the view of how many patches are NOT available for some given software.
Comments