PDA

View Full Version : Secunia PSI


Dan in Saint Louis
October 21st, 2008, 01:44 PM
What are the thoughts and experiences of those here re: Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/)? Thank you!

davidh
October 22nd, 2008, 05:21 PM
What are the thoughts and experiences of those here re: Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/)? Thank you!If you use browser plug-ins , then I would say that it's almost foolhardy NOT to use Secunia PSI. Traditional anti-virus anti-spy security suites are less than adequate, even if you give them the benefit of the doubt.

security suites fail miserably
http://tapcis.com/forums/showthread.php?t=6745

Plug-ins would include:

Java,
Adobe Flash,
Adobe Reader (PDF),
MS Word (DOC),
Quicktime,
Real Player,
Windows Media Player,
almost any other media player,
etc.

Of course, you can check for security updates to your plugins manually one at a time, but why bother? Or you can verify that every one of your plugins automatically checks for updates every time you start your computer, probably slowing down your computer start up time.

NoScript in Firefox has settings to let you effectively disable all plugins, but every instance of a plugin being blocked on a give web page can be manually overridden by the user, leaving the user still susceptible to security vulnerabilities in the particular plugin being blocked at any given moment/instance.

Since most browser users are probably unwilling to endure the small learning curve needed to use NoScript extension in Firefox correctly, I would consider Secunia PSI to be nearly indispensable in such a case. I mean I would not consider such a user to be willing to put in the effort to go thru all his plugins and make sure they are configured to check for updates automatically.

DH

P.S. I'm to the point now of thinking about disabling my resident freeware malware scanners (AVG & Avast, on two different PC's), since I doubt they're helping me in any meaningful way.

davidh
October 22nd, 2008, 05:29 PM
Using a browser sandbox might be an acceptable alternative to using Secunia PSI, but I have not investigated them to learn whether this is reality or hype. Using a sandbox is probably NOT suitable for a novice or casual browser user.

However, I don't really see why this should be an exclusive either-or choice. Even leaving Secunia PSI loaded continuously should not have a significant perfomance hit (unlike resident virus scanners) unless RAM is very limited.

DH

Dan in Saint Louis
October 22nd, 2008, 06:02 PM
If you use browser plug-ins , then I would say that it's almost foolhardy NOT to use Secunia PSI.Thank you. I am choosing to ignore some of the "end-of-life" warnings Secunia presents, but have been able to obey all the "please update" warnings.