Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!

Get this blog as an RSS Feed
Yesterday we released the first public beta of the new Secunia PSI 2.0 Beta, which includes Automatic Update as well as a brand new user interface. Here, 24 hours later, we have the first extremely interesting numbers for you.
17:21 CET on the 2nd September 2010
Entry written by Jakob Balle.

The interest for the new Secunia PSI 2.0 Beta, released yesterday, has been outright astonishing. After 24 hours, more than 6,500 security conscious users already installed, scanned, and patched using the new version.

After 24 hours the Secunia PSI 2.0 Beta had installed ~10,000 security patches across the 6,500 users or roughly 1.5 security patches per user on average.

Preliminary Numbers
We thought you might like to know a little about what's being automatically patched by the Secunia PSI 2.0 Beta – naturally, this is all very new and these unique numbers are just 24 hours old, so we're not vouching for the statistical accuracy, yet it paints a very interesting picture.

Top 10 - Most Installed Security Patches:

Product Installations Percentage
1. Adobe Flash Player (ActiveX) 2024 20%
2. Adobe Reader 9.x 1004 10%
3. Adobe Flash Player (NPAPI) 920 9%
4. Sun Java JRE 1.6.x / 6.x 753 8%
5. Adobe AIR 2.x 530 5%
6. IrfanView 4.x 495 5%
7. Opera 10.x 320 3%
8. Skype 4.x 309 3%
9. Wireshark 1.x 251 3%
10. Mozilla Firefox 3.6.x 245 2%

 

Observations
I don't want to jump to conclusions based on 24 hours of scan results and patch installations, but it is still interesting to note the following initial observations:

  1. Adobe Flash Player accounts for ~29% of all patches that were automatically installed, when counting both the NPAPI and ActiveX plugins.
  2. At least 6 of the programs in the Top 10 comes with their own auto update functionality (!!)
  3. No Apple products in the Top 10. OK that sounds amazing - and it is. Unfortunately, Apple products does not natively support “silent install”, which is required for automatic updating. We are working to address this during the beta, so please stand-by until we are ready help Apple update their software.

Again, this is all preliminary and based on just 24 hours worth of data. Personally I can't wait for Research Analyst Director Stefan Frei to have a deeper look at all these exciting new data, once the statistical foundation is a bit more substantiated.

Patch & Stay Secure,

Jakob Balle, Secunia
VP of Product Development

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
 
User Message
dantesoft RE: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
Member 2nd Sep, 2010 18:13
Score: 2
Posts: 3
User Since: 1st Sep 2010
System Score: N/A
Location: RO
Last edited on 2nd Sep, 2010 18:13
"At least 6 of the programs in the Top 10 comes with their own auto update functionality (!!)"
Google Chrome has auto-update functionality. The rest have optional, the-user-must-agree auto-update functionality.
Was this reply relevant?
+2
-0
jim__hill RE: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
Member 2nd Sep, 2010 19:15
Score: 3
Posts: 3
User Since: 12th Jun 2010
System Score: N/A
Location: N/A
Last edited on 2nd Sep, 2010 19:15
Wireshark 64bit version installed but psi2's update pointed only to the 32bit version - same as psi1.

If psi2 makes changes to services, however legitimate, it should announce them. I had Windows Update disabled manually and it's now enabled.

What other unannounced changes has psi2 made to my environment which I haven't yet detected?

How on earth does Windows Live Essentials, which I neither want nor need, qualify as a security update (for win7 x64) to psi2 and Windows Update?
Was this reply relevant?
+5
-2
ppoorman RE: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
Member 2nd Sep, 2010 20:30
Score: 4
Posts: 1
User Since: 2nd Sep 2010
System Score: N/A
Location: US
Last edited on 2nd Sep, 2010 20:30
I've found that the built-in auto-update capabilities default to a very long interval between checks. Java, for example, seems to default to monthly. Quicktime has a similarly long default. This may have been acceptable 5 years ago, but is completely unacceptable today.

Worse, they are often incapable of being set to a short interval. For example, Quicktime on Windows 7 offers the option to check daily, but the setting doesn't stick.

There's a real opportunity for services like PSI and CSI to address these shortcomings.
Was this reply relevant?
+4
-0
DHC-22 RE: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
Member 16th Sep, 2010 19:18
Score: 9
Posts: 20
User Since: 10th Jun 2010
System Score: N/A
Location: US
Last edited on 16th Sep, 2010 19:18
I'm holding back and still am using PSI, not the beta. Several concerns.

With PSI beta can the user run update scans, as we can do with the current PSI? (I run scans at least once a day.) Or is it all automatic?

Will the beta allow me to do what I do with the current PSI, which is the following. Every morning I log in as an Administrator, run a PSI scan, and change to limited account (with XP) and Standard user (with Windows 7). As a non-administrator I can still run PSI and do scans, since I first logged in as an administrator. WILL THE BETA ALLOW THIS? Can I manually do a scan? And, if it auto updates, can the users add inputs and directions?

Also, with the current PSI, if it flags that a need an update, I change to administrator and manually do the update. How would PSI beta handle such a situation? Would it give me a message to switch to Administrator? Or would it's automatic update be frozen and not work?

One of my computers is 64 bit. I've read above that a 64 bit user is not getting 64 bit updates with beta PSI.

Also, the beta PSI must by default not install all the crap that these software update engines asks us if we want to update. INDEED, by default iTunes would load two of these damned added programs. I have to un-select. Will PSI beta un-select? Indeed, will the finished auto-update PSI un-select?

MY CURRENT CONCLUSION: I'm much better off with the current PSI. I trust what I am doing. I would not trust any auto-update programs unless the user can control these troublesome factors that are nicely handled by non-beta non-auto update PSI and little old me.
D.C.
Was this reply relevant?
+0
-0
desinet1 RE: Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
Member 28th Sep, 2010 11:44
Score: 0
Posts: 3
User Since: 28th Sep 2010
System Score: N/A
Location: IN
Last edited on 28th Sep, 2010 11:44
Secunia 2.0 BETA is just awesome. I like the improvements in the interface.
I am a hard-line supporter for Secunia. Even posted a blog entry about it here...http://thepcsecurity.com/free-software-update-soft...
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer