Are your Windows programs up to date?

update image1999 saw the emergence of Melissa, a PC virus that engulfed the globe. Designed by David Lee Smith, he named the virus after a stripper and, once released, it caused mayhem forcing large companies to shut down their email gateways and Microsoft to spend years rewriting Windows XP. This one security breach was undoubtedly influential in spurring on Bill Gates to initiate a half a billion dollar project implementing what he called Trustworthy Computing which focused on threat modelling, code reviews and penetration testing. As a result, Windows’ security was greatly improved over the next decade. By 2010, the new, improved Windows had become much harder to exploit and attackers changed their angle of attack towards weaker programs found on the Windows PCs. These included Sun’s (now Oracle’s) Java JRE, Macromedia’s (now Adobe’s) Reader and Flash Player, and Apple’s iTunes and QuickTime.

This posed a new problem; Windows security patches were released by Microsoft every second Tuesday of the month which could easily be installed automatically or manually, but how could you keep non–Microsoft software up to date? If you used software from 50 different sources, did you really want to run 50 background processes to check for updates? If not, did you want to visit 50 websites to check for new versions?

Secunia’s Personal Software Inspector (PSI) and similar programs solved that problem. They scanned the software on your PC, checked it against a database of the latest versions, and either installed the updates or gave you a link to do it manually. PSI was by far the best of the bunch, partly because it covered a wider range of software, and partly because it also checked major Microsoft software components as well. (Not all Microsoft updates install correctly.)
Many Windows users have been using Secunia since 2007. However, the Danish company was taken over by Flexera in 2015, and Flexera has now decided to drop PSI. The program is telling users, “On April 20, 2018, Flexera will be ending support life for PSI. On that day, PSI will no longer be functioning and should be uninstalled.” There are more than a dozen alternatives to Secunia’s PSI but two stand out: KC Softwares’ SUMo (Software Updates Monitor) and Patch My PC Home Updater.

SUMo is one of the best at finding programs where later versions are available but still a long way short of PSI which finds far more. The price is reasonable. KC Softwares charges £14.41 for one year of SUMo Pro for four PCs (same user) or £29.99 for lifetime use.

Patch My PC supports a limited number of programs – 302 at the current count – that it can install and update automatically. The result is a faster and nicer experience. Patch My PC obviously has a more limited range than SUMo, and its usefulness will depend on the software you have installed. If you only have a handful of the 302 programs installed, then it’s probably not much use.

The real question is whether it leaves you at risk. If it doesn’t update most of your software then technically, perhaps, it does. However, malware writers usually target the low-hanging fruit. They are only really interested in programs that are relatively easy to exploit and widely installed. As well as the usual suspects, that includes Windows and Microsoft Office, because a lot of people, and some major organisations, don’t install all the security updates. Programs that are not in Patch My PC’s top 300 seem unlikely to be targeted. At this point though, we’d rather pay for PSI…