After a recent study that showed SMBs to be lacking in security training, I felt prompted to write a number of security-centric blogs. So far, I've suggested a number of ways that SMBs can be more security conscious, and also offered advice on how IT managers or executives can direct their organization toward better password practices.
I thought that would be all the security-related blogs I would write for a while, until I chanced upon the Secunia Online Software Inspector. And no, this is not one of those bogus "online antivirus" scanners designed to scare gullible users into forking out their hard-earned cash to fix a problem that doesn't exist.
The Secunia Online Software Inspector (OSI) scans your system for software with known vulnerabilities and for which vendors have already released security patches. A short list of the applications checked includes Adobe Acrobat reader, Google Chrome, iTunes, Flash Player, Internet Explorer, the Windows operating system itself, Mozilla Firefox, Winzip and a host of other software. You can check out the full list here.
Best of all, OSI does its work directly from an embedded Java applet, without the need to install any client software. To top it off, the tool is also completely free. Secunia does offer more powerful offline personal and corporate versions that the company says "cover basically all programs." I have not looked at them yet, but they are not free for SMBs.
I did a quick scan of my Windows 7 system, which took all of 13 seconds. I was relatively confident that it will find nothing wrong with my system, since I did a fresh installation just five weeks ago. As it was, I was surprised to learn that the Google Chrome browser I recently installed already has been superseded with a newer update that resolves one or more known security vulnerabilities.
This wasn't a major problem, since the only reason I installed Google Chrome was as an alternative browser to my main Mozilla Firefox browser. Still, it is a somber reminder that staying up with patching is an ongoing effort. A more serious problem appears to come from my Sun Java JRE 220.127.116.11 installation. According to the online scanner, this version of the Sun Java JRE is considered insecure.
Note that the OSI only identifies problem areas and does not actually do any patching or installing for you. Still, it supplied a download link in my cases, so it was just a matter of clicking on them and installing a new version or completing an update.
Ultimately, I felt that the OSI offers a simple and free way for small and medium businesses to quickly ascertain if some of their key software applications are properly patched. I encourage you to give it a spin. Let me know how it went for you.