Secunia PSI

Secunia PSI is a security tool designed to detect vulnerable and outdated programs and plug-ins. These vulnerabilities expose your PC to attacks which are rarely blocked by traditional anti-virus due to the fact they exploit programs already on your computer and are therefore increasingly "popular" among criminals. Order/Download Now

The only solution to prevent these types of attacks is to apply security updates, commonly referred to as patches, to every piece of software and plugin on your system. Finding and applying these patches is a tedious and time consuming task. Secunia PSI automates identifying vulnerable software and alerts you when your programs and plug-ins require security updates. Secunia PSI will also alert you when software reaches the end of a support life cycle and may require an upgrade.

Note:  The default installation of the PSI client automatically updates Java and will automatically install updates that may cause incompatibilities UAB systems including Blackboard Vista, Oracle HR/Finance, and Banner.  

There are two methods of configuring PSI and working with automatic updates.  Please choose the appropriate one.

  1. Update Approval before Automatic Updates (Risk is not reviewing Secunia)
  2. Automatic Updates and ignoring Java (Risk is ignoring java)

Update Approval before Automatic Updates

Execute the PSI installer, click Next and then accept the License Agreement.

On the screen marked "Auto-Update Configuration" check the box "Require user-interaction before each Auto-Update"; click Next.

Click Next through the remainder of the install screens and click "Finish."

After installer finishes launch the PSI client.

The client will immediate start a scan.  Close the popup and wait for the scan to finish.



Scan results will likely show that there are insecure programs present.





Approving Updates

For software that has pending updates.  Those updates can generally be applied by left clicking the Approve Update link at the right hand side of the scan results page.  Sometimes the software cannot be automatically updated and will require the user to download and install the update manually.  In this case, clicking the update link will direct the user to the appropriate website to download the patch.

Ignore Java Updates and allow unprompted automatic updates

This configuration can leave Java as a risk that will never be identified.  However, it will automatically update many packages without user interaction.

Execute the PSI installer, click Next and then accept the License Agreement.

On the screen marked "Auto-Update Configuration" check the box "Require user-interaction before each Auto-Update"; click Next.

Click Next through the remainder of the install screens and click "Finish."

After installer finishes launch the PSI client.

The client will immediate start a scan.  Close the popup and wait for the scan to finish.



Scan results will likely show that there are insecure programs present.

View the scan results and take note of the location of the unpatched version of java and any other programs that should not be automatically updated.

Expand the Configuration menu on the left and select “Settings.”

Select the “Ignore Rules” tab at the top of the configuration screen.

Select “Create Ignore Rule” and name it java (or whatever program needs exclusion). Enter the location to the program in the box labeled “Rule Path”.

Clicking OK should immediately exclude the program from the scan list.

Finally, re-enable auto-updates for all programs that are not excluded. Select the PSI Settings tab and uncheck “Prompt before running automatic program updates.”

The computer will now update installed software automatically.

Last modified on February 27, 2013