Tool Time: Secunia Online Software Inspector (OSI)
Mervyn Heng, CISSP – May 2013
The beauty of running Ubuntu Linux is the ease of maintaining your Operating System (OS) and software using the apt command or Update Manager. Both tools offer a single mechanism of keeping your system patched and up to date. The same cannot be said of Windows because the built-in update program only caters to Microsoft proprietary software such as the OS and Microsoft Office for examples.
Microsoft has enterprise tools like System Center Configuration Manager (SCCM) to install patches and upgrades to servers as well as endpoints but there are still standalone systems that require manual patching.
Besides Microsoft components, there are a host of other software (eg. Reader, Flash, Java) that are require to support business operations but highly susceptible to compromise. Maintaining them can be tedious, time consuming and insecure as an administrator may not apply a patch or upgrade in a timely manner.
There is a simple solution to this predicament. Secunia hosts a free tool called Online Software Inspector (OSI). Click Start Scanner to initiate a check on your system.
Figure 1: Secunia OSI page
It is a Java Applet that scans your system to find insecure software that requires patching or upgrading. Click Run to permit this Applet.
Figure 2: Java Applet
The latest software version and patch information will be downloaded from Secunia’s website. When it has completed, the status will read as Java Applet loaded successfully. Press “Start” to begin. It is wise to select Enable thorough system inspection for completeness. Click Start to begin.
Figure 3: Start scan
When the scan is complete, OSI displays the results to inform you which software is insecure and what steps to take to remediate them. In this specific example, Java Runtime Environment (JRE) is outdated and requires upgrading to the latest version.
Figure 4: Scan results
Take the necessary actions required to remediate the system. After fixing the issues found, re-run the OSI tool to validate that the system is truly free from vulnerable software.
This tool is a free service that should be taken advantage of to increase productivity in detecting vulnerable software especially on Windows OSs. The only caveat of this facility is the need to have Internet access.
Install Java and launch your browser to start using it today.
Mervyn Heng, CISSP, is into Ubuntu, Comic Universe characters, Pop culture and Art outside of Information Security. If you have any comments or queries, please contact him at firstname.lastname@example.org.