Secunia, a Danish security company that makes two tools that ensure applications have up-to-date patches, released a product on Wednesday that can deploy non-Microsoft patches using that company's widely used patching tool.
The feature is contained in Secunia's Corporate Software Inspector (CSI) 5.0, a paid product for enterprises. CSI 5.0 can now package third-party patches -- such as those from Adobe Apple and other vendors -- and publish those updates to Microsoft's Windows Server Update Services (WSUS).
WSUS is a ubiquitous tool used to distribute patches in nearly every Windows-dominated organization. Secunia's CSI allows administrators to use WSUS's distribution tools to apply the third-party patches to their computers. CSI also works with Microsoft's System Center Configuration Manager (SCCM), another Microsoft enterprise management tool.
Secunia's programmers used the APIs (application programming interfaces) for WSUS to integrate CSI 5.0, said Thomas Kristensen, the company's CTO. The CSI bundles the third-party patches and repackages them, cryptographically signs the package and publishes it to WSUS.
"This is completely seamless," Kristensen said.
Once that package is in WSUS, it can't be modified, but administrators can deploy it to selected computers, Kristensen said. WSUS can be used to uninstall patches as well, he said.
Secunia has published several studies revolving around the issue of patching third-party applications, such as Adobe Flash, the Java Runtime environment and many others. The problem is that the vendors all use different update mechanisms, meaning some applications may not get updated and could be exploited by hackers.
Secunia CSI, however, will download updates from vendors when technically possible and automatically install them on individual machines. A free consumer version of the product, called the Personal Software Inspector (PSI) 2.0, also has the same functions.
Secunia has added another key feature in CSI 5.0. The tool can now scan Apple computers running OS X to see if applications have the needed patches. Unlike the CSI and PSI tools for Windows, it can't automatically apply patches. The Mac scanning function is not in the PSI, however.
Kristensen said Secunia has seen just a bit of demand for the company's tool for Apple computers, but Secunia decided to include it. Apple users tend to be more lax about security even though the platform is just as vulnerable as Windows but is attacked much less due to its lower market share, Kristensen said.
Secunia through the end of the year is keeping the price of CSI 5.0 the same as the previous 4.1 product, which starts at US$2,900 per year for 100 hosts or fewer and increases incrementally based on the number of hosts.
Send news tips and comments to [email protected]