Secunia, a Danish security company that makes two tools ensuring applications have up-to-date patches, have released a product which uses Microsoft's widely-used patching tool to deploy non-Microsoft patches.
The feature is contained in Secunia's Corporate Software Inspector (CSI) 5.0, a paid product for enterprises. CSI 5.0 can now package third-party patches - such as those from Adobe Apple and other vendors - and publish those updates to Microsoft's Windows Server Update Services (WSUS).
Third-party patches repackaged for WSUS
WSUS is a ubiquitous tool used to distribute patches in nearly every Windows-dominated organisation. Secunia's CSI allows administrators to use WSUS's distribution tools to apply the third-party patches to their computers. CSI also works with Microsoft's System Center Configuration Manager (SCCM), another Microsoft enterprise management tool.
Secunia's programmers used the APIs (application programming interfaces) for WSUS to integrate CSI 5.0, said Thomas Kristensen, the company's CTO. The CSI bundles the third-party patches and repackages them, cryptographically signs the package and publishes it to WSUS.
"This is completely seamless," Kristensen said.
Once that package is in WSUS, it can't be modified, but administrators can deploy it to selected computers, Kristensen said. WSUS can be used to uninstall patches as well.
Secunia has published several studies revolving around the issue of patching third-party applications, such as Adobe Flash, the Java Runtime environment and many others. The problem is that the vendors all use different update mechanisms, meaning some applications may not get updated and could be exploited by hackers.
Secunia CSI, however, will download updates from vendors when technically possible and automatically install them on individual machines. A free consumer version of the product, called the Personal Software Inspector (PSI) 2.0, also has the same functions.
Also available to Apple OS X users
Secunia has added another key feature in CSI 5.0. The tool can now scan Apple computers running OS X to see if applications have the needed patches. Unlike the CSI and PSI tools for Windows, it can't automatically apply patches. The Mac scanning function is not in the PSI, however.
Kristensen said that Secunia has seen just a bit of demand for the company's tool for Apple computers, but Secunia decided to include it. Apple users tend to be more lax about security even though the platform is just as vulnerable as Windows but is attacked far less due to its lower market share, according to Kristensen.
Secunia through the end of the year is keeping the price of CSI 5.0 the same as the previous 4.1 product, which starts at $2,900 (£1,789) per year for 100 hosts or fewer and increases incrementally based on the number of hosts.