Software and operating systems aren't coded perfectly, and attackers are always searching for vulnerabilities. Vendors continually work to patch these vulnerabilities — and when they do, the patches are released in the form of updates. You risk leaving your computer and personal information vulnerable by neglecting to patch your software in a timely manner.
After software is released, vulnerabilities are frequently found that allow attackers to exploit the program and gain access to your computer and files. Therefore vendors frequently distribute fixes to update the programs and remove the vulnerabilities. When you don't keep it up to date, attackers are able to target you and use the vulnerability to get to your data. Keeping your software applications up-to-date, or removing the software altogether, mitigates these risks.
The Indiana University versions of PSI and CSI may have been installed on your Windows computer in one of three ways:
- Via IUware (if you installed the Secunia PSI (Windows) or CSI (Mac) package)
- By your department's local IT Pro
The CSI agent that is installed on your computer sends information about the software programs on your computer to the CSI server run by the UIPO and UITS Leveraged Services.
The CSI agent collects a list of software applications installed, along with their version numbers, and locations on the computer. It does not collect the content of any files. See a detailed response in the "Privacy notice" section of http://kb.iu.edu/data/azfj.html.
All data sent from your CSI agent to the CSI server at IU is communicated via an encrypted connection (TLS).
The notice isn't discipline of itself, but creating risks to institutional data or engaging in unlawful file sharing may lead to discipline and personal liability.
Follow the Instructions in the IU Knowledge Base
The UIPO licensed the Secunia Corporate Software Inspector (CSI) to provide IT professionals with an easy way to identify, inventory, and patch software vulnerabilities. Additionally software packages can be patched via Microsoft SCCM or WSUS. IT professionals who run their own WSUS or SCCM servers may be interested in running their own Secunia CSI console account in order to create and push out these patches.
IT professionals who want a console account can contact the UIPO to request an account.
Don't want to run the console?
IT pros who want to take advantage of the CSI but don't want to run the console may distribute the generic Secunia CSI agent and view the results via the UIPO's Self-Service Unblock.
To distribute the agent, link the "IU-UISO-CSI" GPO to your OU. For instructions, visit: Link a Group Policy Object from Microsoft TechNet.