Personal and Corporate Software Inspector

Secunia Personal Software Inspector (PSI), available for Windows operating systems, helps you identify the software installed on your computer and keep it up to date. Secunia PSI scans your computer for thousands of known programs, checks for missing security patches and vulnerabilities in those programs, and reports back to you with information on how to update them.

Download the Personal Software Inspector

IU LSPs who deploy CSI agents to systems should provide notification to the users describing who will use the tool, how, and for what purpose, as well as anticipated use of the resulting information.

For more information about the PSI and CSI products, see:

Frequently Asked Questions

Below are several frequently asked questions about the implementation and use of CSI, including email notices that are sent.

Why do I need to keep my software updated?

Software and operating systems aren't coded perfectly, and attackers are always searching for vulnerabilitiies. Vendors continually work to patch these vulnerabilities — and when they do, the patches are released in the form of updates. You risk leaving your computer and personal information vulnerable by neglecting to timely update and patch your software.


What are the risks of having vulnerable software installed?

After software is released, vulnerabilities are frequently found that allow attackers to exploit the program and gain access to your computer and files. Therefore vendors frequently distribute fixes to update the programs and remove the vulnerabilities. When you don't keep it up to date, attackers are able to target you and use the vulnerability to get to your data. So keep your software applications up-to-date by removing or patching vulnerable ones.


How did CSI get installed on my computer?

The Indiana University versions of PSI and CSI may have been installed on your Windows computer in one of three ways:

  • Via Get Connected (if you live in the residence halls)
  • Via IUware (if you installed the Secunia PSI from IUware)
  • By your department's local support provider (LSP)


How does IU know that I have peer-to-peer software installed?

The CSI agent that is installed on your computer sends information about the software programs on your computer to the CSI server run by the UIPO.


What information is CSI collecting?

The CSI agent collects a list of software applications installed, along with their version numbers, and locations on the computer. It does not collect the content of any files. See a detailed response in the "Privacy notice" section of


How is the information about my computer protected?

All data sent from your CSI agent to the CSI server at IU is communicated via an encrypted connection (SSL).


If I receive a notice from the UIPO generated by Secunia CSI, does that constitute a disciplinary action and will it affect my academic standing or employment status?

The notice isn't discipline of itself, but creating risks to institutional data or engaging in unlawful file sharing may lead to discipline and personal liability.


How can I remove peer-to-peer file sharing software?


How can I remove the Secunia CSI agent?



What options are available to IT professionals?

The UIPO licensed Secunia Corporate Software Inspector (CSI) to provide IT professionals with an easy way to monitor software vulnerabilities.  Additionally software packages can be patched via Microsoft SCCM or WSUS.  IT professionals who run their own WSUS or SCCM servers may be interested in running their own Secunia CSI console account in order to create and push out these patches.

IT professionals who want a console account can contact the UIPO to request an account.

Don't want to run the console?

IT pros who want to take advantage of the CSI but don't want to run the console may distribute the generic Secunia CSI agent and view the results via the UIPO's Self-Service Unblock.

To distribute the agent, link the "IU-UISO-CSI" GPO to your OU. For instructions, visit: Link a Group Policy Object from Microsoft TechNet.


Security & Policy Blog Posts

  • OpenSSL vulnerability made public on JUly 9, 2015 does not impact current popular linux distrubitons
  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services

    Recent Security Bulletins

  • RCE vulnerability in OpenFont support for all versions of Windows
  • Notice of a zero-day vulnerability in Oracle's Java has been made public
  • Multiple Zero-Day Flash vulnerabilities.
  • A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer