Personal and Corporate Software Inspector

Secunia Personal Software Inspector (PSI), available for Windows operating systems, helps you identify the software installed on your computer and keep it up to date. Secunia PSI scans your computer for thousands of known programs, checks for missing security patches and vulnerabilities in those programs, and reports back to you with information on how to update them.

Download the Personal Software Inspector


IU LSPs who deploy CSI agents to systems should provide notification to the users describing who will use the tool, how, and for what purpose, as well as anticipated use of the resulting information.

For more information about the PSI and CSI products, see:

Frequently Asked Questions

Below are several frequently asked questions about the implementation and use of CSI, including email notices that are sent.



Why do I need to keep my software updated?

Software and operating systems aren't coded perfectly, and attackers are always searching for vulnerabilitiies. Vendors continually work to patch these vulnerabilities — and when they do, the patches are released in the form of updates. You risk leaving your computer and personal information vulnerable by neglecting to timely update and patch your software.

top


What are the risks of having vulnerable software installed?

After software is released, vulnerabilities are frequently found that allow attackers to exploit the program and gain access to your computer and files. Therefore vendors frequently distribute fixes to update the programs and remove the vulnerabilities. When you don't keep it up to date, attackers are able to target you and use the vulnerability to get to your data. So keep your software applications up-to-date by removing or patching vulnerable ones.

top


How did CSI get installed on my computer?

The Indiana University versions of PSI and CSI may have been installed on your Windows computer in one of three ways:

  • Via Get Connected (if you live in the residence halls)
  • Via IUware (if you installed the Secunia PSI from IUware)
  • By your department's local support provider (LSP)

top


How does IU know that I have peer-to-peer software installed?

The CSI agent that is installed on your computer sends information about the software programs on your computer to the CSI server run by the UIPO.

top


What information is CSI collecting?

The CSI agent collects a list of software applications installed, along with their version numbers, and locations on the computer. It does not collect the content of any files. See a detailed response in the "Privacy notice" section of http://kb.iu.edu/data/azfj.html

top


How is the information about my computer protected?

All data sent from your CSI agent to the CSI server at IU is communicated via an encrypted connection (SSL).

top


If I receive a notice from the UIPO generated by Secunia CSI, does that constitute a disciplinary action and will it affect my academic standing or employment status?

The notice isn't discipline of itself, but creating risks to institutional data or engaging in unlawful file sharing may lead to discipline and personal liability.

top


How can I remove peer-to-peer file sharing software?

top


How can I remove the Secunia CSI agent?

See http://kb.iu.edu/data/azfk.html

top


What options are available to IT professionals?

The UIPO licensed Secunia Corporate Software Inspector (CSI) to provide IT professionals with an easy way to monitor software vulnerabilities.  Additionally software packages can be patched via Microsoft SCCM or WSUS.  IT professionals who run their own WSUS or SCCM servers may be interested in running their own Secunia CSI console account in order to create and push out these patches.

IT professionals who want a console account can contact the UIPO to request an account.

Don't want to run the console?

IT pros who want to take advantage of the CSI but don't want to run the console may distribute the generic Secunia CSI agent and view the results via the UIPO's Self-Service Unblock.

To distribute the agent, link the "IU-UISO-CSI" GPO to your OU. For instructions, visit: Link a Group Policy Object from Microsoft TechNet.

top

Security & Policy Blog Posts

  • On March 24th 2014, Microsoft released an advisory describing a vulnerability in all supported versions of Microsoft Word.
  • Apple has released critical security updates to address a dangerous bug in Apple's implementation of SSL/TLS that affects multiple versions of iOS 6, iOS 7, Apple TV OS 6, OS X 10.9 (Maverics).
  • Older version of NTP with outdated configuration may allow servers to be used in a Denial of Service attack
  • This page includes the third party assessment workbook and instructions.

    Recent Security Bulletins

  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g
  • New ransomware named CryptoLocker threatens to destroy data unless a payment is made.
  • Critical Java Vulnerability included in Exploit Kit
  • This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer