Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

“Take older versions of Adobe’s software, which don’t have an update component,” Kandek says. “Users on these will just stay at whatever version they’re using, and never update.” Alan Paller, director of research for the Bethesda, MD-based SANS Institute, a computer security training group, says Microsoft considered pitching its Windows Update service to third-party software vendors as an update conduit many years ago, but ultimately abandoned the idea because of legal liability concerns.

Secunia’s Kristensen says his company’s tool will avoid any liability issues by downloading patches in exactly the same way for each application as a regular user would. Still, he says, not all software vendors are likely to make it easy.

“The liability issues arise if we were to start modifying the patches or putting them in our own repository of updates,” Kristensen says. “One thing we can guarantee is that it won’t work for 100 percent of software. We’d love it to do that, but that would require 100 percent cooperation from a lot of vendors who don’t have a good history of this.”

According to Paller, Secunia’s chief challenge is appealing to users who don’t know enough about security to know they need to deploy third-party updates. “That’s why I think that a service like this–if it is going to have a decent impact–needs to be offered through the [Internet service providers],” he says. “My goal would be to say if you’re going to be an ISP, you need to provide a service like this.”

Secunia’s patch tool likely will need some serious testing before it can be deployed on such a broad scale. Secunia has already adapted the corporate version of PSI to deploy third-party updates, but doing the same for consumer computers would be a far greater challenge, particularly in making the software work on all of the various foreign language implementations of these third-party products.

“The goal is to make this scalable and legal, and to do that we will need to–at least at first–prioritize the products we patch based on those that are most widely installed, because there is no way we will be able to do 13,000 applications at once,” Kristensen says.

Secunia is aiming to have a preview version available in April for expert PC users, and a beta version for more public consumption a few months after that.

4 comments. Share your thoughts »

Tagged: Computing, Communications, security, software, Microsoft Windows

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me