Network News

X My Profile
View More Activity

Patch Checking for Popular Windows Apps

I spent the evening in Memphis with a very interesting gentleman who will feature prominently in an upcoming article on cyber crime, and he posed a question about home user computer security that I confessed I could not answer.

His query was: Is there a software program for Windows users that scours their PCs to find out what third-party applications they have installed, and can it determine whether those programs are up to date?

This struck me as one of those "Doh!" moments where I had to admit, "Why haven't I asked this question before?"

Indeed, his question gets to the heart of one of the main premises of this blog: that virus writers and online miscreants are attacking not just the operating system, but the vulnerabilities found in the multitude of Internet-facing applications that most of us use every day, from video and music players to instant-messaging and file-backup programs.

Of course, for a while now such functionality has been built into computers powered by various flavors of the Linux operating system, and certainly there are applications sold for businesses that handle this task quite well.

But I'm wondering if anyone has developed a similarly effective (and affordable or even free) tool for Windows systems? If not, it seems to me this would be a useful application for someone to create.

But then, perhaps there are legal or other complications that would prevent a skilled programmer from creating such a tool? Could it be that Security Fix has overlooked such a program that's already available?

By Brian Krebs  |  October 28, 2005; 8:30 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: It Must Be Zombie Season
Next: Phishy Investment Plans


Some years ago there was an app called Catch-Up, and it was bought by Cnet. After some months, though, they have ended support for that program.

Unfortunately, i couldn't found any more apps that did the same things Catch-Up did.

Posted by: Guilherme | October 28, 2005 8:59 AM | Report abuse

Not too shabby, but it fails to recognize Symantec AV Corporate 9.0, otherwise it seems pretty good.

Posted by: Asa Taylor | October 28, 2005 9:37 AM | Report abuse

Last weekend I was assisting my father-in-law update Xp on his Toshiba laptop and I discovered a utility that assisted w/ 3rd party programs.
I can't remember the name but at least it's a lead.

Posted by: bok | October 28, 2005 9:52 AM | Report abuse

Version Tracker.
Works on PC, Mac, Palm, etc.

Posted by: Tech in Seattle | October 28, 2005 11:38 AM | Report abuse

There are two applications that I am aware of.

BigFix - (The download link is at the bottom)


BigFix is free to consumers, RadarSync requires registration (and $$).

Of the two I looked at, RadarSync does a much better job of finding driver updates, etc.

Posted by: Michael Kelley | October 28, 2005 11:41 AM | Report abuse

There use to be a product called "Oil Change" that provided this functionality. I'm not certain what happened to it though.

Posted by: ChrisSz | October 28, 2005 11:42 AM | Report abuse

As an update to my previous short post on a product called "Oil Change", this from PCWorld Magazine online.
"A software update service for Windows originally from CyberMedia, Inc., Santa Monica, CA and folded into the McAfee antivirus and desktop optimization product line when Network Associates purchased CyberMedia in 1998."

Posted by: ChrisSz | October 28, 2005 11:58 AM | Report abuse

Here is a question related to your recent postings about both tracking 3rd party software updates and the increase in zombie machines.

I'm wondering why there isn't a quick, user friendly report or notification for users to see which applications and services have accessed the internet. I'm thinking this should be relatively easy to do. In fact, you can get most of this information by reviewing your firewall logs. But how many "average" users know that firewall logs exist, much less how to review them.

I envision a very simple report, perhaps generated daily, listing the applications or services that have opened a connection to the internet over, say, the past 24 hours. Most of the connections would be easily explained - applications checking for updates, and email programs sending and receiving email, for example. But others would quickly raise eyebrows - including applications you've never heard of, or applications you haven't used recently. And it would be immediately apparent if your computer has become a zombie.

I would think this would be a great feature to add either to the operating system or your existing firewall application and I can't imagine that it would be that difficult.

Has anyone heard of a third party application that does this?

Posted by: Dennis in NH | October 28, 2005 12:06 PM | Report abuse

My son's laptop was attached by a virus while he was AIM-ing. He is running Windows 98. He was not updating his virus software as he should. I have brought it up in "protected mose" so that I could try to get access to the web and download the security aptches. However, the PC does recognize the wireless adaptor or the NIC card. Do you have any recommendations on how I can get this working again. Thank you.

Posted by: Josep | October 28, 2005 12:21 PM | Report abuse

Guilherme remembered Catch-Up, from CNet. I have a feeling it was sponsored by software vendors during the go-go days which are gone-gone.

I base that suspicion on the fact that it kept excellent track of the majors (Microsoft, Adobe, Real, etc.) and prominent indie minors of the time (MusicMatch, for one), but took no notice of many of the very small players' apps.

On the other hand, maybe it was simply a matter of the smaller players not bothering to provide update info to CNet. Whichever it was, Catch-Up is sorely missed.

Posted by: Christopher J. Bieda | October 28, 2005 12:33 PM | Report abuse

To my knowledge, nothing exists for free in this realm and I don't see most of the tools as being designed for home users. There are a number of products that will track both OS and application patches (sometimes only Microsoft Apps.) such as:
Shavlik HFNetChkPro
St. Bernard Update Expert
Ecora Patch Manager
Patchlink Update

These may also provide other functions such as spyware scanning, etc.

Posted by: David Henning | October 28, 2005 12:36 PM | Report abuse

It won't tell you if you're up to date with patches but the Belarc Advisor ( is a free utility that will build an extremely detailed profile of everything on your machine, complete with version levels and patches that have been applied.

Posted by: Joe Sexton | October 28, 2005 1:10 PM | Report abuse

Here's another inventory solution: The Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

Posted by: Fred Ryals | October 28, 2005 1:14 PM | Report abuse

I sure wouldn't mind having this software installed on my computer, we could use all the protection we can get for our computers as long as it is Free and Afordable price.

Posted by: Flossie | October 28, 2005 8:01 PM | Report abuse

While they are more geared toward the enterprise and definitely not free, both Patchlink and Novell's ZenWorks provide comprehensive solutions to this problem. It would be nice to see them release versions for individual users...

Posted by: jobi | October 29, 2005 11:16 AM | Report abuse

I am also interested what enterprise level products readers are using and can recommend. We have about 70 users.

Posted by: Dixon | October 31, 2005 11:59 AM | Report abuse

Most of the people here are telling you about products.

The one thing they are not focusing on is that a computer is like a car. You may get your oil changed at Jiffy Lube, your tires done at Sears, and your maintenance at the dealer.

A computer is a sophisitcated tool that needs to be maintained, and like a car usually that means not from one source.

Posted by: David | October 31, 2005 12:14 PM | Report abuse

I received a promo for RadarSync through CNET a week or so ago and signed up for their $1 trial (it might still be available -- I found the program to be excellent. It found lots of driver and application updates I wouldn't have thought to look for and their scan and the file downloads were quick and went smoothly.

This product is for home users and possibly small business, I'd imagine. Definitely not enterprise like some of the others mentioned here.

The only drawback I'd say is that if you're a firefox user like I am, you have to use their software version, instead of the online service which seemed more convenient to me.

Posted by: Seth | October 31, 2005 2:35 PM | Report abuse

Thanks everyone, for all the suggestions. I'll definitely try a few of these out and perhaps blog about them later.

Posted by: Brian Krebs | October 31, 2005 6:02 PM | Report abuse


Posted by: sadsa | May 4, 2006 11:34 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company