Sometimes you like to use backdated software, perhaps to avoid bloatware. But perhaps you have some old software you’ve forgotten about. If you want to know, Secunia has a free product called PSI that will scan your system and alert you to any outdated software you may have. Then you can either update it, if it’s something you use and want to keep up to date, or uninstall it.
On the commercial side, the same company offers Vulnerability Intelligence Manager. I’m very unimpressed with the competing Symantec ESM, and it really seems to me that there’s an inherent advantage to using a different vendor for your operating system, patch deployment, antivirus, and information assurance. That way you have four vendors keeping each other honest.
For patch management, I have extensive experience with Shavlik Netchk and about a year’s experience with Microsoft’s WSUS. I recommend Shavlik’s Netchk product, as it updates not just Microsoft products but also common third-party apps, and it can do a rudimentary scan for missing patches. And not only that, it works better, giving administrators finer control over what you deploy and when and how you reboot.
I don’t have any personal experience with VIM, as I’ve always been a remediator rather than an auditor. If security audits are something your company wants, look into it.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.