The PC may be new, but the software is old and dangerous

I recently setup a couple new Windows XP computers. By "setup" I mean running diagnostic utilities, installing new software, removing un-needed software and changing a whole host of configuration options (no one needs that many Restore Points). But this is about another setup task, updating the pre-installed software to newer, safer versions.

Sometimes the pre-installed software is downright ancient.  

For example, a new HP Compaq DC7900 tower shipped with Windows XP Service Pack 2. While I'm the last kid on my block to upgrade an already-in-use XP system to Service Pack 3, certainly a new system should start out at SP3. Accompanying the old service pack was an old browser, Internet Explorer version 6. I wonder what Microsoft thinks about the largest PC vendor of them all continuing to pre-install such old software.

Java was at version 6 update 7 which dates back to around July 2008. Not too bad, as these things go. However, the Flash Player plugin was version 6.0.79 which dates back to March 2003, more or less.  Beats me why HP would update Java while including a 6 year old version of the much more popular Flash.

A new Samsung NC10 netbook also shipped with Internet Explorer 6, but XP itself was at Service Pack 3. The Adobe Acrobat Reader was a fairly recent 8.12, but nonetheless, this represents a security problem (as do all versions of the Acrobat Reader until March 11th). Java however, was an ancient version 5 (not version 6 update 5, but version 5).

What to do?

I'm a big fan of the Secunia Online Software Inspector which inspects the Acrobat Reader, Flash, Java, Internet Explorer and Windows itself to insure they are not missing any security related updates. The Secunia scanner can be very helpful on any Windows machine, old or new. The report it generates is simple, clear and easy to understand.

The down side is that it only examines a limited number of programs. Still, it covers many popular programs such as AOL's Instant Messenger,  iTunes, Firefox, Opera, Safari, Outlook Express, Thunderbird, WinAMP, Windows Media Player, Real Player, Skype, WinZip, QuickTime and ZoneAlarm.

In addition, if you subscribe to the Secunia OSI Reminder Service, the company will send you an email when they update their inspection rules. Today, they sent out the message below:

The Secunia Online Software Inspector requires Java version 6. You can easily determine the installed version of Java at javatester.org. Secunia also offers an off-line software inspector.

This still leaves the vendor supplied software. HP, Lenovo, Samsung, Dell and no doubt many other PC manufacturers pre-install a whole host of their own software. This too needs to be updated, even on a new computer. 

I've had a hit-or-miss relationship with assorted generations of software update applications from IBM/Lenovo. And, don't get me started on the problems I just had with Samsung's software updater.

Bottom line: updating software on a Windows machine is a mess. Microsoft handles their software, the hardware manufacturer handles their software and then it all really falls apart. Every company that makes Windows software has to re-invent the wheel when it comes to keeping it up to date. Adobe is so large that they have different update schemes for different products. Thus, we're left with Secunia to help us along. 

I'd go so far as to say that maintaining software is the biggest problem with Windows. Microsoft customers need a unified software update mechanism, but there is no reason to expect Microsoft to offer one.

Linux is on the right path here, even if the assorted software update applications are not as intuitive as they might be.

On another note, how popular does Firefox have to get before PC vendors start pre-installing it?