There are a couple of vulnerability assesment tools that are free to run. Of course, the simplest and most obvious assesment (and absolutely most essential) is to simply run Microsoft Update. It will scan your machine and tell you if you need updates on Microsoft software. Or, you can run Microsoft’s MBSA, a lightning-fast way to check for vulnerabilities.
However, MBSA and Microsoft Update are both Microsoft-specific, so you won’t be able to scan for vulnerabilities in other platforms and software.
You could try the free open source Nessus scanner (the Nessus license holder, Tenable, makes its money by charging for support and training, otherwise the feeds are delayed by a week), but it’s might be too complex for the average user. (We sell a vulnerability assesment tool, SNSI, for corporations. It scans both Windows and Linux systems, routers and printers for vulnerabilities. It’s a commercial-grade scanner and has done well. However, even though it’s a ridiculously inexpensive scanner, I realize it costs a bit more money than my average blog reader wants to pay. Plus, it’s geared for enterprise security, not home use.)
If you want something quick and simple, Secunia has just released a vulnerability assesment tool, called Secunia Software Inspector (via Donna). It will check for vulnerablities in a broad range of software programs on your machine.
Remember to be careful when applying patches. Always do them one at a time, with System Restore enabled. Sometimes, a patch can screw things up on your system (that’s a technical term for a night of pain trying to get your system back and running).
Feel free to comment if you have any other suggestions.
Alex Eckelberry