I need some guidance. (as usual) I did download and install the beta. All went well. Ran the scan and updated several programs. Again everything looks good. Two programs seem to put me in an endless loop:
1) Microsoft Data Acc ess Components (MDAC) 2.x -> When I click on the download button from within Secunia it takes me to the MS Update page where I am told there are NO updates available. Nothing is found even when I tell it to "Check for Updates." Over and over...........
2) Sun Java JRE 1.6x / 6.x ->Pretty much the same story. I uninstalled everything "Java" I could find and then downloaded both the 32 & 64 bit versions. I then verified both installations with the Sun verify tool and was told everything was peachy! (my phrase not Sun's)
As you can surmise I am a complete newcomer to Secunia Personal Software Inspector. Are there some issues that cannot be "fixed?" If that is the case can I instruct Secunia to ignore selected programs?
I am doing my best to follow the great advice I have gotten here. The resource overhead is still surprisingly low.
At the moment I am using:
Avast! (Free ver.)
WinPatrol (paid ver.)
SUPERAntiSpyware (paid ver.)
SpywareBlaster (free ver.)
W.O.T.
MBAM
Secunia PSI
I have had zero virus/spyware/malware problems. ( That I am aware of anyway!)
As always any advice or guidance is gratefuly accepted!!
First a quick question: are you using the "standard" Secunia PSI 1.5 ? or the newer "beta" version 2 that Joe was talking about? Actually, that may not matter, but...
You need to check to see where (the path of) the questionable programs (MDAC and Java) are located. I'm working from Secunia 1.5. If you click the + in front of the insecure program's name, it should expand to show information, including the "installation path".
for example, on my XP SP3 system (so path's may be different for you), Secunia is showing I have MDAC twice... once, in
C:\Program Files\Common Files\System\ado\msadox.dll <==== standard location for XP SP3
and a second time in
C:\Documents and Settings\ky331\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
the second copy was installed as part of my Creative Media soundcard.
Comment 1: Microsoft/Windows update will only locate/update the "standard" Microsoft copy. It will not look for additional/alternative copies installed by other programs. You either have to find a way to get that third-party program (Creative, in my case) to update its files, or, perhaps, replace the third-party version with a copy of the updated file from the Microsoft version. (If doing the latter, we have to hope that the Msft version is fully backwards compatible with other files remaining from the third-party software.)
Comment 2: If the path mentions i386 , or something like D:\backup (assuming your main drive is C: ) , Secunia is finding copies of the originally installed files on your system. These copies are not the active/running versions, but rather, backups that can be tapped in case of emergency. These original/backup files do NOT get updated when the corresponding program gets updated! So if that's what's happening, you should simply add (just these) backup copies to Secunia's exclusion list. for example, I have instructed secunia to ignore the entire C:\i386 directory [including all of its subdirectories].
EDIT: I no longer have java on my system... but if memory serves me, the path (for xp sp3) was
c:\Program Files\Java
Somewho who (still) has java should be able to confirm this. of course, there will be a difference on your 64-bit win7 system, where you say you have both the 32 & 64 bit versions installed.
When the PSI 2.0 beta informed me that iTunes needed updating to v 10.0, I was hopeful that this would include a patch for the current vulnerability in QuickTime Player (which is included in iTunes).
After updating iTunes, I could not determine if this was true, as PSI 2.0 beta only notifies if all programs have the latest patch installed, but makes no mention of unpatched vulnerabilities.
So I uninstalled the beta, and re-installed v 1.5.
As I suspected, QT is still vulnerable and unpatched. But you would only know this by viewing the "Secure Browsing" tab, which the beta lacks.
I'm wondering if 2.0 lacks the (in)secure browser tab because:
1) it's still in beta, and they haven't added that tab yet, or
2) they've decided there's nothing that can be done with UNpatched programs, and on that basis, figured there's no need to notify [=worry] users that can't do anything about it [short of uninstall the program, which presumably, people who use it don't want to do].
First off, be warned that I represent Secunia, and so might be a bit... biased. :)
2) Scans run without problems, though no faster than with PSI 1.5.
Performance is actually one of the things we have been working to improving during the Secunia PSI 2.0 Beta. Specifically, it is now possible to de-select certain drives for scanning, so the PSI will skip them entirely. Furthermore, the PSI no longer scans locations set to be "Ignored", but skips over them entirely. However, the basic scanning engine has not been drastically changed, so in those matters the PSI is more or less itself.
3) Automatic Updates: Haven't tried this, and don't want it. For those that want to keep their 3rd party applications updated automatically, this may prove useful. I don't allow any program (including Windows programs) to auto-update, preferring to do so manually a day or two later, after others have discovered and solved the problems that come with some updates.
If anyone should so wish, it is possible to globally disable Auto-Updates in the Secunia PSI 2.0 Beta, by unchecking "Enable automatic program updates" on the Settings tab in the PSI 2.0 Interface.
4) New User Interface: It is indeeed simpler. I'm surprised there seems to be no Browser Security tab, that alerts one to security vulnerabilities in one's browsers. The scanner also does not identify any unpatched browser vulnerabilities, whereas my previous version identified all my 3 browsers (IE8, Firefox, Opera) as insecure. It seems this new version only identifies browsers lacking known patches, but not browsers with vulnerabilities for which no patch yet exists. (I could be wrong here).
...
There is no Secure Browsing tab in the current release of the Secunia PSI 2.0 Beta. However, user feedback matters, and I will ensure that your concerns reach the ears (Well, eyes) of our developers. This, naturally, also applies to everybody else here who expressed their concerns about the Secure Browsing tab.
1) Microsoft Data Acc ess Components (MDAC) 2.x -> When I click on the download button from within Secunia it takes me to the MS Update page where I am told there are NO updates available. Nothing is found even when I tell it to "Check for Updates." Over and over...........
Some Microsoft Application do not "Kick in" until after a full reboot. Try a full scan in the PSI, and if this hasn't corrected the issue, try following this procedure:
1) Check Microsoft Update, install all critical/security patches available
2) Reboot
3) Repeat step 1, and repeat step 2 if anything was installed at this step
4) Run a full scan with the PSI.
You should be shown as Secure.
2) Sun Java JRE 1.6x / 6.x ->Pretty much the same story. I uninstalled everything "Java" I could find and then downloaded both the 32 & 64 bit versions. I then verified both installations with the Sun verify tool and was told everything was peachy! (my phrase not Sun's)
The PSI will always show the "Path" of the file it is detecting.
In the Secunia PSI 2.0 Beta, you can find the path to the file by clicking "+" next to the program's entry - the paths listed under "Detected Instances" are all present installations of the program on your system.
In the Secunia PSI 1.x (current stable version), you can find the "Installation Path" by expanding a program's entry (with "+"), under any tab where it is listed, and reading the field "Installation Path".
You can use Sun's own instructions for removing Java: http://www.java.com/en/download/help/uninstall_java.xml
If you follow these instructions, and then install the latest secure version (As of 28/09/10, this is Java JRE 6.x / 1.6.x, Update 20, though the newest is Update 21), you should be "Up To Date".
If there are any leftovers, you can use the "Detected instances" field to see where they are located.
I'm wondering if 2.0 lacks the (in)secure browser tab because:
1) it's still in beta, and they haven't added that tab yet, or
2) they've decided there's nothing that can be done with UNpatched programs, and on that basis, figured there's no need to notify [=worry] users that can't do anything about it [short of uninstall the program, which presumably, people who use it don't want to do].
The Secure Browsing tab was not originally included because several users expressed concerns about being unable to patch the vulnerabilities listed there. In the Beta period, we wished to see the feedback we would receive from the community if that tab was not included in the Beta.
However, we do listen to user concerns, and I suggest that those that want for this tab keep their eyes on the Secunia PSI 2.x Beta releases to come.
If anyone has further questions or feedback, feel free to post here, or come visit our User Community, located here: http://secunia.com/community/forum/all_threads/
For those who are interested, we just released a new version of the Secunia PSI 2.0 Beta. You can download the installer, and post feedback, in the thread for this release, found here: http://secunia.com/community/forum/thread/show/5727/secunia_psi_2_0_beta_new_release (Though, of course, we would listen if anyone opted to simply post here).
I assume that one change will be of particular interest to certain users. This is from the changelog from the new version:
...
Added the Secure Browsing feature: Secure Browsing known from the Secunia PSI 1.5 has been added to the Secunia PSI 2.0. For the Secure Browsing feature to be shown, you must enable it on the settings page
...
For a summary of all changes in this release, please see the newest addition to the changelog, found here: http://secunia.com/vulnerability_scanning/personal/changelog/
“Heimdal Agent is an intelligent monitoring software developed together with the banking industry to protect your privacy and security on the Internet, therefore reducing the risk of identity theft and disclosure of your personal information. What does this mean:
* Heimdal Agent monitors your software for any vulnerabilities – Highly reduces the chances of you getting infected. * Heimdal Agent offers to fix your software, if you don’t want to do it yourself. * Heimdal Agent monitors your system for any signs of a virus that could compromise your privacy on the internet ( ex. Creditcard/Bankaccount data) – Highly reduces the risk of having your money stolen * Heimdal Agent simplifies reporting and dialogue with your Bank, if the damage is already done
Don’t Worry – Heimdal Agent does not collect or disclose any personal information as your privacy is of equal importance to us. Heimdal Agent is designed to work with your Antivirus Program to keep you more safe, so we still strongly recommend use of an Anti virus Program. Download and be more safe”
Jeff Hoffman
2 Intern
•
881 Posts
0
September 2nd, 2010 21:00
I need some guidance. (as usual) I did download and install the beta. All went well. Ran the scan and updated several programs. Again everything looks good. Two programs seem to put me in an endless loop:
1) Microsoft Data Acc ess Components (MDAC) 2.x -> When I click on the download button from within Secunia it takes me to the MS Update page where I am told there are NO updates available. Nothing is found even when I tell it to "Check for Updates." Over and over...........
2) Sun Java JRE 1.6x / 6.x ->Pretty much the same story. I uninstalled everything "Java" I could find and then downloaded both the 32 & 64 bit versions. I then verified both installations with the Sun verify tool and was told everything was peachy! (my phrase not Sun's)
As you can surmise I am a complete newcomer to Secunia Personal Software Inspector. Are there some issues that cannot be "fixed?" If that is the case can I instruct Secunia to ignore selected programs?
I am doing my best to follow the great advice I have gotten here. The resource overhead is still surprisingly low.
At the moment I am using:
Avast! (Free ver.)
WinPatrol (paid ver.)
SUPERAntiSpyware (paid ver.)
SpywareBlaster (free ver.)
W.O.T.
MBAM
Secunia PSI
I have had zero virus/spyware/malware problems. ( That I am aware of anyway!)
As always any advice or guidance is gratefuly accepted!!
Thank You!
Jeff :emotion-22:
Jeff Hoffman
2 Intern
•
881 Posts
0
September 3rd, 2010 06:00
I decided to be a lab rat so I am using the beta version. Sun suggested I install 32 & 64 bit programs. I use the 32 bit IE once in a while.
Jeff
ky331
3 Apprentice
•
15.6K Posts
0
September 3rd, 2010 06:00
Jeff,
First a quick question: are you using the "standard" Secunia PSI 1.5 ? or the newer "beta" version 2 that Joe was talking about? Actually, that may not matter, but...
You need to check to see where (the path of) the questionable programs (MDAC and Java) are located. I'm working from Secunia 1.5. If you click the + in front of the insecure program's name, it should expand to show information, including the "installation path".
for example, on my XP SP3 system (so path's may be different for you), Secunia is showing I have MDAC twice... once, in
C:\Program Files\Common Files\System\ado\msadox.dll <==== standard location for XP SP3
and a second time in
C:\Documents and Settings\ky331\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
the second copy was installed as part of my Creative Media soundcard.
Comment 1: Microsoft/Windows update will only locate/update the "standard" Microsoft copy. It will not look for additional/alternative copies installed by other programs. You either have to find a way to get that third-party program (Creative, in my case) to update its files, or, perhaps, replace the third-party version with a copy of the updated file from the Microsoft version. (If doing the latter, we have to hope that the Msft version is fully backwards compatible with other files remaining from the third-party software.)
Comment 2: If the path mentions i386 , or something like D:\backup (assuming your main drive is C: ) , Secunia is finding copies of the originally installed files on your system. These copies are not the active/running versions, but rather, backups that can be tapped in case of emergency. These original/backup files do NOT get updated when the corresponding program gets updated! So if that's what's happening, you should simply add (just these) backup copies to Secunia's exclusion list. for example, I have instructed secunia to ignore the entire C:\i386 directory [including all of its subdirectories].
EDIT: I no longer have java on my system... but if memory serves me, the path (for xp sp3) was
c:\Program Files\Java
Somewho who (still) has java should be able to confirm this. of course, there will be a difference on your 64-bit win7 system, where you say you have both the 32 & 64 bit versions installed.
ky331
3 Apprentice
•
15.6K Posts
0
September 3rd, 2010 07:00
You only need to install the version of java based on the version of the browser you actually use (for java applications)...
i.e., if you only use 32-bit IE (for java applications), then you only need the 32-bit java.
if you only use 64-bit IE (for java), then you only need the 64-bit java
if you actually use both 32-bit AND 64-bit IE (for java), then you'll need both.
So if you're not using a 64-bit browser (for java access), then you can safely uninstall the 64-bit version.
joe53
2 Intern
•
5.8K Posts
0
September 4th, 2010 01:00
When the PSI 2.0 beta informed me that iTunes needed updating to v 10.0, I was hopeful that this would include a patch for the current vulnerability in QuickTime Player (which is included in iTunes).
After updating iTunes, I could not determine if this was true, as PSI 2.0 beta only notifies if all programs have the latest patch installed, but makes no mention of unpatched vulnerabilities.
So I uninstalled the beta, and re-installed v 1.5.
As I suspected, QT is still vulnerable and unpatched. But you would only know this by viewing the "Secure Browsing" tab, which the beta lacks.
ky331
3 Apprentice
•
15.6K Posts
0
September 4th, 2010 06:00
I'm wondering if 2.0 lacks the (in)secure browser tab because:
1) it's still in beta, and they haven't added that tab yet, or
2) they've decided there's nothing that can be done with UNpatched programs, and on that basis, figured there's no need to notify [=worry] users that can't do anything about it [short of uninstall the program, which presumably, people who use it don't want to do].
joe53
2 Intern
•
5.8K Posts
0
September 4th, 2010 15:00
Judging by the posts in the beta 2.0 forum, a lot of beta testers want the Secure Browsing tab re-installed.
The Secunia mods have noted this. I suspect it will be included in the final release.
Secunia
2 Posts
0
September 28th, 2010 04:00
Hello Everybody,
First off, be warned that I represent Secunia, and so might be a bit... biased. :)
Performance is actually one of the things we have been working to improving during the Secunia PSI 2.0 Beta. Specifically, it is now possible to de-select certain drives for scanning, so the PSI will skip them entirely. Furthermore, the PSI no longer scans locations set to be "Ignored", but skips over them entirely. However, the basic scanning engine has not been drastically changed, so in those matters the PSI is more or less itself.
If anyone should so wish, it is possible to globally disable Auto-Updates in the Secunia PSI 2.0 Beta, by unchecking "Enable automatic program updates" on the Settings tab in the PSI 2.0 Interface.
There is no Secure Browsing tab in the current release of the Secunia PSI 2.0 Beta. However, user feedback matters, and I will ensure that your concerns reach the ears (Well, eyes) of our developers. This, naturally, also applies to everybody else here who expressed their concerns about the Secure Browsing tab.
Some Microsoft Application do not "Kick in" until after a full reboot. Try a full scan in the PSI, and if this hasn't corrected the issue, try following this procedure:
1) Check Microsoft Update, install all critical/security patches available
2) Reboot
3) Repeat step 1, and repeat step 2 if anything was installed at this step
4) Run a full scan with the PSI.
You should be shown as Secure.
The PSI will always show the "Path" of the file it is detecting.
In the Secunia PSI 2.0 Beta, you can find the path to the file by clicking "+" next to the program's entry - the paths listed under "Detected Instances" are all present installations of the program on your system.
In the Secunia PSI 1.x (current stable version), you can find the "Installation Path" by expanding a program's entry (with "+"), under any tab where it is listed, and reading the field "Installation Path".
You can use Sun's own instructions for removing Java: http://www.java.com/en/download/help/uninstall_java.xml
If you follow these instructions, and then install the latest secure version (As of 28/09/10, this is Java JRE 6.x / 1.6.x, Update 20, though the newest is Update 21), you should be "Up To Date".
If there are any leftovers, you can use the "Detected instances" field to see where they are located.
The Secure Browsing tab was not originally included because several users expressed concerns about being unable to patch the vulnerabilities listed there. In the Beta period, we wished to see the feedback we would receive from the community if that tab was not included in the Beta.
However, we do listen to user concerns, and I suggest that those that want for this tab keep their eyes on the Secunia PSI 2.x Beta releases to come.
If anyone has further questions or feedback, feel free to post here, or come visit our User Community, located here: http://secunia.com/community/forum/all_threads/
hope this helps.
Emil R. Petersen,
Secunia PSI Community Supporter.
joe53
2 Intern
•
5.8K Posts
0
September 28th, 2010 18:00
Thanks for all that useful feedback, Emil.
I'm keeping an eye on the beta forum with interest.
Secunia
2 Posts
0
September 29th, 2010 07:00
Hi,
For those who are interested, we just released a new version of the Secunia PSI 2.0 Beta. You can download the installer, and post feedback, in the thread for this release, found here: http://secunia.com/community/forum/thread/show/5727/secunia_psi_2_0_beta_new_release (Though, of course, we would listen if anyone opted to simply post here).
I assume that one change will be of particular interest to certain users. This is from the changelog from the new version:
For a summary of all changes in this release, please see the newest addition to the changelog, found here: http://secunia.com/vulnerability_scanning/personal/changelog/
Kind Regards,
Emil R. Petersen
Secunia PSI Community Support.
lonewolfmru
2 Posts
0
October 11th, 2010 07:00
Please consider an alternative choice: Heimdal Agent
lonewolfmru
2 Posts
0
October 11th, 2010 07:00
Heimdal agent:
Download it here:
https://www.csis.dk/da/private/heimdal/
“Heimdal Agent is an intelligent monitoring software developed together with the banking industry to protect your privacy and security on the Internet, therefore reducing the risk of identity theft and disclosure of your personal information. What does this mean:
* Heimdal Agent monitors your software for any vulnerabilities – Highly reduces the chances of you getting infected.
* Heimdal Agent offers to fix your software, if you don’t want to do it yourself.
* Heimdal Agent monitors your system for any signs of a virus that could compromise your privacy on the internet ( ex. Creditcard/Bankaccount data) – Highly reduces the risk of having your money stolen
* Heimdal Agent simplifies reporting and dialogue with your Bank, if the damage is already done
Don’t Worry – Heimdal Agent does not collect or disclose any personal information as your privacy is of equal importance to us. Heimdal Agent is designed to work with your Antivirus Program to keep you more safe, so we still strongly recommend use of an Anti virus Program. Download and be more safe”
Feel free to try it and comment.