SUPERAntiSpyware Multiple Vulnerabilities?

Joe,

1) confirming your experience... PSI reporting that 4.34.0.1000, which I have, is insecure (albeit "only" a category 2 threat), yet it's advising updating to 4.34.1000 , which presumably is the same version.

2) the only "valid" claim they may have is their statement that "The vulnerabilities are reported in version 4.33.1000", so they suggest an "Update to version 4.34.1000, which fixes some of the vulnerabilities".   That seems to imply that even the "current" version 4.34 is not secure (and presumably not [yet] patched).

3) for what it's worth, the online inspector had been reporting, for several days, that my adobe reader was not secure, and needed to be updated to the version I already had installed!   after a few days, this advisory disappeared.

ky331:

Thanks for the confirmation.

It seems that version 4.34.1000 is indeed identical to 4.34.0.1000, depending on how you determine the version.

I followed PSI's instructions to get the latest version from SAS, and basically re-installed the same.

I got fed up with SAS' aggressive marketing pop-ups during the process (strike one), and the totally uneccessary attempt to insert SAS Free in my Startup (blocked by WinPatrol- strike two), only to end up with the same version that is still flagged by PSI as insecure (strike three).

Following my rule that any free security software needs a low "grief" factor, I have uninstalled SAS.

Problem solved.

I recognize that this might be a Secunia PSI problem. As far as that is concerned, PSI is on notice with me also. But at least Secunia is not irritating me with marketing pop-ups.

Joe, Here is the administrative response/defense from SAS, as copied/pasted from http://forums.superantispyware.com/index.php?/topic/3586-secunia-luka-milkovic-and-sas/ :

"Luka [Milkovic, who originally discovered/reported the alleged flaws] contacted our company and has, what I believe, attempted to extort us over these "issues" - no one has EVER used any of these items to exploit ANYTHING in the real-world.

We altered our kernel drivers so that his test code would no longer have issues, and he simple re-reverse engineered the drivers to make his test "work" again - I have the original code and can provide that if necessary to show this fact.

NONE of the functions as described above can be accessed by "any" program unless the program is authenticated with our driver - Luka indicated he would NOT post the authentication scheme which he ripped from our program - without that, no other application can access our drivers - as we did not play into the potential extortion Luka has included that code for malware authors to exploit. As such, we are altering the authentication scheme as we do often to prevent potential exploits and hacking. As such, any piece of code, including that of the Windows Kernel has and will always be reverse engineered in time.

Luka results essentially are like saying "I put sand in the pistons of a motor and now it crashed/stopped running" - there is always a way to force ANY driver to crash from kernel mode - NONE of the items documented by Luka are real-world and have not been exploited in over 5 years of the drivers being downloaded over 30 million times.

It's unfortunate that a single user such as Luka, who likely has another agenda, are allowed to post code and hide behind the walls of the Internet - all Luka is doing is helping malware authors."

Well how's this for a quick "resolution":  PSI is no longer objecting to SAS, having placed it back onto the "patched" list.  Hmm....

ky:

Thanks for the link to the SAS response thread. Interesting riposte from Luka!

Perhaps I was hasty in removing SAS, but to be honest I feel that MBAM is the better and quicker scanner.

PSI is restored to my good graces.