navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
Open Discussions
My Threads
Create Thread


You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
Member 31st Oct, 2011 02:52
Ranking: 0
Posts: 8
User Since: 10th Feb, 2010
System Score: N/A
Location: CA
Last edited on 31st Oct, 2011 03:03

Good day; (Tongue-in-cheek)

YES !!! PSI - SHOULD AUTO-UPDATE ITSELF ! Or, at the very least, be listed in the out-of-date
list, when an update becomes available.

The politically-correct answer found previously in the Forum, is entirely unsatisfactory.
Something about... "Because we only auto-update apps with vulnerability and security issues...."
.......Really... ? Seriously ?? We don't care; let the computer do the work!

Come on ! ...let the program itself do the work;
instead of having each customer have to look all the time if it is time to update; and getting us to do a manual download and update/install! We are using PSI exactly for that purpose; to automate these updates!

And, I have enough eMails as it is, so even if Secunia might be sending eMail when PSI can be updated... We don't care. lol

It is a GREAT program, let's use it to its full potential.

...OR, since there is a API, is there a third-party that's taking advantage of the hooks, to do this simple task ?

...Oh wait... Secunia does not create an alarm/trigger when PSI has an update ready, so no one can latch on the event ! ...Seriously ?

Sorry, Secunia's policy regarding this subject makes no sense at all.
Thank you. :-)

Member 31st Oct, 2011 03:04
Score: 0
Posts: 8
User Since: 10th Feb 2010
System Score: N/A
Location: CA
Last edited on 31st Oct, 2011 03:04
And I am unanimous, in that lol
Was this reply relevant?
Secunia Official 31st Oct, 2011 08:19
Score: 60
Posts: 59
User Since: 12th May 2011
System Score: N/A
Location: Copenhagen, DK
Last edited on 31st Oct, 2011 08:21

First of all (as you have stated) one needs to know that the PSI is a vulnerability scanner and not an ordinary update manager etc.
Software can be detected by the Secunia PSI as secure, even if the vendor has released a more recent version. This is because vendors release software updates not just to patch vulnerabilities, but also to fix software bugs or introduce software enhancements. These fixes and enhancements may be non-security related (for example, adding new functionality or features). Therefore, prior versions of software can be secure even if they are not the most recent ones, as long as no known vulnerabilities are reported in them.

In these cases, Secunia recommends that you read the vendor release notes to determine if you prefer to install the update or not.

You might be a private user who is running PSI on a single computer, but customers who have a large network are not always interested in keep updating hundreds of hosts every day. Instead they update whenever vulnerabilities are found on their network.

So yes, Secunia's policy makes perfect sense.

Kind regards,

Kamran Hussain
Secunia PSI Support

Secunia PSI
Member 2nd Nov, 2011 22:25
Score: 0
Posts: 8
User Since: 10th Feb 2010
System Score: N/A
Location: CA
Last edited on 2nd Nov, 2011 22:38
Good day;

Thank you for your reply, your argument makes sense for businesses.

And, as a 'home' user, I am grateful that this great s/w is free and available. It is a big help.

As per its own banner, I trust the focus and primary market for the PSI version is the home users.
"Personal Software Inspector - Detects and Installs (...)... for your PC"

Although cie's would be using CSI & PSI capabilities, filtering of events etc..

At work, as an sysadmin for a 1200 users network, naturally we do not allow auto-updates because of legacy apps, interactions, security etc... (Unfortunately, we do not use CSI & PSI)

I have to find, test, pckg and deploy enough apps at work! I say let the computer do the job at home. :-)

Note: Normally large software companies at least include a setting or a policy we set for that purpose; we get the choice... And all the good ones have it. (All the others should!) It is up to us to either enable or disable it thru Policies etc... At least we are given the flexibility.

As a home user, I still say that such an option should be available. If we decide NOT to get auto-updates, it is our own choice. The flexibility does not yet exist in PSI.

I think it is a very valid suggestion.

Any good commercial software has an auto-update option.. (-- I know PSI is free, but go along with me for a minute :-) )

I know I'd feel more confortable to always have an up-to-date release of PSI, as I rely on it heavily to defend against vulnerabilities on all my home PCs.

All we ask, is for an option "Auto-Update" or "Auto-Check for Newer Version When Opening" for PSI itself, just like others have... Adobe Acrobat, Microsoft Windows, Java etc... Whatever the purpose of the application, the application itself shoud always get auto-updates.

In PSI's case, NOT necessarily as part of the PSI scan, though... Just a quick check when we open it.

I'll leave you on that, and on the knowledge that others have asked for it before, and many more will as well. :-)

I am stil lpleased with the application, and I would not live without it. :-)

Thank you Sir.

Was this reply relevant?
Dedicated Contributor 2nd Nov, 2011 22:40
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
PSI has always updated itself for major releases. If you read the Changelog for the updates since Version 2, you will notice the advice is not to install the upgrade unless you are experiencing problems.

This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
Member 2nd Nov, 2011 22:47
Score: 0
Posts: 8
User Since: 10th Feb 2010
System Score: N/A
Location: CA
Last edited on 2nd Nov, 2011 22:50
Thank you. :-)

My point exactly (well, kind of )... :-)

In either case, we should be given the choice, with an option.

And I do agree, it is not a function of the Vulnerability Scanner (the purpose of the app), but a function of the app itself.

Two separate 'entities' / functions, is what I meant, but it didn't come out clearly enough in my initial post. I do agree, it should be separate, and kept out of the PSI scanner's results.

Thank you again.
Was this reply relevant?
Member 2nd Nov, 2011 22:55
Score: 0
Posts: 8
User Since: 10th Feb 2010
System Score: N/A
Location: CA
Last edited on 2nd Nov, 2011 22:58
Just one more example;

Anti-virus progs do auto-update of their engines, and it is not viewed as 'because' it has vulnerabilities, but as -having added functionality-, speed, better compatibility with newer OSs etc...

It is not viewed negatively, if that's what Secunia is worried about. :-)
Was this reply relevant?
Expert Contributor 2nd Nov, 2011 23:06
Score: 2468
Posts: 3,350
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Further to ddm's comments , since inception , virtually every update prior to version 2.0.x has been fairly clearly signalled to the user ; either within the GUI , by email or here in the Forum (or all three ways) . Version , I believe , is very keen to push you to version 2.0.x even when it will not run for some - the nag being most annoying , apparently .

Version 2.0.x is wotk in progress :eg :no language local versions . As stated , if you read the changelog some versions are for specific bug fixes and some have been less than successful .

I always check for myself what updates I load to any software and believe that other ways (welcome to the machine) can leave one in unnecessary ignorance .

There is a specific problem (much discussed on the Forum) in that version numbers are not shown at the download site and the changelog is incomplete .

As the PSI is a vulnerability checker and all versions of PSI are secure , if what you run is working correctly then why/don't fix it ; allowing that it is your choice . The very latest version is not more secure and may be "buggy" :(((

More important is getting the average user to choose to keep her/his system/programmes secure and as "up to date" as is possible/relevant ; not to mention making this present website version legible/navigable in all browsers for those with less than 20/20 !!

Take care



It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?

This thread has been marked as locked.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
Secunia © 2002-2015 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+