Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: EOL program installed by PSI "fix"

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Shockwave Player 10.x

This thread has been marked as locked.
Keyrlis EOL program installed by PSI "fix"
Member 2nd Nov, 2011 22:34
Ranking: 0
Posts: 1
User Since: 10th Apr, 2010
System Score: N/A
Location: N/A
Please do not refer me to any of the other threads relating to this Shockwave problem, they are all incorrect, and some are a little presumptuous.

I have received the End of Life warning about my Adobe SW player, and gives me this as the installation path: C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
I have both automatically and manually removed this program, and, in fact, this entire path, but a new scan shows it as being there, but will not "open containing folder", as the folder is not there.
After checking registry entries and rebooting, I received no warning, but sure enough, as soon as either "fix" was run (install of "sw_li_full_installer.msi" from the PSI program, or manually navigating to Adobe website and downloading), my insecurity popped up. A check of the folder shows that both on a full install or a repair, Adobe includes SW10 with the SW 11.X install. If the programmers choose to include this code for backwards capability, it is, by definition, still supported.

Also, submitting "do you ever use the program? Why not remove it?" is fallacious. Either the user is tech savvy such as I am (it's my job) and knows what Shockwave is needed for, or they are as computer timid as my mother, and thinks Shockwave is a form of electrocution prevention. To assume someone knows if they do not use it and hasn't already removed it seems denigrating and contrary to actually helping them, especially in light of the fact that PSI causes reoccurance with its own solution. Removing the program can be the solution to ANY software problem. If you remove Windows, you will have NO problems whatsoever, but you may find functionality is reduced.
In view of the facts, the proper action is to ignore the problem PSI is causing by double clicking on the SW10 program to bring up the program dialog, right-clicking on the given path to the Swinit.exe file, and choosing to ignore.

ddmarshall RE: EOL program installed by PSI "fix"
Dedicated Contributor 2nd Nov, 2011 23:36
Score: 1205
Posts: 956
User Since: 8th Nov 2008
System Score: 98%
Location: UK
That's not what I experience if I download Shockwave from the Adobe website. I only get Shockwave 11 and it is detected in
C:\Windows\System32\Adobe\Shockwave 11\SwInit.exe

This is on a computer which never had Shockwave 10 installed.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
Anthony Wells RE: EOL program installed by PSI "fix"
Expert Contributor 2nd Nov, 2011 23:39
Score: 2427
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 2nd Nov, 2011 23:45
Hi ,

You are correct in that there are rather sweeping comments re Shockwave and they may not help your dear old mum !!

However , the backward capability between 10 nd 11 is somewhat of a moot point and technically 10 is not fully supported ; hence the PSI has moved from showing it as "Insecure" to being "EOL" . As it does not fit the criteria of a "zombie" that is as good as you are likely to get .

A delete or use of the shockwave unistaller and reinstall (as below) should get you to 11 without 10 .

The fact that many websites , especially games , still use 10 is why it crops up so often (on the forum) and this factor has in the past been been pointed out (by me at least) but has slipped away more recently .

The nub is that if you delete it and a game needs it you will get it (re)offered . Whether you consider it to be 100% scecure is up to you , in which case an ignore rule is an option , but should not be the norm , after all , it may be a left over and best deleted . An ignore rule is for the picky with an excellent memory .

I am not sure from your post just why you cannot delete 10 or whether you can and an app/site is recalling it or whether the full installer (you mention) is currently still including 10 ; my download from Adobe does not bring it :-

http://www.adobe.com/

and

http://get.adobe.com/shockwave/

which is how I normally update .

EDIT: unlike ddm , I have had 10 loaded in the past and tested it with a game which I only used for research .

Do you need help in finding the recacitrant folder/file ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: EOL program installed by PSI "fix"
Handling Contributor 3rd Nov, 2011 02:15
Score: 11610
Posts: 8,906
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Until recently most OEM versions of Windows had Adobe products pre installed to get you started "out of the box" along with other total crapware. Sadly many owners of PC's I fix firmly believe that without Adobe (and other) free products installed Windows will not work because "it was installed when I purchased it".

That it why it is relevant to ask "Do you really require Shockwave" given that on a good day Adobe Support to users just manages an appalling rating set against their extremely poor security record.

If Shockwave is ever required by a programme it should notify you of that fact - that is the time to install it.

It would also help if some statements were factually correct before advising users to ignore an alleged vulnerability.

1. A clean install of version 11.6.1.629 DOES NOT install 10\SwInit.exe if using the Adobe download link here:
http://get.adobe.com/shockwave/

2.A clean install DOES NOT trigger a vulnerability report from PSI.

3. When using the Shockwave Programme uninstaller via Windows Explorer it DOES NOT always remove the SwInit file - that requires manual removal hence some may end up having two SwInit.exe files (and a possible vulnerability like you). It has nothing to do with backward compatibility just the inability of Adobe to clean up correctly or a user having a dependant programme in use. There is further evidence on a 64Bit system whereby Adobe Shockwave dross if left in HKEY_CURRENT_USER in both the AppDataLow & WOW6432Node folders whatever method is used.

4. When using the Adobe web uninstaller it DOES remove the old exe file but does not clean up the registry or some programme files which are overwritten on any new install.

5. I am not sure Adobe cater for backward compatibility - more that vendors update their wares to a secure Adobe version. Adobe website advice is:

1. Uninstall previous versions
Be sure to remove previous versions before you install Shockwave Player. Use any of the following methods:

•Double-click the uninstaller.exe file in C:\Windows\system32\Adobe\Shockwave 11.
•Use the Add Or Remove Programs utility in the Windows Control Panel.
•(Shockwave 8 and 8.5) Use the uninstaller available from the Web Players page.

Note: Close all applications before you run the Shockwave Player uninstaller. Quit all running applications, including browsers and instant messaging clients. Check the Windows system tray to make sure that no applications that use Shockwave Player are in use.


6. Ignoring a vulnerability is always an option - the caveat should be that a Risk Assessment is carried out against the Secunia Advisory NOT a blatant disregard of the advice given by Secunia on some non existent or very poor testing by someone stating to be Tech Savvy.

7. If you consider a detection rule is faulty then you can use the preferred link to spell out the technicalities:
http://secunia.com/products/consumer/PSI/faq/#q15

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability