Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Enabling secure browser mode. What does it all mean, Bazzle?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
RoloDman Enabling secure browser mode. What does it all mean, Bazzle?
Member 29th Jan, 2012 23:46
Ranking: 0
Posts: 4
User Since: 29th Jan, 2012
System Score: N/A
Location: US
Thank you for taking a look at my thread because I am sure you must get this a lot. It's pretty nifty that Secunia would have this forum.

I have enabled the secure browsing function of your software, for the first time, and I notced several unpatched and no vendor solution issues listed for IE and Firefox. All f my browsers are updated.


SA47161, SA47129, SA45173, SA47325 for both 32 and 64 bit versions

firefox: SA47161, SA47400, S45173, SA47325

how should I proceed?

jimayo RE: Enabling secure browser mode. What does it all mean, Bazzle?
Member 30th Jan, 2012 00:54
Score: 22
Posts: 9
User Since: 8th Sep 2010
System Score: N/A
Location: US
Last edited on 30th Jan, 2012 00:55
I saw this statement on another post.

"In the scan results, only vulnerabilities that have patches available are reported.
The secure browsing feature lists unpatched vulnerabilities as well. This is an aid to deciding which browser to use. In this case, all browsers are deemed to be affected so the only steps you can take is to be careful which website you visit and hope your antivirus will block anything you come across."

On my system my scan shows 100% but show 3 vulnerabilities for each browser under Secure Browser.

Are we missing something or is that statement correct?

Jim (Phone Man)
Was this reply relevant?
+0
-0
ddmarshall RE: Enabling secure browser mode. What does it all mean, Bazzle?
Dedicated Contributor 30th Jan, 2012 01:13
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The main part of PSI is only concerned with notifying you about vulnerabilities for which patches are available. When you enable the Secure Browsing feature you will also get information about vulnerabilites in browsers and their addons for which there are no patches.
The idea of this is to allow you to make an informed decision about which browser to use. There is nothing you can do to remedy the vulnerabilities; although, if you follow the links in the Security Advisories, there may be information about workarounds or disabling some features to mitigate the risk. Often these can limit the functionality of the browser.

You need to consider the severity of the risk of a particular vulnerability when deciding which browser to use.

In practice, most attacks use old vulnerabilities for which patches are available and rely on the many unpatched systems out there to make their money. For example, here's a recent attack that uses a vulnerability that was patched in 2006.
http://blogs.technet.com/b/mmpc/archive/2012/01/19...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+4
-0
jimayo RE: Enabling secure browser mode. What does it all mean, Bazzle?
Member 30th Jan, 2012 01:24
Score: 22
Posts: 9
User Since: 8th Sep 2010
System Score: N/A
Location: US
Thanks for confirming that statement. I find that troubling that Secunia Scan will give me 100% when there are known vulnerabilities in my programs. Just because there is not a patch I think we should be notified in the Scan results.

Jim
Was this reply relevant?
+0
-1
ddmarshall RE: Enabling secure browser mode. What does it all mean, Bazzle?
Dedicated Contributor 30th Jan, 2012 01:59
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If you were notified, what could you do?

You can subscribe to the vulnerability emails through the Profile tab on this page to get news of vulnerabilities as they are published.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
RoloDman RE: Enabling secure browser mode. What does it all mean, Bazzle?
Member 30th Jan, 2012 02:16
Score: 0
Posts: 4
User Since: 29th Jan 2012
System Score: N/A
Location: US
Last edited on 30th Jan, 2012 03:53
thanks for the info. I guess I'll be disabling that function of PSI. Heck, maybe I should disable your PSI all together seeing as it's telling me I am 100% protected until I turn on the secure browsing feature. Seems a bit misleading to me...
Was this reply relevant?
+0
-0
jimayo RE: Enabling secure browser mode. What does it all mean, Bazzle?
Member 30th Jan, 2012 06:18
Score: 22
Posts: 9
User Since: 8th Sep 2010
System Score: N/A
Location: US
I thought the purpose of PSI was to look at what I have on my system and let me know of any vulnerabilities and not cover up those that don't have a fix. Then I can decide to live with it or remove the program. I don't need to know every vulnerability on every program in the world, just the ones I have on my system. This is a big disappointment.

Jim
Was this reply relevant?
+0
-1
ddmarshall RE: Enabling secure browser mode. What does it all mean, Bazzle?
Dedicated Contributor 30th Jan, 2012 12:03
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
At the top of the PSI window it says:
'Detects and installs missing security patches for your PC'

I don't think it claims anywhere in the documentation that it does anything else.

If you want to be told about known vulnerabilities for your products you can use the Vulnerabilty Intelligence Manager: http://secunia.com/vulnerability_intelligence/

You will still have unpublicised and undiscovered vulnerabilities in your software.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability