navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: False 100% score

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
technogeek592 False 100% score
Member 20th Apr, 2012 18:31
Ranking: 0
Posts: 15
User Since: 14th Jan, 2012
System Score: N/A
Location: US
I just ran a scan with PSI 2.0 on my Windows 7 SP1 system that I know has at least two outdated programs - Adobe Reader (installed version 10.1.2, current version 10.1.3), and Adobe Flash (installed version 11.2.202.228, current version 11.2.202.233). Shouldn't it be giving me less than a 100% score?

wr RE: False 100% score
Contributor 20th Apr, 2012 21:12
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 20th Apr, 2012 21:14
Hi technogeek592

Remember that PSI is not a general updater but a vulnerability checker, I don't use the bloated &
intrusive Adobe Reader to view PDF files as there are plenty of other choices-some are even free. However I do use Adobe Flash the latest v is for cosmetic/bug fixes-the v you have installed is secure as
you can make it, therefore the bug fix/cosmetic changes aren't detected by the PSI.

Hope this helps.

Regards, wr

EDIT: Spelling


--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.2.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+1
-0
ddmarshall RE: False 100% score
Dedicated Contributor 20th Apr, 2012 23:53
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
As wr says, Flash Player 11.2.202.228 has no vulnerabilities; 11.2.202.233 is a bug fix. However, Adobe Reader 10.1.2 should be detected as needing updating.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
technogeek592 RE: False 100% score
Member 21st Apr, 2012 05:31
Score: 0
Posts: 15
User Since: 14th Jan 2012
System Score: N/A
Location: US
wr and ddmarshall, thank you for your replies.

I should add that I ran other scans several days after Microsoft released its latest patches, but before I applied them. It gave me a 100% score on those, too. Some of the patches are security updates, so it should have detected Windows, Office, IE9 and a few other things as insecure. The scan I mentioned in my first post was after I applied them. I may keep Reader at version 10.1.2 and try uninstalling and reinstalling PSI to see if that makes a difference.

(By the way, a few days ago I installed PDF-XChange Viewer because it lets me save data in files that Reader won't.)
Was this reply relevant?
+0
-0
technogeek592 RE: False 100% score
Member 21st Apr, 2012 22:41
Score: 0
Posts: 15
User Since: 14th Jan 2012
System Score: N/A
Location: US
There's something about my last scan I hadn't noticed until a few minutes ago. The scan message said "Scan failed (ID: 3000)." But instead of displaying an error message after the scan ended, it showed a message that made it look like it had succeeded with a 100% score.

I ran that scan from the standard account I use most of the time (UAC asks for my admin password before it will launch). Scans from there have always worked before, but they've apparently been failing the last few times. I tried another scan a few minutes ago, this time from my admin account. It succeeded and detected Adobe Reader 10.1.2 as insecure. At least now I don't have to bother with uninstalling and reinstalling.

My immediate problem has been resolved. But I am curious about what happened, and why it gave a misleading success message.

Was this reply relevant?
+0
-0

puget1

RE: False 100% score
[+]
This reply has been minimised due to a negative Relevancy Score.
technogeek592 RE: False 100% score
Member 22nd Apr, 2012 04:39
Score: 0
Posts: 15
User Since: 14th Jan 2012
System Score: N/A
Location: US
puget1,

Thank you for your input, but I don't think it's a case of unrealistic expectations. All the updates I'm talking about that PSI should have detected were released April 10. Enough time had passed between then and my scans, in some cases more than a week, that I think I could reasonably expect those updates to have been in Secunia's database. A possible delay of a few days did occur to me, and I allowed for it, but I'm sure Secunia works to get new vulnerabilities into its database as soon as possible after learning of them.

I think something else is going on here.
Was this reply relevant?
+0
-0
ddmarshall RE: False 100% score
Dedicated Contributor 22nd Apr, 2012 11:30
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I also sometimes run the scan from a standard user account. I just tried it now (on a Vista system) with no problems. The UAC prompt should cause a switch to the context of the Administrator account, so I don't understand why the error occurs in one and not the other. Let's hope the Secunia officials spot this amongst all the Spam and can explain what the error 3000 means.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
throkr. RE: False 100% score
Member 22nd Apr, 2012 13:55
Score: 72
Posts: 85
User Since: 22nd Nov 2009
System Score: 100%
Location: BE
I always launch PSI from the standard user account (which is, of course, the one I use most of the time) and never had a problem.
After the UAC prompt, PSI starts in the Administrator context.


--
Win 8.1.1 Pro x64

OSS Pro - MBAM Pro - SAS Pro - Secunia PSI (2.0.0.3003)
Mozilla Firefox - Cyberfox (x64) - SRWare Iron

- All current versions & updates -
Was this reply relevant?
+1
-0

puget1

RE: False 100% score
[+]
This reply has been minimised due to a negative Relevancy Score.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+