Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
All Threads
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: False 100% score

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
technogeek592 False 100% score
Member 20th Apr, 2012 18:31
Ranking: 0
Posts: 11
User Since: 14th Jan, 2012
System Score: N/A
Location: US
 I just ran a scan with PSI 2.0 on my Windows 7 SP1 system that I know has at least two outdated programs - Adobe Reader (installed version 10.1.2, current version 10.1.3), and Adobe Flash (installed version 11.2.202.228, current version 11.2.202.233). Shouldn't it be giving me less than a 100% score?

wr RE: False 100% score
Contributor 20th Apr, 2012 21:12
Score: 298
Posts: 717
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 20th Apr, 2012 21:14		 Hi technogeek592

Remember that PSI is not a general updater but a vulnerability checker, I don't use the bloated &
intrusive Adobe Reader to view PDF files as there are plenty of other choices-some are even free. However I do use Adobe Flash the latest v is for cosmetic/bug fixes-the v you have installed is secure as
you can make it, therefore the bug fix/cosmetic changes aren't detected by the PSI.

Hope this helps.

Regards, wr

EDIT: Spelling


--
HP Pavilion Slimline
Windows Vista Home Premium SP2 32 bit
AMD Athlon 64 X2
Firefox 17.0.6 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+1
-0
ddmarshall RE: False 100% score
Dedicated Contributor 20th Apr, 2012 23:53
Score: 1129
Posts: 914
User Since: 8th Nov 2008
System Score: 100%
Location: UK
 As wr says, Flash Player 11.2.202.228 has no vulnerabilities; 11.2.202.233 is a bug fix. However, Adobe Reader 10.1.2 should be detected as needing updating.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
technogeek592 RE: False 100% score
Member 21st Apr, 2012 05:31
Score: 0
Posts: 11
User Since: 14th Jan 2012
System Score: N/A
Location: US
 wr and ddmarshall, thank you for your replies.

I should add that I ran other scans several days after Microsoft released its latest patches, but before I applied them. It gave me a 100% score on those, too. Some of the patches are security updates, so it should have detected Windows, Office, IE9 and a few other things as insecure. The scan I mentioned in my first post was after I applied them. I may keep Reader at version 10.1.2 and try uninstalling and reinstalling PSI to see if that makes a difference.

(By the way, a few days ago I installed PDF-XChange Viewer because it lets me save data in files that Reader won't.)
Was this reply relevant?
+0
-0
technogeek592 RE: False 100% score
Member 21st Apr, 2012 22:41
Score: 0
Posts: 11
User Since: 14th Jan 2012
System Score: N/A
Location: US
 There's something about my last scan I hadn't noticed until a few minutes ago. The scan message said "Scan failed (ID: 3000)." But instead of displaying an error message after the scan ended, it showed a message that made it look like it had succeeded with a 100% score.

I ran that scan from the standard account I use most of the time (UAC asks for my admin password before it will launch). Scans from there have always worked before, but they've apparently been failing the last few times. I tried another scan a few minutes ago, this time from my admin account. It succeeded and detected Adobe Reader 10.1.2 as insecure. At least now I don't have to bother with uninstalling and reinstalling.

My immediate problem has been resolved. But I am curious about what happened, and why it gave a misleading success message.
Was this reply relevant?
+0
-0

puget1

 RE: False 100% score
[+]
This reply has been minimised due to a negative Relevancy Score.
technogeek592 RE: False 100% score
Member 22nd Apr, 2012 04:39
Score: 0
Posts: 11
User Since: 14th Jan 2012
System Score: N/A
Location: US
 puget1,

Thank you for your input, but I don't think it's a case of unrealistic expectations. All the updates I'm talking about that PSI should have detected were released April 10. Enough time had passed between then and my scans, in some cases more than a week, that I think I could reasonably expect those updates to have been in Secunia's database. A possible delay of a few days did occur to me, and I allowed for it, but I'm sure Secunia works to get new vulnerabilities into its database as soon as possible after learning of them.

I think something else is going on here.
Was this reply relevant?
+0
-0
ddmarshall RE: False 100% score
Dedicated Contributor 22nd Apr, 2012 11:30
Score: 1129
Posts: 914
User Since: 8th Nov 2008
System Score: 100%
Location: UK
 I also sometimes run the scan from a standard user account. I just tried it now (on a Vista system) with no problems. The UAC prompt should cause a switch to the context of the Administrator account, so I don't understand why the error occurs in one and not the other. Let's hope the Secunia officials spot this amongst all the Spam and can explain what the error 3000 means.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
throkr. RE: False 100% score
Member 22nd Apr, 2012 13:55
Score: 71
Posts: 78
User Since: 22nd Nov 2009
System Score: 100%
Location: BE
 I always launch PSI from the standard user account (which is, of course, the one I use most of the time) and never had a problem.
After the UAC prompt, PSI starts in the Administrator context.

--
Win 8 Pro x64

OSS Pro - MBAM Pro - SAS Pro - Secunia PSI (2.0.0.3003)
Mozilla Firefox - Cyberfox (x64) - SRWare Iron

- All current versions & updates -
Was this reply relevant?
+1
-0
puget1 RE: False 100% score
Member 22nd Apr, 2012 17:14
Score: 0
Posts: 541
User Since: 21st Dec 2007
System Score: 100%
Location: US
 @technogeek

Here are a few leads in your delema:
http://www.w7forums.com/archive/f-9.html
http://msdn.microsoft.com/en-us/library/cc645601%2...
https://secunia.com/products/corporate/csi/faq/

Why do I sometimes get Partial scan status in my completed scans?
The Secunia CSI scans consists of 2 parts; the first part is 3rd party applications that the Secunia CSI scans for, the second part is Microsoft patching status that the Secunia CSI gets from the Windows Update Agent (WUA) if this part is not successful you'll get a Partial scan result. ( or probably null in PSI)

Hopefully,this is what you are looking for and not just Spam,so you can come to a conclusion: There have been some problems with mirrors needing updateing. Windows 7 has always had a unique set of problems with Secunia. Inspite of more Senior contributors beliefs and inspite of being redontant, I also use a appication updater which keeps me out of trouble with Secunia

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox21.0 Avast -Spybot-Malwarebytes Sandboxie

IE 9-seldom
Was this reply relevant?
+3
-2

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability