Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: [PSI3.0] Auto-update of portable/extracted apps

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
me-me [PSI3.0] Auto-update of portable/extracted apps
Member 9th Jul, 2012 19:21
Ranking: 0
Posts: 3
User Since: 9th Jul, 2012
System Score: N/A
Location: CZ
PSI 3 correctly detected vulnerable program (VLC 2.0.1) on my PC. This program was not installed (via installer), just extracted from zip package to [i]D:\vlc[i].

The update (from PSI point of view) was successful, but as a result I got VLC 2.0.2 installed in [i]C:\Program Files\VideoLAN\VLC\[i] (and Start menu, ...) and the original VLC in [i]D:\vlc[i] was left untouched.

Is it possible to tell PSI to update the application at the same location where it finds it?

Anthony Wells RE: [PSI3.0] Auto-update of portable/extracted apps
Expert Contributor 9th Jul, 2012 20:36
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

It would help (me) if you could clarify as to whether you ran ran a scan (by chance) to detect the vulnerable 2.0.1 version or did you get a warning in the tray icon before scanning . So far , after I updated following a warning from Firefox on Friday last , the PSI continues to give me a green with icon with version 2.0.1 showing as patched in my last scan (last Friday as well , as it happens) ; Secunia advisory 49835 was only released today :-

http://secunia.com/advisories/49835/

One of the problems with silent auto-updating is that wherever the PSI detects the installation , it will patch by installing to the default location . This is/can be a major problem (for you) if it involves a browser :eg: Mozilla Firefox , as per this thread :-

http://secunia.com/community/forum/thread/show/129...

Secunia really need to look into this and how to warn you of potential problems ; much easier in version 2.x than 3.x of the PSI , but in any case the current situation is far from satisfactory .

Your reply will be much appreciated while we wait to see if support respond here in the Forum .

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
me-me RE: [PSI3.0] Auto-update of portable/extracted apps
Member 10th Jul, 2012 20:08
Score: 0
Posts: 3
User Since: 9th Jul 2012
System Score: N/A
Location: CZ
There was a tray warning that got my attention. It said that there was a program that required manual update. When I opened PSI to see which program was that I saw that auto-update was already in progress. The result was as described (i.e. new version installed into default location and the original one left unpatched)
Was this reply relevant?
+0
-0
Anthony Wells RE: [PSI3.0] Auto-update of portable/extracted apps
Expert Contributor 13th Jul, 2012 23:20
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

HI ,

If you have selected "auto-updating" then what happened is the correct procedure .

Could you confirm this setting (see"Settings" bottom left of any PSI page) , please .

Thank you .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
me-me RE: [PSI3.0] Auto-update of portable/extracted apps
Member 14th Jul, 2012 10:41
Score: 0
Posts: 3
User Since: 9th Jul 2012
System Score: N/A
Location: CZ
Yes auto-updating is enabled. I'd just expect PSI to update the program in its current location, not leaving the old one unpatched and installing a new version elsewhere.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability