navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Why I can't use PSI 3.0

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
ratbat Why I can't use PSI 3.0
Member 18th Oct, 2012 22:47
Ranking: 0
Posts: 3
User Since: 18th Oct, 2012
System Score: N/A
Location: UK
Last edited on 18th Oct, 2012 22:48

I personally have installed PSI on thousands of home PCs, the engineers who work for me, even more. I think it is a great technology and an important step forward in trying to secure people in an increasingly scam filled world.

However, I am hitting a brick wall with version PSI 3.0. A simple issue, but a killer issue: in version 2 it was possible to tell PSI to ignore a directory tree, in version 3 that facility was removed.

How could that be a killer issue? In comes from the process we follow to move people to a new PC. You should be able to take an old PC copy the “My Documents”, email files etc to the new machine and you have everything you need for a happy user. The reality is people do not always store files in the directory they should. Sometimes users create directories directly off C:\ and put their most important files in them. Sometimes programs store their data files in c:\program files\. “That’s crazy” you say, “they should never do that”, but it does not matter that it’s bad, wrong and evil, it happens. Genealogy software is seems to be a bugger for storing its files with its code, for example. People spend thousands of hours creating those family trees. That’s just one example, there are all sorts of examples out there in the field. There’re not right, but they happen.

Often you do not find out until months later when a user is looking for some obscure thing they do not use very often. If it is not in My Documents it would be long gone, the old disk DBAN’ed and no sign of the file in Carbonite because it was in a directory that Carbonite did not know to look in.

So we change the permissions on all files on the old disk and copy the lot to a directory on the new machine. That includes programs, OS, everything. The modern disks are much bigger, the old system only takes up a tiny corner on the new system. If something is found missing at a later date we can recover it.

That approach works well and as gotten us out of many tight spots (not of our own making), but is clashes with PSI. PSI sees programs on the old disk directory, programs that we often do not want to install on the new machine, but PSI sees the old and installs new versions on the new machine. In version 2 we could say ignore whole directory tree from the old machine. The stuff in there is never going to be run, there is no way for it to be run, so it is ok to close it off as an achieve. PSI 3 stops us doing that. We can ignore one program at a time, but often, immediately after the upgrade, there are plenty of programs in the achieve that are up to date. There is no way to tell PSI to ignore them. So at some later date they will go out of date update will cut in and install the default directory, leaving the stub behind in the achieve for PSI to keep complaining about.

We try to train users to take PSI seriously, but every time it complains about something that is not really an issue, the user pay a little less attention to it. I would say 95% or more of them just ignore it. We still get value from it if it is doing some portion of the updates. That value is offset when it re-installs programs that used to be on the old PC, but we have not installed on the new PC because of security concerns (like Java at the moment).

We need to be able to tell PSI 3 to ignore a directory tree. If that functionality does not sit well in the current UI, give us a Registry key we can edit, but give us a way of getting this functionality back. It’s simple, but vital.

Anthony Wells RE: Why I can't use PSI 3.0
Expert Contributor 19th Oct, 2012 03:05
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 19th Oct, 2012 03:09
Hi ,

What you are asking for is the version 2.x "Create an Ignore Rule" (general) facility as opposed to the more limited/specific "Ignore this programme" rule of versions 2.x and 3.x .

This has been in the back of my mind for some time but was not sure exactly what kind of a problem it might cause .

In PSI 2.x in the individual programme ignore rule (opened with the yelow folder icon with the red blob) you can edit the string to work back up the tree . Can you do this with version 3.0.x (sorry I don't have it loaded atm) .??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
ratbat RE: Why I can't use PSI 3.0
Member 19th Oct, 2012 11:13
Score: 0
Posts: 3
User Since: 18th Oct 2012
System Score: N/A
Location: UK
Anthony,

>What you are asking for is the version 2.x "Create an Ignore Rule" (general) facility as opposed to the more limited/specific "Ignore this programme" rule of versions 2.x and 3.x .

Yes exactly, that’s exactly what we need in v3.

>you can edit the string to work back up the tree.

Unfortunately not. We could in v2, but the facility has been removed in v3. What is more, it is not clear what you are telling PSI 3.0 to ignore. If, for example, v3 finds a copy of Chrome in the archive directory and I tell it to ignore, there is only one button to “ignore this program”. It is very unclear if I am ignoring all future updates to Chrome for all users forever more, or just ignoring updates to the old junk in the archive. This was much clearer in v2, where we were specifying specific .exe’s in specific locations to ignore.

To compound the problem, once an ignore rule is set, I cannot find where to view the list of ignore rules in v3 (in was in settings in v2).

I hope the program manager for PSI is reading this, slapping his forehead and saying “Oh, I get it. We broke the ignore rules.” If so I suggest a two stage solution:

Working out how to create a new UI around this will take time, please give us an interim solution. Stage one would be a way to manually edit in ignore rules. Perhaps in a Registry key or a .txt file in the Secunia program directory. Nothing fancy needed, just the ability to put in a file or directory name and have the scans ignore it. I know it is not very user friendly to edit in this way, but it is only going to be geeks playing around at this level, we do not care (in fact we love an excuse it fiddle around).

Stage 2 would be to include more flexible ignore rules in the UI (like in v2) and to have an option in the settings to display the ignore rules.

I really want to use v3 because of the automatic updates. We cannot get users to take responsibility for keeping their systems up to date, we need as much automation as possible. Only the ignore rules are clashing with that goal and it seems so easy to fix.

Ratbat.
Was this reply relevant?
+0
-0
millwood RE: Why I can't use PSI 3.0
Member 20th Oct, 2012 21:55
Score: 3
Posts: 26
User Since: 14th May 2008
System Score: N/A
Location: US
I'm in violent agreement.

I've just installed a new machine, and have a copy of the old one's complete disk in the new filesystem. And of course PSI is going bonkers over it.

I've also had PSI go bonkers over a mounted external backup disk.

Please Please Please give us back control of what is scanned.
Was this reply relevant?
+0
-0
ratbat RE: Why I can't use PSI 3.0
Member 22nd Oct, 2012 10:17
Score: 0
Posts: 3
User Since: 18th Oct 2012
System Score: N/A
Location: UK
So how do things get done in this neighbourhood?

If we all agree this needs to happen, how do we make sure the PSI Product Manager gets to see these words? Do we know that Secunia folks read all of the posts on these pages? Or is this just users talking to users?

I am a big fan of PSI, I would really like to keep using it.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Why I can't use PSI 3.0
Handling Contributor 22nd Oct, 2012 10:51
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Good question. You make a VERY important point. I would email support at support@secunia.com where you can chase it from there.

From personal experience & watching the Forum where others have made excellent comments & suggestions you may well get a reply that your requirement has been passed to the "appropriate people".

That normally means it will get "kicked into the long grass" & no more updates will be given on the issue unless you chase it.

This is but one example:

https://secunia.com/community/forum/thread/show/13...

Apart from a well known & respected Security Official on this Forum communication is not a feature they can be proud of except for sales hype.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
E.Jeppesen RE: Why I can't use PSI 3.0
Secunia Official 22nd Oct, 2012 12:55
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you for your feedback regarding the need for path-based Ignore Rules in PSI 3.x. I have added the suggestion to an existing bug report to make sure our developers are aware of this feature request.

As mentioned by Maurice, please send an email directly to support@secunia.com if you have messages specifically for Secunia Support.
Anthony Wells RE: Why I can't use PSI 3.0
Expert Contributor 22nd Oct, 2012 14:41
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ratbat ,

You seem to have a response from Emil at Secunia , so that is goog progress .

You asked where you find in version 3.x the ignore rules you have set ; last time I used it you had to scroll right down to the bottom of the scan results page where they were/are listed and can be revoked .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
millwood RE: Why I can't use PSI 3.0
Member 25th Oct, 2012 15:56
Score: 3
Posts: 26
User Since: 14th May 2008
System Score: N/A
Location: US
It's even worse than I realized. By default, the install was set for automatic updates. So today, PSI was trying to update my previous machine backup folder.

Yes - I know - turn off automatic updates - which I did.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+