Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia PSI Not Updating Itself And/Or Alterting Users That There...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
goodjohnjr Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 12th Mar, 2013 19:04
Ranking: 0
Posts: 16
User Since: 5th Aug, 2009
System Score: N/A
Location: AQ
Hello,

Yesterday while browsing the internet I noticed that someone mentioned that they had Secunia PSI 3.0.0.6005, and I only had version 3.0.0.6001 even though I scan with Secunia PSI & CNET TechTracker everyday (Windows Update as well but that does not check for third-party software obviously); neither of those programs showed any updates for Secunia PSI, so for months I was not using the latest version and I had no idea even though I try to keep my software updated everyday.

A few years ago I recommended that the Secunia PSI Team add the option to manually and/or automatically have Secunia PSI update itself or at least let users know when there are new versions of it, but I guess neither of those basic features have been added yet oddly?

I think that this is very important & that all/most programs should have this option and I am also slightly surprised that CNET TechTracker is not showing when there are new versions of Secunia PSI, it seems that CNET does not even have the latest version on their website:

http://download.cnet.com/Secunia-Personal-Software...

Maybe the Secunia PSI Team should contact CNET & the CNET TechTracker Team about this.

https://cbsi.secure.force.com/CBSi/submitcase?temp...

Also, please add the option for Secunia PSI to update itself and/or let users know when there is a new version.

Thank you,
-John Jr

--
http://www.accountkiller.com/removal-requested

mogs RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Expert Contributor 13th Mar, 2013 03:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@goodjohnjr

The subject has had a couple of airings on the forum in recent times....might be worth looking at the thread here :-
http://secunia.com/community/forum/thread/show/138...

Hope it helps.......regards.......

--
Was this reply relevant?
+2
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 13th Mar, 2013 04:29
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
Thank you for the link Mogs. :)

It did not help, since I predicted that would be one of their reactions, and I disagree with them as well; but I do thank you for sharing that thread with me so that I could at least see that my prediction was correct. ;)

And it is good to know that there are other people who feel the same way as me, and I really do hope that the Secunia PSI Team changes their approach to that and to allow/show updates for programs in general instead of just security related updates; especially their own program(s).

The best I/we can do is express our opinions and suggestions, do not hold our breaths, and hope/wish for the best and/or leave/give up and/or keep trying. ;)

I think that Secunia PSI has a lot of potential, and those two features alone would make it the best program that I know when it comes to a software updater program for Windows.

Anyway, I will stop there.

-John Jr



--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+2
-0
E.Jeppesen RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Secunia Official 13th Mar, 2013 11:57
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Hi John
Thank you for sharing your opinion and requesting an easy way to check for non-security related updates to the PSI itself. So far the PSI treats updates for itself exactly like updates for any other program, but I can let you know that we are indeed looking into adding the feature you are requesting.

I would like to point out that if you are looking for a general update checker the PSI may not be your best choice. There are many free update checkers available and in my experience several of them seems to work just fine. What makes the PSI unique is that it will only advise you to update when your currently installed software is affected by a known vulnerability and the vendor has released a patch that closes the vulnerability. The many general update checkers will ask you to update simply because a new version is available, even if you should not actually need the new version. Some vendors release new versions of their programs on a regular basis even though the old version is rarely vulnerable. So you could end up spending time updating your programs to the very latest version without gaining very much. And some of us may have time restraints in our daily life and prefer to spend our time elsewhere. We may then prefer to update our programs only when it is really needed.

So should you choose a general update checker or a security tool like the PSI? Itís a matter of personal preferences and all up to you. But these are some of the thoughts I would consider when making that decision. I think it also explains the philosophy behind the PSI which I personally believe makes good sense.

But again, we are considering implementing some easy way to check for non-security related updates to the PSI and I would like to thank you for pointing out the need for such a feature.
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 13th Mar, 2013 17:20
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
Last edited on 13th Mar, 2013 17:26
Thank you for taking the time to respond. :)

I am the type of person that likes to try to find balance and/or compromise when possible, I know Secunia PSI's current philosophy, but I think that both sides could get what they want if there was an Optional Option(s) to allow Secunia PSI to check for updates for itself & for general updates for other programs; and only those that want that could enable this option, and those do not want it will not have to use it & could just leave this option(s) disabled.

I see nothing wrong with that approach.

The only general update checker for Windows that I have tried that somewhat works for me is CNET TechTracker but it still has problems (missing programs, showing programs outdated when they are not, support not good, et cetera) & Secunia PSI would be a better option & another program for this would not be needed if Secunia PSI one day gets an option for those who want it to scan for general updates for programs.

For the record, updates for programs are not that common to where I am updating programs everyday for no reason, and they are not mostly pointless usually; just saying, so it is not that much of a chore, and would be less so with Secunia PSI if that option is added one day. ;)

Anyway, thank you for the consideration.

-John Jr

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+0
-0
HUDAHAR3 RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 15th Mar, 2013 15:35
Score: 3
Posts: 1
User Since: 9th Sep 2008
System Score: N/A
Location: N/A
I agree. It seems sort of senseless that the program does not update itself. At the very least, it should let you know there is a new update, even if it has to be done manually.
Was this reply relevant?
+3
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 15th Mar, 2013 17:46
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
Thank you for sharing your opinion HUDAHAR3. :)

The more people who share their opinion(s) in this thread, whether they agree or disagree, the better in my opinion. :)

-John Jr

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+0
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 15th Mar, 2013 17:49
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
*Update*:

Me and/or someone else contacted CNET to let them know that Secunia PSI was outdated on their website, and I see that it is fixed now. :)

-John Jr

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+0
-0
BigAl2 RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 20th Mar, 2013 04:22
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Last edited on 20th Mar, 2013 04:34
Quote: E.Jeppesen

"What makes the PSI unique is that it will only advise you to update when your currently installed software is affected by a known vulnerability and the vendor has released a patch that closes the vulnerability"

Perhaps I'm being pedantic but PSI vers 2. did alert strongly to low risk/web 'isolated' old software..

...(red slashed marks as opposed to crosses for vulnerability BUT they were counted in the 'Dashboard' % score + made the PSI notification go RED ie you couldn't differentiate by looking at the notification icon or the % score imo as you say they aren't on the same level of importance as vulnerability)..

....+ advise to (uninstall from PC) "end of life" software regardless that they could not be further away from web facing (imaging, reg cleaning ,burners,media player that didn't connect with the web ie just as U describe nothing but POINTLESS. MARKETED gimmick updates sometimes inferior/bloated - if my PC was that overrun with viruses/malware that it had over come the AV etc - then them overtaking old imaging software(?) would be least of my concerns - i'd likely be replacing the OS with my latest back up image from 'outside' when (the main) OS not booted/inactive)

Hopefully my screen caps illustrate what I'm saying - PSI v2 strongly points out (ANY) old software (showing just a couple i removed from ignore to illustrate);

PSIv2 Dashboard

http://static.sh.digitalvault.bt.com/static/off_si...

PSIv2 Scan

http://static.sh.digitalvault.bt.com/static/off_si...
----

PSI ver3 still effects the score, notification icon + places the old programs at the top - not that that's a problem to ignore them but imo it still seems to encourage you to update in the "PSI default" state, in contrast to what you seem to say?

PSIv3 Scan

http://static.sh.digitalvault.bt.com/static/off_si...


Perhaps one of the reasons for the lack of the CNET T.Trackers efficiency is that they have spread their resources too thinly with such an INFINITE scope for ALL prgm/software of WINDOWS - surely such DEPENDABLE security is more important than time saving - by narrowing the scope down to vulnerability concerns perhaps its more manageable producing more reliable data - I've used PSI for years too + so far its only these couple of incidents now (out of ALL vulnerable/web facing progs i could have used )
Was this reply relevant?
+1
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 20th Mar, 2013 04:51
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
Thank you BigAl2 for taking the time to comment and share those images (the first image/link worked but the last two links would not load for me, but I think that I know what you were trying to show there ;) ).



--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+2
-0
E.Jeppesen RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Secunia Official 20th Mar, 2013 12:03
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
@BigAl2
Good point. You are correct that the PSI will also alert you to the potential security risk of programs that are end-of-life.

If you believe that a specific end-of-life program only poses a minimal risk you can choose to ignore it in the PSI.
BigAl2 RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 04:50
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Thank you both for your comments/replies. :)

goodjohnjr - yeah i didn't think BT like me putting my vault images on the public web but i'm glad you saw one (since it no longer works) + got my point - Secunia might repeatedly state PSI's Modus Operandi but imo the interpretation is not rigidly objective as i was trying to show with those screen caps - my history of PSI picking up endless old software that are imo relatively harmless as i was trying to explain. In my decade plus of Windows use/knowledge whether its just luck i don't know but all my serious disasters have always been the result of my own mistakes - i started using SRP + LUA last year (ie no constant privilege escalation from an admin account) for which there much evidence for its protection from virus/malware independent of patching vulnerability but the more levels/type of protection the better imo.

E.Jeppesen - Hopefully my risk assessment of these non web facing softwares has contributed to my history of avoidance of serious disaster from virus/malware. eg Acronis True Image 9 bought in 2006 what well worth it purchase, luckily (as i didn't have enough experience/knowledge of imaging software at the time) in efficiency, reliability, compatibility, clarity/ease of use especially for such a potentially damaging software from incorrect use. While still using XP in the same set up imo its just a complete waste of money + time learning any new peculiarities of a modern replacement + if i hadn't had Acronis imaging on Win7 i wouldn't know for sure if Acronis software was still as good as it was back in 2006 w/o the effort of research. While PSI still ACTIVELY NOTIFIES me,marks down my score + recommends me to remove it from my PC/update it + links me DIRECTLY for the replacement to the Acronis site's + the latest version - assuming they are just as secure etc as they were in 2006 eg look what happened to Nero - it went from professional burners most recommended software in the mid 2000s to universally reviled later that decade with the fashion of bloat Nero tried to be a jack of all trades introducing all number of barely related function to the core CD/DVD burner - the install becoming ever bigger - resulting in them loosing focus on the burning core resulting in later builds being less stable + more buggy - Nero Express/ROM version 6 being thought of as the peak of efficiency/reliability by 'dedicated burners'.
Was this reply relevant?
+1
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 05:28
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
You are welcome BigAl2 :) , and I would like to say that LUA = Limited User Account for the people out there that might not have understood that abbreviation (I might try using an LUA one day, I have considered it before after reading about the security benefits). ;)

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+1
-0
BigAl2 RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 06:19
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Last edited on 22nd Mar, 2013 06:49
Just read that only a tiny % of Windows users use a LUA (as opposed to admin acc.) but then its not surprising Win is about customisation + ease of use - you would have to spend time on finding out about SRP/LUA and the information to make it more convenient though its still not Str8 forward but neither is using a browser yet the majority can learn + do it by habit.

Also it might take more effort understanding but there's a utilty for using with LUA/SRP that makes it much more convenient/practical imo - i think without it i would find such a set up too restrictive for what i do in general with Windows (tweaking/power user etc-a hobby/pastime in itself)) - it called " Surun" ( i had to disable UAC on Win7 to get it to work correctly (like on XP) but naturally UAC was just M$ moving in this direction gently/user friendly - its just a weaker more convenient version of LUA/SRP - unfortunately the admin accounts on 7 still radiate out elevated rights for anything that wants them like all the nasties to do their work).

Surun doesn't just remove the need for typing out the admin password endlessly - there lots of other tweaks + automations but most relevantly for me at least the ability to have elevated privilege command prompt and most usefully elevated privilege explorer - you can instantly select files folders to act as if you were in an admin- the point is you remove such elevated privilege as soon as you've finished the task that required them.

Take a look at this guy's blog - its very esteemed (because it is very clear + well thought out/ intellectually illustrated) by people experienced with LUA/SRP for explaining the concept/basics of the importance of LUA/SRP + also setting it up.

http://www.mechbgon.com/srp

Some experienced with LUA/SRP even suggest/practice that AV/security software it not needed however there is the wisdom that no type of protection is 100% so its wise to use different layers/types of complementary protection (PSI being one of those layers)

Win7+ also has "apps locker" which is an evolution of SRP - basically it is more complicated to set up + is for more specialized use + servers from what i gathered recently looking into it.

I'll try relinking those screen caps with another web account;

PSI v2 Dashboard

https://skydrive.live.com/embed?cid=87AFA97E517EFE...

PSI v2 Scan

https://skydrive.live.com/embed?cid=87AFA97E517EFE...

------

PSI v3 Scan

https://skydrive.live.com/embed?cid=87AFA97E517EFE...


^^ I think use of the zoom may be in order ;) but hopefully they wont disappear this time - I generated 'embed' links on Skydrive - it stated they were for public use not requiring a password so they shouldn't - i need a new way to post stufff on the web after my previous web posting method wont translate to english anymore :o
Was this reply relevant?
+1
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 06:50
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
Thank you BigAl2 for the helpful information about SuRun/LUA/SRP/et cetera, the new image links (they all worked ;) ), and the website link (I added it to my bookmarks); I am sure that some of this information will help me and other people. :)

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+1
-0
BigAl2 RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 06:54
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Last edited on 22nd Mar, 2013 06:57
Thanks goodjohnjr, its good to be useful + naturally its good of you too to take the time + have the inclination to let me know :)

Nite
Was this reply relevant?
+1
-0
goodjohnjr RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Member 22nd Mar, 2013 07:01
Score: 0
Posts: 16
User Since: 5th Aug 2009
System Score: N/A
Location: AQ
You are welcome BigAl2, it was nice of you to take the time to help/share knowledge/information, it is rarer these days to have people respond much or at all (well in my experiences, especially with blogging/social networking/software forums et cetera) it seems & even more rare to have people respond with helpful information/knowledge; so thank you and good night. :)

--
http://www.accountkiller.com/removal-requested
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia PSI Not Updating Itself And/Or Alterting Users That There Is A New Version?
Expert Contributor 22nd Mar, 2013 23:45
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 22nd Mar, 2013 23:57
Hi ,

A small amount of history might help . (My personal opinion not that of Secunia ).

The basis of Secunia's business is security patch checking for commercial operations and the wider security community based on their CSI . The PSI is (very happily) a free offshoot of this business product for personal use :ditto the OSI . The likelihood of a "general" update checking by/from Secunia is remote to say the least :ie: not of any immediate commercial interest .

The PSI versions 1.x and 2.x have different aims and user targets from version 3.x and so the display differences and level of technical info provided are obvious .

I am concerned that version 3.x is extremely buggy and it's intended user may find it difficult to operate and fix as needed ; personally , if asked , I would recommend version 2.0.0.3003 .

Take care

Anthony

EDIT: without wishing to seem pedantic , as a basic principle Secunia do not/never have recommend (ed) or advise(d) a specific course of action but where possible indicate possible actions available to rectify a displayed problem and you decide what you wish to do .

For the less experienced/lazy , version 3.x offers you the chance to silently auto-update without forethought . Will be "good" when the SPS system works better .



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability