Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
BigAl2 (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES
Member 20th Mar, 2013 04:22
Ranking: 4
Posts: 10
User Since: 19th Mar, 2013
System Score: N/A
Location: UK
PSI has always detected the prgm Sandboxie + correctly identified the version (with the "Start,exe" executable though I'm not sure if that is the main part of the program) but I've just recently found out its NOT been ALERTING to updates.I haven't checked this out on another PC to see if a problem with my set up yet (but i can if required) but something like this has never happened before + my PC + PSI seems to be functioning normally in every other aspect.

My current Sandboxie version, before i checked manually, was 3.68 (rel. 10.4.12) while the latest version is 3.76 (rel. 16.12.12) - its IMO one of the most valuable, popular, versatile + efficient (+ free/value for money lifetime license) SANDBOXING softwares - crucially its DIRECT WEB FACING aspect.

However as i mentioned this is the first time something like this has happened in my few year experience of success using PSI, gratefully which so far has helped me be aware of afaik ANY unpatched (actively used,web facing)software.

Cheers

mogs RE: (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES
Expert Contributor 20th Mar, 2013 05:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@BigA12

Bearing in mind that psi is a security vulnerability checker....it will not advise you of every update to a program, unless each update is a vulnerability fix.
Between April '12 and December '12 Sandboxie has been updated four times......looking back thro' the Advisory here :-
http://secunia.com/advisories/product/14888/?task=... at no time does it appear to have been vulnerable.

Hope it helps......regards.....

--
Was this reply relevant?
+1
-0
BigAl2 Thanks for the answer - I understand
Member 20th Mar, 2013 07:52
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Last edited on 20th Mar, 2013 08:27
Thanks for your fast, informative + polite reply.

I've just learnt about PSI updating for vulnerability while I've being reading the forum to post - clearly i haven't had chance to combine it with my concern over Sandboxie - i understand the notion eg PSI did update itself to version 3.+ because of vulnerability but has not updated with recent minor versions since they have not been made for vulnerability reasons.

"security vulnerability checker"

However IMO my idea of such a security vulnerability checker does not primarily alert to the ranging up to 10+ years non web facing utilities (On my XP partition naturally) by putting them at the top of its scan list? (until i put them on ignore - no problem) with the 'Adobes' + 'Javas' that have an infinitely greater chance of risk? - which i describe this contradiction to this notion in my other thread + with a linked a screen cap from the current PSI scan with the 'old softwares' clogging up the top reducing the score - this is what inclined me to think Sanboxie might have been missed since it doesn't even miss old programs - perhaps these are just ones from your old data base before you shifted understandably to concentrating on more manageable scope for an issue such as security? :)

UPDATE: Although this is not meant to be important/a complaint with PSI's track record i've had however with use of PSI version 3+ it seems to ignore more old programs (by 'default') than previously though naturally many will no longer be wasting drive space - i dont keep software records - though PSI is one - just memory :)
Was this reply relevant?
+0
-0
mogs RE: (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES
Expert Contributor 20th Mar, 2013 08:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@ BigA12

Thank you for your reply.
I'm having difficulty understanding your second paragraph tho'.
I would suggest that it's best not to tangle other of your threads/concerns/topics... whether current and ongoing or not.....with the original subject matter of this one. At the moment the result is, that the content is coming out tangled and not easy to read.
Where I hope I can answer anything....I'll try.
Firstly.....the psi 2.0 wasn't updated to version 3.0....3.0 came into existance in the hope of making the patching exercise simpler for newcomers...those who did not wish to delve too deeply or get too technical.....so it was an additional option.
Psi does not update itself, as some users still prefer previous versions.....even now some are still running the earliest....they neither having been found vulnerable. Tho' presented differently, they all have at their core, the same detection engine.
There are still quite a few XP users on the forum who can probably give fuller advice regarding, in your original thread/post....but again I would suggest, that choosing to Ignore a program should only be done after careful consideration.

Hope the foregoing clarifies some matters for you......regards


--
Was this reply relevant?
+1
-0
BigAl2 RE: (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES
Member 22nd Mar, 2013 04:59
Score: 4
Posts: 10
User Since: 19th Mar 2013
System Score: N/A
Location: UK
Thank for the replies/explanation + your time again - it DOES clarify a lot.Unfortunately i do have problems when it comes to making understandable written communication to the majority of people (due to an innately excessively thinking mind/loss of train of thought). I thought it might have something with my set up that PSI never alerted me to completely new PSI version and your explanation of it being simpler agrees with my thoughts on using it for the first time - i understand now that i can still use PSI v2 to get a copy of the installer - that's what i was trying to describe being of benefit to me in my previous thread - w/o any additional security risk.A thread here i read was about why there wasn't an alert to a new PSI v3 minor incremental version - again i must have assumed wrongly that they were using PSI before v3 so the inference they were alerted to new PSI version as it would be illogical for them to complain at a minor increment if they'd been alerted to a new version.

Quote mogs;

"that choosing to Ignore a program should only be done after careful consideration."

I'm sure my consideration is careful - i think that i use SRP + an LUAccount On my (web facing) Windows (even on more secure Win7) is example of that. However i would genuinely be interested if you could enlighten me to to the risk that needs PSI to notify me to update( for XP on the same set up) AND lower my % score of such old versions of software such as imaging or registry tools that never access the web, how in practice ( ie not used in an environment overrun by virus/malware inescapably apparent) they pose a security/vulnerability threat ( as its stated is PSI's sole purpose/its NOT a general update software) considering the money, time + effort required (researching on relevant quality/security) on updating new software, such as imaging especially?

Cheers

Al
Was this reply relevant?
+0
-0
mogs RE: (XP) - SANDBOXIE prog - PSI identifies but NOT alerting to UPDATES
Expert Contributor 22nd Mar, 2013 22:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@BigA12

Thanks for the reply....and outlining a bit about your difficulty with literary communication. Everybody suffers from it to some degree or other in different ways.....I've always found writing to be theraputic....particularly if you find a friend that "listens". Pace of thoughts....pace/s of fingers....all the pushing and shoving that goes on in our lives....I started out many years ago with the old pen and black ink.....the kid in the next desk wasn't always nudging it.......that's the thing with these pc's....it doesn't show up if the table shakes. I've been lucky......mam and dad went to even older schools.....but I never argued much with the girls.... things don't always mature and it's possible to have too many friends. I notice you can see your spelling is excellent.

I understand that you try to be careful as regards Ignoring programs......are you saying that you are already doing that, ( Ignoring ), to improve your Secunia score ? Ignoring XP and others ?
What is the problem with the XP ?


--
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability