Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI and SMB console disagree (v2)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
xSI

This thread has been marked as locked.
libove PSI and SMB console disagree (v2)
Member 11th May, 2013 17:41
Ranking: 31
Posts: 70
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
Following up on what I assume is similar to the earlier thread about a disagreement between what appears in the local PSI install and what appears on the SMB console:

I have a computer (Windows 7 Pro 64-bit SP1, all patches, etc) with a C:\OldComputer\ folder tree, which includes copies of several old programs, as it literally is a copy of an old computer's hard drive.
None of these programs are installed, none of their links are recorded in the registry, etc.

PSI knows they are ignored.
The SMB console reports them as problems.

How do I get SMB to agree with PSI's interpretation/ what I/the-user have told PSI about ignoring these?

Perhaps it's a feature request: It should not be necessary to manually ignore on the local PSI install; it should be possible, on a program-by-program, client-by-client basis, from the SMB console, to ignore specific issues.

thanks,
-Jay

Maurice Joyce RE: PSI and SMB console disagree (v2)
Handling Contributor 12th May, 2013 11:00
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If I am reading your post correctly I think what you are describing is an excellent built-in design feature.

I have Endpoints that have created (on investigation) ignore rules for various items. The Endpoint PC with an ignore rule will show as 100% which to me could be a false positive.

On my console I get the true picture in that it displays all those items that have been ignored as can be seen here:

https://1ncuig.bn1.livefilestore.com/y2pUzE7Sltfi8...

Using my example above, as the "guardian" of home user Endpoints I am content that the two Microsoft items can be safely ignored. I am not convinced about WinZip Email Companion. It is attached to Microsoft Outlook &,to me, it would be safer to upgrade to WinZip Courier or remove the programme altogether.

My investigation on the rationale behind the decision to ignore WinZip is one of money to upgrade. That is not a proper Risk Assessment & at least SMB gave me the opportunity to counsel the end user.

To me, to remove that feature whereby the Console matches the Endpoint would rob the Administrator or, in my case, guardian the opportunity to see every programme an Endpoint has installed less those in ALPHA or BETA.

Rather than ask for the Console to match the Endpoint result I requested two enhancements to SMB during the xSI Preview stage.

1. To create another header on the Console that clearly shows items have been ignored so they can be independently assessed for risk.

2. To change the scoring percentage whereby any Endpoint (or standalone) PC score is downgraded to reflect that items have been ignored for reasons other than a proper security Risk Assessment.

The idea of only the Administrator (Guardian) being able to ignore items for Endpoints has its merits. I am not sure how Home User Endpoints would react to the idea of a Guardian having that mandate. At the moment it is look only & advise rather than direct intervention.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
libove RE: PSI and SMB console disagree (v2)
Member 12th May, 2013 22:37
Score: 31
Posts: 70
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
Maurice, thank you for a very nuanced and complete reply.
I agree completely - the ideal would be to have the complete picture in the SMB console, showing the real status (there is a possibly bad thing) along with additional information (it has been marked "ignore" on the end user equipment).

Then in terms of administrator capability, optionally being able to prohibit an end user from ignoring something, and definitely having the ability for the administrator centrally to ignore things.

The idea about tweaking the score based on who ignored and whether it (how would xSI know?) represents following proper risk management techniques, is also interesting.

thanks,
-Jay
Was this reply relevant?
+5
-0
Maurice Joyce RE: PSI and SMB console disagree (v2)
Handling Contributor 13th May, 2013 00:14
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jay,
I think Secunia have a balancing act to perform with future options. Your suggestion on ignore rules makes absolute sense from an IT Manager or Directors standpoint within a business environment in that they can enforce any changes.

Home User guardians have to counsel changes by mutual agreement. I hope they can accommodate an option(s) for both environs.

Whatever the outcome I believe Secunia are currently creating a false sense of security by allowing users to ignore anything & maintain a 100% security score.

As my Console shows, a true 100% is not always achievable but a lower score is fully justifiable. Secunia need to change the culture - a true score should be used as a personal benchmark figure that requires constant monitoring rather than allow potential & real problems to be hidden then 'pat them on the back' with a perfect score.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability