Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Best Practice for upgrading EoL programs?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
layer9 Best Practice for upgrading EoL programs?
Member 25th Jun, 2013 16:36
Ranking: 0
Posts: 4
User Since: 29th Apr, 2013
System Score: N/A
Location: DE
Last edited on 25th Jun, 2013 17:19

Hi!

Is there a best practice about how to upgrade EoL programs to next Major Releases? As far as I can see, there is no way to upgrade EoL programs with CSI itself. I.e. from Skype 5.0 to Skype 6.0 or from Java 6.0 to 7.0. Is it perhaps possible to create an Uninstall package for an old / EoL program and then install a new Major Version with the "Always Install" applicability rule?

Actually it would be good if in future versions Secunia could provide an easy way to automatically remove old / EoL programs and update them with new versions. Any Information about how this could be done today is highly appreciated.

/edit: I just have seen that Secunia actually seems to provide an update package that allows to upgrade from Java 6 to Java 7. Will test this tomorrow!

Thanks
Michael

r.danailov RE: Best Practice for upgrading EoL programs?
Secunia Official 4th Jul, 2013 09:34
Score: 25
Posts: 173
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

There is a very convenient way to upgrade EOL applications, as long as the vendor had made it possible for the higher version installer to upgrade lower major version releases. In this is true, you could use 'Custom Package' (AlwaysInstallable) to upgrade your versions.

Natively, most vendor installers would detect a lower version installation and would upgrade it seamlessly. Since this functionality is provided by default by the vendor, you only need to ensure that your package reaches all machines intended to upgrade their versions.

Secunia CSI allows you to set the 'AlwaysInstallable' WSUS applicability rule to any of your packages. This rule pushes forcefully your package to all systems that are being approved to receive it. Thus you can target your packages to all recipients you intend to upgrade.

To make sure that only intended machines fetch the patch, you must first create an isolated WSUS group that only holds the intended recipients and then you could proceed with creating an Update Package which you should also set as AlwaysInstallable at step 3 of SPS wizard.

Please note that this procedure is not officially supported by Secunia Customer Support and we cannot provide guarantees that this functionality would work as explained here for each and every package. You are highly recommended to test this procedure for each and every different package you intend to serve as an upgrade before packages are published in the production network.

Kind Regards | Stay Secure
Rosen Danailov | Junior Solution Specialist
Secunia Customer Support
layer9 RE: Best Practice for upgrading EoL programs?
Member 4th Jul, 2013 09:41
Score: 0
Posts: 4
User Since: 29th Apr 2013
System Score: N/A
Location: DE
Hi,

thank you. I have tested this with the Secunia Java Upgrade package that Upgrades from JRE 1.6 to 1.7. It actually worked just well: At first it removed all previous versions and then installed the new one.

When you say we also can use Custom Packages: Is this possible without editing the Execution flow script? In my Imagination each custom package needs its own execution flow script, which is quite difficult to create without JScript knowledge.

Best Regards
Michael
Was this reply relevant?
+0
-0
r.danailov RE: Best Practice for upgrading EoL programs?
Secunia Official 4th Jul, 2013 12:05
Score: 25
Posts: 173
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi Michael,

Custom Package is a term used by Secunia, and Secunia CSC respectively, to identify any type of package that has any different configuration than the default pre-built one provided by Secunia.

In fact, it's rather straight-forward to create an 'AlwaysInstallable' package in the CSI.
Here are the correct steps to achieve this easily:

1. Go to CSI | Patching | Secunia Package System
2. Find a Product entry of the product you will be upgrading.

NOTE: Select the most recently detected entry of all of the duplicates that may exist for that product (this entry shall also point to the highest software version among all other duplicates).

3. Double-click on the selected entry and wait for Secunia Package Wizard to launch.
4. At step 1 of the wizard simply proceed with clicking Next to go to step 3 of SPS directly.
5. At the Path Applicability page (step 3), just enable the checkbox "Mark package as 'AlwaysInstallable'" and proceed with Next.
6. Publish your package to WSUS

With other words, you can just use the default package configuration for the latest available version of your software and then only change the applicability of the package to AlwaysInstallable. This just changes the distribution method to 'push' which ensures that this package is installable even if there are no such product installations on the system yet, or the version of this product is a lower major one.

Kind Regards | Stay Secure
Rosen Danailov | Junior Solution Specialist
Secunia Customer Support

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability