navigation bar left navigation bar right

Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: How to unpack sps.exe

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
torstenv How to unpack sps.exe
Member 27th Jun, 2013 17:08
Ranking: 0
Posts: 3
User Since: 27th Jun, 2013
System Score: N/A
Location: DE
A customer of ours is currently evaluating CSI to decide wether CSI can help him simplify patch management. Because of security policies all new software that's about to be deployed to the customers network must first be audited by a security experts team. I'm involved in auditing.

I received a couple of example files - all named sps.exe - that I should take a look at.

We are not able to unpack these files. Our customer asked Secuina how to unpack these files and they said it's impossible.

Huh?

If we could unpack these sps.exe files and compare the hashes of the included updates or patches, we could compare these hashes with those of binaries which we may have already examined or check if the file has already been examined on e.g. virustotal.com. We could compare the file with the manufacturers original and make sure that the deployed file has not been manipulated and is trustworthy.

In Germany there's been a discussion about a trojan horse that's being installed by investigative authorities in order to watch over everything the suspect does on his computer (Staatstrojaner). Now if these authorities force Secunia to deploy this trojan, there's nothing anyone can do about it, because it's impossible to find out what exactly sps.exe deploys or does.

In my eyes this is not acceptable. But before advising the customer to not buy this software I wanted to make sure, if there's really no way to look into these sps.exe files. Is there any known supported or unsupported way to extract such sps.exe without installing it? It's hard to believe that Secunia says they're selling security and then they deploy obscure executables that could be absolutely anything.

This user no longer exists RE: How to unpack sps.exe
Secunia Official 4th Jul, 2013 10:40
Hi,

We would like to re-assure you that Secunia has many trusted customers from your region which have full confidence and trust in the security services Secunia provides through its software. Many of our German customers also became reference customers and provided their sole experience in their testimonials also visible on the website.

https://secunia.com/references/testimonials/csi_te...

Secunia is fully-neutral security vendor and a member of FIRST (Forum of Incident Response and Security Teams) and ISF (Information Security Forum), as our software had won tens of awards for excellency in providing best security practices to its customers, thus including awards from FIRST, ISF and OTA (Online Trust Alliance).

https://secunia.com/company/memberships/

If you still feel doubts about the origin of the packages provided within the Secunia Corporate Software Inspector, we would kindly request you to open a support inquiry with us by sending an email to csc@secunia.com. We will ensure that all your questions are addressed properly and in timely fashion in accordance to your personal and organizational expectations.

Kind Regards | Stay Secure
Rosen Danailov | Junior Solution Specialist
Secunia Customer Support
torstenv RE: How to unpack sps.exe
Member 4th Jul, 2013 12:30
Score: 0
Posts: 3
User Since: 27th Jun 2013
System Score: N/A
Location: DE
Hi!

Thanks a lot for the reply. I do understand your position. Please let me add my thoughts:

(unknown source)
Secunia has many trusted customers from your region which have full confidence and trust

I believe you but please understand that there can be environments in which it is not enough to trust someone just because others trust as well.

(unknown source)
Secunia is fully-neutral security vendor

I have no doubts about that. But that's not the point! Allow your customers to not only trust you because others do, but enable them to verify your update files. Add transparency. Let them know how to unpack your update files. After that it's not a question of trust anymore, but everyone can verify by himself.

(unknown source)
a member of FIRST,[...] ISF, [...] awards for excellency

Please accept my apologies if I sounded like I wanted to say your product is not good. It probably is. But denying a customers request to be able to examine the files themselves leaves a bad taste. Since there's no reason for that. You wouldn't let any surgeon add an implant to your body if he denied showing it to you first, would you?

(unknown source)
If you still feel doubts about the origin of the packages provided within the Secunia Corporate Software Inspector, we would kindly request you to open a support inquiry with us by sending an email to csc@secunia.com.

Like said, I'm currently no customer of yours. My enquiry was triggered by a request of a customer of ours who requires to have 100% of the files installed in his network to be audited first. It's all about transparency. By asking me to send a mail to your support team, you're effectively asking to hide this discussion from the public, which is the opposite of what I'm asking for: transparency.

So my questions are:
Can I contact your support team without being a customer of yours myself?
If so, can I CC this thread with my mails to your support team and post their answers here as well? (Transparency, you know...)

Thanks a lot again!

T.
Was this reply relevant?
+0
-0
This user no longer exists RE: How to unpack sps.exe
Secunia Official 4th Jul, 2013 13:47
Last edited on 4th Jul, 2013 13:49 Dear Torsten,

You are more than welcome to send an email to csc@secunia.com and address your questions to our support team. We will be more than happy to address all questions you may have regarding the Secunia CSI functionality, after we verify the validity of your request.

Please note, Secunia and its employees respectively, follow very strict non-disclosure policies, especially when it comes to sharing information about the inner workings of our software where this information could be used against the company, the software, and our customers respectively. Your questions are very deep and mostly related to the security mechanisms and inner workings of one of the two top-most features of the CSI. Sharing this information on the forum is not wise, moreover, this may turn out to be a wide discussion that is not appropriate for the forum and does not match its purpose.

Should you like to receive this information in full amount as requested here, you shall consider following the official procedures to request it by sending an email to our official support address (csc@secunia.com) so that we are able to ensure the validity of your request in accordance to our policies. Once this is done, you will be eligible to receive full support on your inquiry.

Kind Regards | Stay Secure
Rosen Danailov | Junior Solution Specialist
Secunia Customer Support
torstenv RE: How to unpack sps.exe
Member 4th Jul, 2013 14:44
Score: 0
Posts: 3
User Since: 27th Jun 2013
System Score: N/A
Location: DE
Hi!

Thanks a lot for the quick reply.

I'll contact support. We will see further then.

Thanks!
T.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+