Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: false positive

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google SketchUp 8.x

This thread has been marked as locked.
oneota false positive
Member 20th Jul, 2013 20:22
Ranking: 0
Posts: 5
User Since: 15th Jan, 2011
System Score: N/A
Location: N/A
Am running Secunia PSI 2.0. It's telling me my Google Sketchup is out of date, but when I run my Sketchup 8 (its version information matches the below) and select "check for updates," I'm told I currently have the newest version. So why's Secunia telling me I'm not up-to-date?

---START---

Program Name:
Google SketchUp 8.x

Security State:
End-of-Life

Download Link:
http://www.sketchup.com/

Instances Found:
C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe, version: 8.0.16846.0

Last System Scan (localtime):
20. Jul 2013, 12:28

Operating System:
Microsoft Windows 8, Pro

---END---


Maurice Joyce RE: false positive
Handling Contributor 20th Jul, 2013 21:42
Score: 11785
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is not telling you it is out of date but rather End of Life.

I assume it has been replaced by this:

http://www.sketchup.com/

but not sure because I do not use anything Google.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
oneota RE: false positive
Member 21st Jul, 2013 18:44
Score: 0
Posts: 5
User Since: 15th Jan 2011
System Score: N/A
Location: N/A
Right--SketchUp's been handed over from Google to whomever (Trimble) as of a couple months ago. But "whomever" is still (apparently) supporting it. So why would Secunia say "it's a security risk--kill it"?
Was this reply relevant?
+1
-0
Maurice Joyce RE: false positive
Handling Contributor 21st Jul, 2013 23:57
Score: 11785
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Because it is End of Life & Google will not fix the Highly Critical vulnerability that exists with your version.

https://secunia.com/advisories/53635/



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: false positive
Dedicated Contributor 22nd Jul, 2013 00:57
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
End of Life does not necessarily mean a program is a security risk but in this case there is an unpatched vulnerability in SketchUp 8. The advice is to update to SketchUp 2013.

http://secunia.com/advisories/53635/

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
oneota RE: false positive
Member 22nd Jul, 2013 05:34
Score: 0
Posts: 5
User Since: 15th Jan 2011
System Score: N/A
Location: N/A
If SketchUp 8's been EOLed and the "solution" is to upgrade to SketchUp Make, it seems like Secunia ought to recommend that. Right now, my Secunia has (in the "install solution" column) an "install solution" hyperlink, but when I click on it, I'm brought to the home page for SketchUp (which looks to me just like the home page I've seen there for years, i.e. it's not saying "hey! do something to retain your security!"). I.e. there's no information in Secunia saying "your old SketchUp's been EOLed; uninstall it and download and install the new version" (or even "it's insecure; there's no replacement; to be secure, uninstall it, and forgo whatever convenience it provided you"). Hence the confusion which led to this post.
Was this reply relevant?
+0
-1

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer