Forum Thread: false positive

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google SketchUp 8.x

This thread has been marked as locked.
oneota false positive
Member 20th Jul, 2013 20:22
Ranking: 0
Posts: 5
User Since: 15th Jan, 2011
System Score: N/A
Location: N/A
Am running Secunia PSI 2.0. It's telling me my Google Sketchup is out of date, but when I run my Sketchup 8 (its version information matches the below) and select "check for updates," I'm told I currently have the newest version. So why's Secunia telling me I'm not up-to-date?

---START---

Program Name:
Google SketchUp 8.x

Security State:
End-of-Life

Download Link:
http://www.sketchup.com/

Instances Found:
C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe, version: 8.0.16846.0

Last System Scan (localtime):
20. Jul 2013, 12:28

Operating System:
Microsoft Windows 8, Pro

---END---


Maurice Joyce RE: false positive
Handling Contributor 20th Jul, 2013 21:42
Score: 11934
Posts: 9,165
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is not telling you it is out of date but rather End of Life.

I assume it has been replaced by this:

http://www.sketchup.com/

but not sure because I do not use anything Google.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
oneota RE: false positive
Member 21st Jul, 2013 18:44
Score: 0
Posts: 5
User Since: 15th Jan 2011
System Score: N/A
Location: N/A
Right--SketchUp's been handed over from Google to whomever (Trimble) as of a couple months ago. But "whomever" is still (apparently) supporting it. So why would Secunia say "it's a security risk--kill it"?
Was this reply relevant?
+1
-0
Maurice Joyce RE: false positive
Handling Contributor 21st Jul, 2013 23:57
Score: 11934
Posts: 9,165
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Because it is End of Life & Google will not fix the Highly Critical vulnerability that exists with your version.

https://secunia.com/advisories/53635/



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: false positive
Dedicated Contributor 22nd Jul, 2013 00:57
Score: 1238
Posts: 980
User Since: 8th Nov 2008
System Score: 98%
Location: UK
End of Life does not necessarily mean a program is a security risk but in this case there is an unpatched vulnerability in SketchUp 8. The advice is to update to SketchUp 2013.

http://secunia.com/advisories/53635/

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
oneota RE: false positive
Member 22nd Jul, 2013 05:34
Score: 0
Posts: 5
User Since: 15th Jan 2011
System Score: N/A
Location: N/A
If SketchUp 8's been EOLed and the "solution" is to upgrade to SketchUp Make, it seems like Secunia ought to recommend that. Right now, my Secunia has (in the "install solution" column) an "install solution" hyperlink, but when I click on it, I'm brought to the home page for SketchUp (which looks to me just like the home page I've seen there for years, i.e. it's not saying "hey! do something to retain your security!"). I.e. there's no information in Secunia saying "your old SketchUp's been EOLed; uninstall it and download and install the new version" (or even "it's insecure; there's no replacement; to be secure, uninstall it, and forgo whatever convenience it provided you"). Hence the confusion which led to this post.
Was this reply relevant?
+0
-1

This thread has been marked as locked.