Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia installed a new program (not an update, a brand new pgm!)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
xteri Secunia installed a new program (not an update, a brand new pgm!)
Member 18th Feb, 2014 00:49
Ranking: 0
Posts: 8
User Since: 6th Oct, 2012
System Score: N/A
Location: US
This is the message I sent to support@secunia.com

Dear Sirs,

Error report.

I just ran Secunia PSI and it INSTALLED a program to my C:\Program Files folder. (Unwanted program is Calibre)

Very unwanted behavior.

Additionally, it initially showed MySQL 5.x as needing updating (also not installed) but that entry disappeared.

Details:
Win 7 Pro
I was logged in using remote desktop on a LAN.
Secunia V 3.0.0.7011
Set to Automatically update, and to only scan C:\.
No start on boot (I run it on demand).

The program it installed, Calibre, is on N:\ drive but it was the portable version.

Attached a screenshot, note in the background that the calibre files are ADDED to C:\Program files\Calibre2.
The IrfanView updated files is normal behavior and expected.

What is going on? Why would PSI install a new program?

-End of email to support-
Addendum:
Do not see an option here to upload the screenshot provided to support, the screenshot shows that the Calibre files were newly added (as opposed to updated) to Program Files.
It also shows that IrfanView was updated (normally). Additional system info:
Win 7 Pro 32 bit SP1
IE 11.0.9600.16518
Dell Optiplex Intel Core 2 duo E8600 @3.33 GHz
RAM 4.0 GB

I created a system image shortly before I ran PSI - I rolled back to this image, uninstalled PSI Vers 3.0.0.7011 & installed the new version 3.0.0.9016. Set the updating to Notify only & it scanned successfully without a repeat of the problem.

(As an aside, here is a note from my 'install' log: "4:02 PM 11/17/2013 installed secunia....PSISetupV3.0.0.9015.exe - crashes becuz of IE11, installed V3.0.0.7011 instead - now working.")

Have used Versions 2 & 3 of PSI for several years and find it very useful, it hangs once in a while but this is the first time it ever installed a BRAND NEW PROGRAM!. Posting this thread in case it has happened to someone else and to see if anyone has a possible explanation.


Post "RE: Secunia installed a new program (not an update, a brand new pgm!)" has been selected as an answer.
Leendert Kip Secunia installed a new program (not an update, a brand new pgm!)
Member 19th Feb, 2014 10:50
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 19th Feb, 2014 10:52
Hi, I can assure you that PSI absolutely don't install new programs on your pc. I don't understand what happened on your pc and I can't explain. It's not possible to upload screenshots etc. to a post in the forum. I'm surprised that nobody responded although your post is there a day now. I suggest you send an e-mail to support at: support@secunia.com and attach your screenshots. Maybe that gives a better chance for respons.

--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-1
Maurice Joyce RE: Secunia installed a new program (not an update, a brand new pgm!)
Handling Contributor 19th Feb, 2014 11:33
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I'm surprised that nobody responded although your post is there a day now

@xteri has, in the main, posted an information thread having already contacted Secunia Support by email as explained in his post. Not sure how anyone else can help until Secunia Support reply to the email & @xteri updates the thread with their response.

I can assure you that PSI absolutely don't install new programs on your pc

Although unlikely in the scenario of this case Secunia do warn that it could occur in their FAQ here:

http://secunia.com/vulnerability_scanning/personal...

It's not possible to upload screen shots etc. to a post in the forum

Sadly this is incorrect. Screen shots can easily be posted to the Forum & there are many examples already posted.

POSTING A SCREEN SHOT TO THE FORUM

To post a screen shot to the Forum you need to:

1. Capture the image by using a programme such as:
a. Microsoft Paint - details here if unsure how it is done.
http://www.wikihow.com/Take-a-Screenshot-in-Micros...
b. Microsoft One Note
c. Microsoft Snippet (Windows 8.1,8,7 & Vista)
d. Any third party equivalent programme like these:
http://www.thewindowsclub.com/free-screen-capture-...

2. Save the image to an online repository such as Microsoft Skydrive or a third party programme like Drop box https://www.dropbox.com/

3. Post the hyperlink to the stored online image to the Forum. Use CTRL+C to copy & CTRL+V to post to the Forum.

Example here:

https://1ncuig.bn1304.livefilestore.com/y2pulWoScR...



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
xteri RE: Secunia installed a new program (not an update, a brand new pgm!)
Member 20th Feb, 2014 22:23
Score: 0
Posts: 8
User Since: 6th Oct 2012
System Score: N/A
Location: US
Last edited on 20th Feb, 2014 22:25
Thank you, Maurice, you are exactly right. On all your points.

So far, no response from Secunia. And to further clarify, I am in no way implying the PSI installed anything malicious. I think that PSI detected the Calibre program on my N drive (even though it was set not to scan N:) & downloaded the appropriate update. That update was then installed (as new) to my C:\Program Files folder.

A few more details - I regularly image my C drive. Before & after every install I run autoruns (from sysinternals), JV16 registry scanner (an old registry scanner that checks a number of different registry keys & flags additions) and System File Checker (from Win 98, it still works & reliably reports additions, deletions & updates to files. You can configure the file types to scan & where to scan. On the downside it does not support long file names and there are several directories it cannot access under the Win 7 Windows folder. If anyone wants to try it, be sure to rename the original exe from W98, I renamed it to SFCw98.exe, you also need sfcdll.dll & optionally sfc.hlp. Copy to C:\WINDOWS\SYSTEM: sfcw98.exe & sfcdll.dll, Copy to C:\WINDOWS\HELP: sfc.hlp)

So, Leendert Kipp, be assured that PSI CAN install a new program, I am 100% certain of what happened. But thank you for attempting to help.

I have seen other posts with linked screenshots but I don't currently use any of those services (ie dropbox) & didn't want to go to the bother of creating an account.

I will update when I hear from Secunia.

Was this reply relevant?
+0
-0
Maurice Joyce RE: Secunia installed a new program (not an update, a brand new pgm!)
Handling Contributor 27th Feb, 2014 23:47
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This thread auto locked after 7 days of no activity. I have reopened it in case you want to comment.

Please let me know if you want it relocking.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
xteri RE: Secunia helpdesk reply & my answer
Member 28th Feb, 2014 02:00
Score: 0
Posts: 8
User Since: 6th Oct 2012
System Score: N/A
Location: US
Last edited on 28th Feb, 2014 02:01
Thank you, Maurice.

I did receive a reply from Secunia. Good company. Bottom line is my event will probably remain an unsolved 'bug' or anomaly.

Maurice, if you this thread dies for inactivity again, would appreciate you re-opening one time more so I could post any further correspondence. If after 2 weeks nothing that means it has died. :-)

Below is Secunia's response and my reply:

-------------------------------------------------- ----- 2/26/2014:
Thank you for contacting Secunia Support.

Iíve been unable to reproduce the issue.

The Secunia PSI should not detect and updates programs on drives not selected for scanning.

I agree that the Secunia PSI should NOT install full versions of portable applications in a scenario like yours.

If you uninstall the full version of Calibre and are still using the Portable version, does the PSI update it again right away?

Morten Hansen, System Administratorr, Team Leader Helpdesk
-------------------------------------------------- ----------------------------

Reply on 2/26/2014:
Hi Morton,

Thank you for your reply. Before I received same, I posted some more info in the PSI forum:

http://secunia.com/community/forum/thread/show/147...

From my forum posting:
"I created a system image shortly before I ran PSI - I rolled back to this image, uninstalled PSI Vers 3.0.0.7011 & installed the new version 3.0.0.9016. Set the updating to Notify only & it scanned successfully without a repeat of the problem. "

Before restoring above image, I made a drive image "2014_02_17_1106-temp.tib".

So, to answer your question about whether PSI would update after uninstalling the full version of Calibre from C, I would have to restore the above image.

Leave that for now.

The Calibre version that was on my N: drive was "calibre-portable-0.8.35", the exe is "calibre-portable.exe", version 0.8.35.0.

The file PSI downloaded and installed to C drive was "calibre-0.8.52.msi".

I'm not sure if these are the same, that is, if Secunia PSI did detect the 8.35.0 portable exe would it choose this msi to update?

If yes, then I think some sort of hiccup caused PSI to scan my N drive & then (unexpectedly) installed to C:\Program files.

If no, something else is going on.


I regularly image my drives. Recently I 'built' a new Win 7 pro image for use in 3 other machines. After installing the needed software I copied the image to a new SSD and installed that drive in another Dell (same model). I then input the product key that belongs to that Dell (thrice, once for each machine). This saves having to build/configure the same machine 4 times.

Finally I continued to 'build' on the image** (see below) for my own use on the original Dell. (The other Dells belong to friends, I'm helping them upgrade from XP).

Does Secunia PSI use any 'fingerprinting'? That is, is a record maintained of the last known configuration that is updated?

If so, this problem might be related. In particular, the MySql 5.x (see my original email) WAS installed on the other machines (and my machine as 'master'). After I finished those machines I installed on my machine an earlier image** (referred to above) that was made before installing the MySql database. So, as far as PSI was concerned on my LOCAL machine there had never been a MySql database. Yet, I clearly saw this entry appear & then disappear. That is why I think your company might maintain a database of the last scan.

If your company really wants to work on this I'm willing to restore the above image in order to answer your question.

On the other hand, I'm more curious about why this happened than concerned about it. I find PSI useful, recommend it to my friends & will continue to do so.

If this is not happening to others perhaps it is not worth pursuing. But, it was so unusual, that I thought it worth reporting.

It's your call, thanks again for the reply & concern.
Xteri
Was this reply relevant?
+0
-0
Maurice Joyce RE: Secunia installed a new program (not an update, a brand new pgm!)
Handling Contributor 28th Feb, 2014 08:20
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Interesting.

I will keep this post live as requested.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Maurice Joyce RE: Secunia installed a new program (not an update, a brand new pgm!)
Handling Contributor 7th Mar, 2014 01:55
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Reopened as requested.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
xteri RE: Secunia installed a new program (not an update, a brand new pgm!)
Member 8th Mar, 2014 02:19
Score: 0
Posts: 8
User Since: 6th Oct 2012
System Score: N/A
Location: US
Last edited on 8th Mar, 2014 02:23
Nothing further from Secunia support. But I believe Secunia is 'fingerprinting' user's machines.

Short reason: The Calibre install shows up in my PSI "History" page as installed Feb 17 at 9:43 AM. This information could only have come from Secunia's servers.

Longer explanation: I started this thread/post because PSI unexpectedly installed a new program on my C drive. (see above post(s). Because of that incident, I restored an earlier image (not system restore, a full disk image) from before I ran PSI & had the problem. The image did have PSI installed, it is one of the first things I install on a new build. (see above) Without running PSI, I uninstalled & installed the most recent version, ran that without problem. My settings are to only scan C drive & Calibre has never been installed on this "machine" (Image).

If PSI is storing the history locally it would have no way of being aware of the Calibre install. Therefore PSI is storing our machines install history 'in the cloud' and using fingerprinting techniques to identify us.

That is what I asked tech support - I now think that PSI did not 'see' the old Calibre install on my N drive, it saw in the 'cloud' database I had an old version of Calibre installed & updated me. Except what PSI did not know was I had rolled back my machine to an earlier time - before the Calibre install. Hence the 'new' install.

BTW I have no issue with being 'fingerprinted' and will continue to use PSI happily. It is probably disclosed somewhere in the TOS. I was mainly interested in what the heck happened!!

I'll leave this thread open another week or so, if I hear nothing further from Secunia I will close it.

Maurice, thank you for your help, you are a great asset to the community!

a PS - If my logic is wrong please let me know!! :)
Was this reply relevant?
+0
-0
xteri RE: Secunia installed a new program (not an update, a brand new pgm!)
Member 16th Mar, 2014 02:58
Score: 0
Posts: 8
User Since: 6th Oct 2012
System Score: N/A
Location: US
Still nothing further fron Secunia, will close this thread.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Secunia installed a new program (not an update, a brand new pgm!)
Handling Contributor 16th Mar, 2014 08:33
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
To lock (close) a thread you must activate ACCEPT against the post of the person who helped you the most or I can close it for you.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
xteri RE: Secunia installed a new program (not an update, a brand new pgm!)
Member 16th Mar, 2014 16:43
Score: 0
Posts: 8
User Since: 6th Oct 2012
System Score: N/A
Location: US
Well...., I was about to do that...., but I noticed a typo in my previous post, clicked edit, corrected it & that's when my power went off! Battery UPS was good but the local power failure knocked out the internet too so the typo is still there. I live on a small island called Molokai & we have been having frequent failures in our grid for the last year or so. I even bought my own generator!

Regardless, thanks again for your help, Maurice, will now accept your post & close the thread.

Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer