Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Apparent False positive for version 2.9.2.2

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Elaborate Bytes
And, this specific program:
elby CloneDVD 2.x

This thread has been marked as locked.
KarlPrince Apparent False positive for version 2.9.2.2
Member 18th Mar, 2009 21:15
Ranking: 0
Posts: 7
User Since: 14th Mar, 2009
System Score: 100%
Location: Leicester, UK
Last edited on 18th Mar, 2009 21:17

PSI still says insecure, despite applying the recommended update.

The cause appears to be PSI looking at the wrong file "RegCloneDVD.exe" (the installer support program that has not needed to be changed for ages or affected by the vulnerability) rather than the actual files from the advisory.

wr RE: Apparent False positive for version 2.9.2.2
Contributor 18th Mar, 2009 21:26
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Sometimes when updating, a program doesn't delete/overwrite the old entries. To locate the exact file that the Secunia PSI has detected, please follow these guidelines using the
advanced interface:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
* Click on the entry of the program to expand it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.
You can then manually delete these remnants-reboot-rescan & hopefully all is well. Good luck & regards. wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Finn Fisker RE: Apparent False positive for version 2.9.2.2
Member 18th Mar, 2009 22:53
Score: 0
Posts: 1
User Since: 4th Mar 2009
System Score: N/A
Location: N/A
on 18th Mar, 2009 21:15, KarlPrince wrote:
PSI still says insecure, despite applying the recommended update.

The cause appears to be PSI looking at the wrong file "RegCloneDVD.exe" (the installer support program that has not needed to be changed for ages or affected by the vulnerability) rather than the actual files from the advisory.

It is a slysoft
Was this reply relevant?
+0
-0
llumy RE: Apparent False positive for version 2.9.2.2
Member 19th Mar, 2009 13:46
Score: 0
Posts: 2
User Since: 8th Feb 2008
System Score: N/A
Location: N/A
I agree. I downloaded the install from PSI and the slysoft provided link. Went over the details of the update and it doesn't touch the RegCloneDVD.exe file.
Was this reply relevant?
+0
-0
KarlPrince RE: Apparent False positive for version 2.9.2.2
Member 19th Mar, 2009 18:07
Score: 0
Posts: 7
User Since: 14th Mar 2009
System Score: 100%
Location: Leicester, UK
Last edited on 19th Mar, 2009 18:07
I still consider it to be a false positive for the following reasons:
. The file RegCloneDVD.exe is not listed as vulnerable in any of the notifications and writeups (outside PSI that is).
. On a clean install PSI considers the newly added RegCloneDVD.exe to be vulnerable
. Deleting RegCloneDVD.exe and re-running the non vulnerable installer re-instates RegCloneDVD.exe which PSI considers as vulnerable.
. The team that found the vulnerability worked with Slysoft to confirm the vulnerability was resolved.

So unless PSI know something about RegCloneDVD.exe no one else does, then PSI IMHO is falsely reporting.
Was this reply relevant?
+0
-0
llumy RE: Apparent False positive for version 2.9.2.2
Member 19th Mar, 2009 21:24
Score: 0
Posts: 2
User Since: 8th Feb 2008
System Score: N/A
Location: N/A
Correct - If I wasn't clear, I consider this a false positive also.
Was this reply relevant?
+0
-0
wr RE: Apparent False positive for version 2.9.2.2
Contributor 19th Mar, 2009 22:34
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Alternatively, should you have question that you're unable to get answered through our Secunia Community Forum you should send an email to support@secunia.com (Please note. Due to the high volume of emails that we receive we cannot guarantee an answer to all inquiries).

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
hkeycurrentuser RE: Apparent False positive for version 2.9.2.2
Member 20th Mar, 2009 18:49
Score: 0
Posts: 7
User Since: 4th Dec 2008
System Score: N/A
Location: N/A
Thanks for the email contact address, wr.

I'm having the same problem: two instances of AnyDVD and two instances of CloneDVD displaying as "Insecure." Upon application of one-each of the two different "Solutions" (i.e., updating the apps) the two instances of AnyDVD go away but, even after re-scanning, one instance of CloneDVD still remains--which is kind of weird since PSI is obviously looking at different sets of indices for each of the two instances.

This peculiarity notwithstanding, I'm wondering how what appears to be a totally self-contained, standalone, "noncommunicative" set of programs like these might pose a security threat if not updated. File readers and players (like Adobe Reader and Winamp): yes; but how does malware get introduced by not updating a straightforward optical media copier?
Was this reply relevant?
+0
-0
frcolm RE: Apparent False positive for version 2.9.2.2
Member 21st Mar, 2009 00:36
Score: 0
Posts: 1
User Since: 29th Nov 2008
System Score: N/A
Location: N/A
on 18th Mar, 2009 21:15, KarlPrince wrote:
PSI still says insecure, despite applying the recommended update.

The cause appears to be PSI looking at the wrong file "RegCloneDVD.exe" (the installer support program that has not needed to be changed for ages or affected by the vulnerability) rather than the actual files from the advisory.

Was this reply relevant?
+0
-0
Zman RE: Apparent False positive for version 2.9.2.2
Member 21st Mar, 2009 17:19
Score: 0
Posts: 3
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
Because of this problem that Secunia does not appear to want to corrct, I will switch to FileHippo's Update Checker. It finds a lot more than Secunia PSI.
Was this reply relevant?
+0
-0
uufox RE: Apparent False positive for version 2.9.2.2
Member 21st Mar, 2009 23:33
Score: 1
Posts: 2
User Since: 21st Mar 2009
System Score: N/A
Location: N/A
on 21st Mar, 2009 17:19, Zman wrote:
Because of this problem that Secunia does not appear to want to corrct, I will switch to FileHippo's Update Checker. It finds a lot more than Secunia PSI.


It is not rare that Secunia has false positives, and it is not rare that they do not fix them even though the mentioned vulnerabilities do not exist. I have quite a few such examples.

The solution is not to remove Secunia PSI, but rather to be aware, that false positives might exist, and to ignor the stupid grades that Secunia gives. I don't care not to have a 100% grade (due to Secunia's false positives).

It is still valuable, and FileHippo's updater, while a very good tool by itself, is not a true replacement for Secunia's PSI. I use them both.

Was this reply relevant?
+0
-0
Zman RE: Apparent False positive for version 2.9.2.2
Member 22nd Mar, 2009 02:02
Score: 0
Posts: 3
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
Last edited on 22nd Mar, 2009 02:04
Thanks uufox.

I have not had this false positive problem with Secunia before. I haven't used it that long. The last sentence nails it. Use BOTH. There has always been safety in "layers". But so far I have been VERY impressed with FileHippo Update Checker.
Was this reply relevant?
+0
-0
sbrannon RE: Apparent False positive for version 2.9.2.2
Member 23rd Mar, 2009 09:02
Score: 0
Posts: 6
User Since: 11th Jun 2008
System Score: 94%
Location: US
Last edited on 23rd Mar, 2009 09:03
Secunia is looking at the wrong file to check the version of CloneDVD 2 installed. They are looking at RegCloneDVD.exe, instead of CloneDVD2.exe. If they would look at the correct file (CloneDVD2.exe) they would see the following version strings:

file version "2.9.2.2"
product version "2,9,2,2"



Everyone (Zman) doesn't need to get their panties in a knot. In my experience Secunia fixes issues with PSI quite quickly. Delete RegCloneDVD.exe and all will be copacetic in the mean time.

Just relax....
Was this reply relevant?
+0
-0
hkeycurrentuser RE: Apparent False positive for version 2.9.2.2
Member 23rd Mar, 2009 14:48
Score: 0
Posts: 7
User Since: 4th Dec 2008
System Score: N/A
Location: N/A
Last edited on 23rd Mar, 2009 14:51
on 23rd Mar, 2009 09:02, sbrannon wrote:
Delete RegCloneDVD.exe and all will be copacetic in the mean time.


Or, better still, choose to "Ignore Program" (in Advanced Mode).

SlySoft offers updates to their software on a very regular basis and--as I intimated above--unless anyone can suggest how straightforward optical media copiers like these (i.e., CloneDVD and CloneCD) might pose a security risk if NOT updated I don't see any reason to be concerned about them any more than I would be concerned about updating MS Notepad or Paint.

Adobe Reader, Winamp and WMP have communication hooks to "the outside world" which makes them vulnerable to exploitation, but how so with these SlySoft applications?
Was this reply relevant?
+0
-0
sbrannon RE: Apparent False positive for version 2.9.2.2
Member 23rd Mar, 2009 22:58
Score: 0
Posts: 6
User Since: 11th Jun 2008
System Score: 94%
Location: US
on 23rd Mar, 2009 14:48, hkeycurrentuser wrote:
SlySoft offers updates to their software on a very regular basis and--as I intimated above--unless anyone can suggest how straightforward optical media copiers like these (i.e., CloneDVD and CloneCD) might pose a security risk if NOT updated I don't see any reason to be concerned about them any more than I would be concerned about updating MS Notepad or Paint.


CloneCD and CloneDVD2 both had problems with their driver interfaces apparently:

http://www.slysoft.com/download/changes_clonecd.tx...
http://www.slysoft.com/download/changes_clonedvd.t...
Was this reply relevant?
+0
-0
hkeycurrentuser RE: Apparent False positive for version 2.9.2.2
Member 24th Mar, 2009 03:26
Score: 0
Posts: 7
User Since: 4th Dec 2008
System Score: N/A
Location: N/A
on 23rd Mar, 2009 22:58, sbrannon wrote:
CloneCD and CloneDVD2 both had problems with their driver interfaces apparently


Ahhhhhhh, so...

Thanks!
Was this reply relevant?
+0
-0
KarlPrince RE: Apparent False positive for version 2.9.2.2
Member 4th Apr, 2009 10:00
Score: 0
Posts: 7
User Since: 14th Mar 2009
System Score: 100%
Location: Leicester, UK
on 18th Mar, 2009 21:15, KarlPrince wrote:
PSI still says insecure, despite applying the recommended update.

The cause appears to be PSI looking at the wrong file "RegCloneDVD.exe" (the installer support program that has not needed to be changed for ages or affected by the vulnerability) rather than the actual files from the advisory.
At Last...

PSI has been updated to look at the correct file, so no more false positive
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer