navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is there any security benefit to "continuous monitoring of new pr...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Alan_Baxter Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 12th Apr, 2009 23:26
Ranking: 0
Posts: 61
User Since: 1st Mar, 2009
System Score: N/A
Location: US
Last edited on 12th Apr, 2009 23:27

PSI's "continuous monitoring of new program installations and removals" doesn't seem to have any security benefit beyond giving me a list of what programs are on my computer. It doesn't appear to notify me of any security patches when they are released; instead, I get notified the next time it does a scan. It seems like I can get the same security benefit by starting PSI only once a week and running a manual scan. Am I missing something?

It also doesn't notify me about any unpatched vulnerabilities, i.e. vulnerabilities the vendor hasn't patched yet. It would be very nice if it did that so I could have some protection against zero-day exploits.

trombone_dude RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 18th Apr, 2009 23:15
Score: 0
Posts: 49
User Since: 3rd Jan 2009
System Score: 100%
Location: US
Last edited on 18th Apr, 2009 23:19
It sounds to me as if you are not letting PSI run in the background. If that is the case, you should try adding it to program files>startup so it will keep track. My computer notifies me of changes whenever I update/install/uninstall programs within a few minutes, and to me the feature is well worth it. There is certainly a security benefit. With new exploits coming out every day, I would MUCH rather not take a chance...

EDIT: I just noticed that on PSI v 1.0.0.4 the box above "enable program monitoring" is "start the secunia psi on boot" Make sure both boxes are checked.

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro
Was this reply relevant?
+0
-0
Alan_Baxter RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 19th Apr, 2009 00:46
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
on 18th Apr, 2009 23:15, trombone_dude wrote:
With new exploits coming out every day, I would rather not take a chance...

That's my point. New patches are released and vulnerabilities are discovered every day, but PSI does not notify me about any of the patches until it does the next full scan, and never notifies me of any unpatched vulnerabilities, even if those vulnerabilities are currently being exploited. I'm grateful that PSI detects any unpatched programs on my computer whenever it does a full scan, but the continuous program monitoring doesn't appear to have any security benefit. I'm running Secunia PSI v1.0.0.4.

I am running PSI in the background and "Enable program monitoring" is checked. PSI notifies me about any programs I update or uninstall only if it already knows about them from its last full scan. I've installed four programs since the last full scan was done on 13 April. Even though PSI was running and program monitoring was enabled, none of them show up in PSI's list of programs until a full scan is performed. Are you sure your installation of PSI behaves differently?

Also, PSI doesn't notify me if a patched version of a previously scanned program comes out until the next full system scan. Does your PSI do something different? Try this for example. I don't have WinRAR on my system, so I downloaded an old insecure version of it from filehippo, WinRAR 3.70, and installed it. PSI doesn't report that the program has been installed or that it's Insecure. I expect PSI will add the program to its database and report it insecure after the next full scan, but not before then.
Was this reply relevant?
+0
-0
trombone_dude RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 19th Apr, 2009 01:34
Score: 0
Posts: 49
User Since: 3rd Jan 2009
System Score: 100%
Location: US
I was able to find an old version of VLC that was not previously installed on my laptop. I installed it, and about a minute later, PSI recognized it and labeled it as insecure. I am not sure what is wrong with your install, but there is definitely an issue there...

You may have alredy done this, but I would suggest uninstalling, restarting and reinstalling PSI.

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro
Was this reply relevant?
+0
-0
wr RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Contributor 19th Apr, 2009 02:27
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
@ trombone dude-I'm with you on recognizing change in programs. 1 minute or 2 PSI after a program change & I get a balloon notification in sys tray.

wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Tarq57 RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 19th Apr, 2009 03:38
Score: 16
Posts: 106
User Since: 20th Dec 2007
System Score: N/A
Location: NZ
Same here. The PSI notifies me of any program change, generally within a minute or less of the change. PSI 1.0.0.4.
It has also notified me of out of date or vulnerable software "on the fly", between scans.

--
Windows XP Home 32, SP3- patched as they are released, AMD 3500+, 2G RAM, avast 8.0, Autorun Eater, Secunia PSI.
Was this reply relevant?
+0
-0
Alan_Baxter RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 19th Apr, 2009 05:32
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Thank you all, for all the feedback. I uninstalled PSI, rebooted, and reinstalled PSI 1.0.0.4. We'll see how it goes.
Was this reply relevant?
+0
-0
username7754 RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 20th Apr, 2009 04:39
Score: 0
Posts: 12
User Since: 28th Mar 2009
System Score: N/A
Location: N/A
on 12th Apr, 2009 23:26, Alan_Baxter wrote:
...
It also doesn't notify me about any unpatched vulnerabilities, i.e. vulnerabilities the vendor hasn't patched yet. It would be very nice if it did that so I could have some protection against zero-day exploits.

Yes, I agree, I made post to that effect recently
http://secunia.com/community/forum/thread/show/160...

This would probably be an off be default option on the settings tab, but still very useful especially if workarounds were presented.
Was this reply relevant?
+0
-0
Alan_Baxter RE: Is there any security benefit to "continuous monitoring of new program installations and removals"?
Member 20th Apr, 2009 17:32
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Last edited on 20th Apr, 2009 17:32
Update: I just noticed the following entry at http://secunia.com/vulnerability_scanning/personal...

(unknown source)
# Should I scan my computer every time I receive a reminder about new detection rules?

It is recommended that you perform a manual scan on your computer every time you receive a reminder that new detection rules are available for the Secunia PSI. Since new detection rules are created every time a vendor patches a known vulnerability in any of the products monitored by the Secunia PSI, scanning your computer ensures that you are made aware of these new security releases and patches if any of your software is affected.

Apparently PSI can't notify me about any patches released since the previous scan until a subsequent full or manual scan is done. That's what I thought, but I wasn't sure. I must have overlooked it when I read the FAQ the first time.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+