Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: [js] PSI Missing Functionality, Flawed Design, Insecure Software

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
johnski [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 19th Apr, 2009 12:21
Ranking: 0
Posts: 10
User Since: 19th Apr, 2009
System Score: N/A
Location: N/A
Last edited on 19th Apr, 2009 12:57

PSI has received endorsements and recommendations in PC newsletters, by so called expert and experienced journalists in the PC field.

But it doesn't take long to realise that PSI is another program that shows a lot of promise, but is missing functionality / has flawed design.

How can PSI be regarded as software for checking the security / up-to-date state of installed software when...

- it just blatantly ignores Software that it doesn't know anything about?

- where is the Tab on the User Interface listing all the Software that it doesn't know about?

- is it right to ignore all the missing / unknown software and give users a false perception that their PC software is up-to-date and secure?

- why does PSI not list ALL PROGRAMS in the Add / Remove list and return a status of
In-Secure
End-Of-Life
Patched
OR WE DON"T KNOW WHAT THE HELL THIS IS SO WE ARE GOING TO PRETEND THAT THIS SOFTWARE DOES NOT EXIST?

- on the User interface Insecure tab, at the bottom of the page you have

Help us improve our service to you:
Program missing? Suggest it here!

YOU'VE GOT TO BE JOKING HAVN'T YOU?

PSI is inspecting our systems, but it can't look through the Add / Remove list and determine what programs are on the PC!!!

At least admit / be brave enough to have a WE DON"T BLOODY KNOW tab on the user interface!!!

It surely wouldn't take much code to Upload a list of Missing Programs to your Server, for future consideration / inclusion?

HMMM! Security software that only looks at some programs and ignores / fails to acknowlege unknown programs!!! VERY GOOD!!!

Regards,
John

Tarq57 RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 19th Apr, 2009 13:15
Score: 16
Posts: 106
User Since: 20th Dec 2007
System Score: N/A
Location: NZ
Hmm. I've been using this for a while, and have actually, three times, suggested a program and sent it off. Coincidence or maybe not, within a week or two, the program was often added.
So no, they ain't joking. They appear to be building the database all the time.
I don't know why the results of a users add/remove list are not also listed there. Perhaps this would be a useful feature, and with the user perhaps having the option to "opt-in" to have the list sent to Secunia for analysis and vulnerability vetting. I would not expect it to be a particularly esy task; as you probably know, there is still a hell of a lot of fairly obscure software installed on PCs all around the place for which there probably isn't much info.
Personally I've found the application to be extremely useful. I see you haven't (yet).
Perhaps try something different from the "download solution" button mentioned in your other posts today. Set the interface to Advanced (if it's not there already) mouse over the entry, and read off the full file/path to see what is actually being reported. It certainly seems those three apps status could use a little more investigation.
Lastly, I don't work for this company nor in the software business, nor am especially geeky. But I know enough to be grateful for well motivated, genuinely useful and free software. Lots of folk have had issues with various aspects of its use. To my mind, that is often due to the incomplete job some software does when installing or updating, rather than the PSI. Sure, it's not without its faults, but constructive criticism is more indicated, here.

--
Windows XP Home 32, SP3- patched as they are released, AMD 3500+, 2G RAM, avast 8.0, Autorun Eater, Secunia PSI.
Was this reply relevant?
+0
-0
wr RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Contributor 19th Apr, 2009 17:51
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
@ Tarq57 without getting into a flame war I gotta vote w/ you 100%. I have yet to see any software without some faults. After all Secunia could charge for this service which to my knowledge no one else even offers.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
trombone_dude RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 19th Apr, 2009 20:54
Score: 0
Posts: 49
User Since: 3rd Jan 2009
System Score: 100%
Location: US
on 19th Apr, 2009 12:21, johnski wrote:
PSI has received endorsements and recommendations in PC newsletters, by so called expert and experienced journalists in the PC field.

But it doesn't take long to realise that PSI is another program that shows a lot of promise, but is missing functionality / has flawed design.

How can PSI be regarded as software for checking the security / up-to-date state of installed software when...

- it just blatantly ignores Software that it doesn't know anything about?

- where is the Tab on the User Interface listing all the Software that it doesn't know about?

- is it right to ignore all the missing / unknown software and give users a false perception that their PC software is up-to-date and secure?

- why does PSI not list ALL PROGRAMS in the Add / Remove list and return a status of
In-Secure
End-Of-Life
Patched
OR WE DON"T KNOW WHAT THE HELL THIS IS SO WE ARE GOING TO PRETEND THAT THIS SOFTWARE DOES NOT EXIST?

- on the User interface Insecure tab, at the bottom of the page you have

Help us improve our service to you:
Program missing? Suggest it here!

YOU'VE GOT TO BE JOKING HAVN'T YOU?

PSI is inspecting our systems, but it can't look through the Add / Remove list and determine what programs are on the PC!!!

At least admit / be brave enough to have a WE DON"T BLOODY KNOW tab on the user interface!!!

It surely wouldn't take much code to Upload a list of Missing Programs to your Server, for future consideration / inclusion?

HMMM! Security software that only looks at some programs and ignores / fails to acknowlege unknown programs!!! VERY GOOD!!!

Regards,
John


First of all, if you do not like it, do not use it! Period!

Secondly, it would be nearly impossible to have every single program listed in PSI. Do you have any clue how many programs there are out there??? Are you crazy? Why would you have a tab of programs you don't know about? You DON'T KNOW ABOUT THEM!!! And as you so aptly pointed out, there is a link to suggest addition of a program you want included. I know for a fact that if you submit something that is missing you will get a response, and the program will get added.

Finally, and I know many people would agree with me on this. I do not want any person or program taking a look at my programs on MY computer, making alist and sending it back to a server somewhere for god knows what, and god knows how long.

If you think PS is missing functionality, go click the link and suggest they add the programs you say are missing. Or better yet, go make your own software that does recognize EVERY single program out there. Get back to me when you do, and I will be sure to try it out.

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro
Was this reply relevant?
+0
-0
Old Phil RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 20th Apr, 2009 00:03
Score: -1
Posts: 45
User Since: 19th Apr 2009
System Score: N/A
Location: Jamesport, US
on 19th Apr, 2009 20:54, trombone_dude wrote:
First of all, if you do not like it, do not use it! Period!

Secondly, it would be nearly impossible to have every single program listed in PSI. Do you have any clue how many programs there are out there??? Are you crazy? Why would you have a tab of programs you don't know about? You DON'T KNOW ABOUT THEM!!! And as you so aptly pointed out, there is a link to suggest addition of a program you want included. I know for a fact that if you submit something that is missing you will get a response, and the program will get added.

Finally, and I know many people would agree with me on this. I do not want any person or program taking a look at my programs on MY computer, making alist and sending it back to a server somewhere for god knows what, and god knows how long.

If you think PS is missing functionality, go click the link and suggest they add the programs you say are missing. Or better yet, go make your own software that does recognize EVERY single program out there. Get back to me when you do, and I will be sure to try it out.


I am very new to the program but agree with you 100%, I am extremely surprised that anyone would come onto the site and lambaste someones hard work offered for free in that nature.

Phil

--
Home built fairly loaded box ASRock ConRoe1333-D667, 3.4 Intel Dual core, 2G ram, XP Home SP3 Linksys WRT160Nv2 router

733 Dell 512MB ram XP Pro SP3
Acer Aspire One baby lap top

100% Securnia score
Was this reply relevant?
+0
-0
johnski RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 20th Apr, 2009 08:34
Score: 0
Posts: 10
User Since: 19th Apr 2009
System Score: N/A
Location: N/A
on 19th Apr, 2009 12:21, johnski wrote:
PSI has received endorsements and recommendations in PC newsletters, by so called expert and experienced journalists in the PC field.

But it doesn't take long to realise that PSI is another program that shows a lot of promise, but is missing functionality / has flawed design.


See my first two paragraphs, got carried away, trying to provide some constructive criticism. Thanks for some relevant comments.

However...
Secunia are providing vulnerability scanning services to Corporations, so the fact that PSI is free, does not mean we should accept design flaws / inaccurate reporting.

I believe that Secunia PSI is attempting to provide more than simple checking of software revisions / files are up-to-date. They are attempting to assure users that their PC's are (hopefully 100%) up-to-date and therefore less vulnerable to security risks.

There are alternative methods of keeping software up-to-date.

My problem with Secunia PSI is that it can report a PC as 100% Secure, when it has only checked a small number of programs that currently reside on the PC.

On my PC it has NOT DETECTED all Internet browser software. At the very least Secunia PSI should acknowlege that this software resides on the PC, and poses an Unknown security risk.

I also have concerns that it incorrectly reports problems with Microsoft Office software and could not detect when I installed an update to Adobe Acrobat 7.x (see other posts).

Was this reply relevant?
+0
-0
Maurice Joyce RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Handling Contributor 20th Apr, 2009 21:20
Score: 11744
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
From your latest posting it looks like U are only retracting the first two sentences of your initial
post. Apart from continuing to SHOUT, your case in trying to get the maximum from a Company at no cost to U beggars belief.

Point 1.
Secunia are providing vulnerability scanning services to Corporations, so the fact that PSI is free, does not mean we should accept design flaws / inaccurate reporting.

The programmes scanned by PSI are mirrored from CSI. I am sure Corporations would be leaping up & down if there is a design flaw. What are these flaws?
Publish the list of Professional (paid for) versions of any programme on your PC not scanned by PSI.
From the tone of your first posting I get the impression U expect to pay nothing for PSI to scan all the "freebies" on your PC to the extent of scanning add/remove to get the details. As pointed out by Trombone dude that in itself would be a major design flaw and totally unacceptable to many.

As for inaccurate reporting, the jury is still out on your 3 separate posts. If U have made up your mind they are bugs why not email Secunia Support with concrete evidence? They are very receptive. Secunia make no secret of the fact that false positives can arise. This happened with VLC but from positive and accurate reporting the problem is being fixed.

Point 2.
I believe that Secunia PSI is attempting to provide more than simple checking of software revisions / files are up-to-date. They are attempting to assure users that their PC's are (hopefully 100%) up-to-date and therefore less vulnerable to security risks.

Totally incorrect. The function U describe is left to programmes like FileHippo. Secunia only reports on the last secure version of a programme installed on a PC provided that programme is in their database.. It does not report on Beta,Release Candidate releases or updates/upgrades from vendors which are issued as bug fixes or for cosmetic purposes.
This information is available in the FAQ which I assume U read before using the programme.

Point 3.
My problem with Secunia PSI is that it can report a PC as 100% Secure, when it has only checked a small number of programs that currently reside on the PC.

The challenge is out in Point 1 - name the Professional (paid for) programmes not reported on by PSI.

Point 4.
On my PC it has NOT DETECTED all Internet browser software. At the very least Secunia PSI should acknowledge that this software resides on the PC, and poses an Unknown security risk.

PSI reports on IE & Firefox who have cornered approx 90% of the world browser market. If U have a "fringe" browser it can be submitted to Secunia for possible inclusion. U flatly refuse to take up the offer. Why should they bother if U do not as a free user?

Point 5.
I also have concerns that it incorrectly reports problems with Microsoft Office software and could not detect when I installed an update to Adobe Acrobat 7.x (see other posts).

Duplicate of point 1.

The sadness of your posts is the tone. U give the impression of being a PC expert who expects perfection for free. I would like to think the 562 posts I have made in trying to help people have resulted in them appreciating what Secunia has to offer. Mainly, they had no idea just how insecure their PC's were until this little gem appeared to help. The added benefit is that there are a few of us that give our valuable time free to help solve their problems rather than throw "teddies" in the corner because we cannot get what we want for free.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
wr RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Contributor 20th Apr, 2009 22:14
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
@ Maurice Joyce x1 100% JOLLY GOOD!!

regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Old Phil RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 21st Apr, 2009 02:13
Score: -1
Posts: 45
User Since: 19th Apr 2009
System Score: N/A
Location: Jamesport, US
Last edited on 21st Apr, 2009 02:16
Well can not keep my fingers from typing! In my earlier post I noted that I am very new to Secunia, I have only had it on my machine a few days. I have been building and fooling with these infernal boxes since 1972, I am happy to say the program has tickled me to no end. I have made a few minor changes and was very happy to see the program pickup the changes immediately, I have recommended it to several close friends and have posted the link on two other sites I frequent. All I can say is a big thank you to Secunia for doing such a fine job.

Phil

--
Home built fairly loaded box ASRock ConRoe1333-D667, 3.4 Intel Dual core, 2G ram, XP Home SP3 Linksys WRT160Nv2 router

733 Dell 512MB ram XP Pro SP3
Acer Aspire One baby lap top

100% Securnia score
Was this reply relevant?
+0
-0
johnski RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 21st Apr, 2009 09:54
Score: 0
Posts: 10
User Since: 19th Apr 2009
System Score: N/A
Location: N/A
Points read, noted.

Not sure that a System Score of 100% would make me feel 100% Secure!
Was this reply relevant?
+0
-0
michaelsalis RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 21st Apr, 2009 14:12
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
I am not an expert but have a keen interest in computers and the internet.

I am not sure exactly where I learnt of this program but have used it for several months and recommended it to friends, family and other forum sites.

Having looked at the program I did not have the impression it was telling me my computer is 100% safe or otherwise but that the programs it reports on are upto date with the latest security patches from the companies for which I have programs installed. That in itself does not mean that the programs are free from faults nor that it is secure just that I have the latest patches for the particular program. It is the responsibility of the vendor of each program that they are secure not Secunia. I try to make sure that my computer is upto date and as secure as possible but there are programs on the computer that are not used so often or are used by other programs where it is not always obvious they are not upto date and PSI has been very helpful in identifying these.

I think that everything we can do to help to keep use of the internet free from problem and fun is useful and Secunia provide a free program to HELP in this and on it's own is not the whole answer but I don't believe that they are saying that they are. It has found a small number of problems I am not sure I would have found so quickly without it's help, it keeps me upto date by little pop-up balloons when programs are installed/uninstalled and when new versions are available.

I seem to have a little problem at the moment where the main program says I am 100% upto date but in recent posts it says I am 98% a little strange.

I have to say if we are to be angry or disappointed with anybody it is the companies providing the insecure programs not Secunia!

Michael

--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+0
-0
trombone_dude RE: [js] PSI Missing Functionality, Flawed Design, Insecure Software
Member 21st Apr, 2009 16:46
Score: 0
Posts: 49
User Since: 3rd Jan 2009
System Score: 100%
Location: US
Johnski, you are completely missing the point. PSI is not here to completely secure your computer, but to make a big step in that direction. As I have said, it is impossible to have every piece of software listed, but if you feel something is missing, perhaps your time would be better spent suggesting missing programs to secunia. While you sit and complain, programs that may very well belong on the list are not getting added because you are too busy complaining that the programmers are not mind readers, or at worst that they are not stealing a list of programs off your computer. If you want to make the program better, join the community and start clicking the missing program link. I doubt that is your purpose though, so in that case I sincerely hope you move on and quit wasting everybody's time.

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer