|
|
Forum Thread: PSI and OSI Catch22
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.
This thread was submitted in the following forum:
Secunia PSI - Feedback and Questions
| bjm-
| PSI and OSI Catch22
|
|
|
by bjm- on 28th Jul, 2009 19:32
|
Posts: 160
User Since: 9th Mar, 2009
Secunia System Score: 100%
Location: US |
Good day Secunia,
Wondering if it is safe to run PSI and/or OSI.
PSI requires Macromedia Flash Player which has unpatched security vulnerability.
OSI requires Java which has unpatched security vulnerabilty.
So, am I in a Catch22 or does accesssing a known safe site such as Secunia negate the threat.
Regards
bjm- |
|
|
| BigDave_39
| RE: PSI and OSI Catch22
|
|
|
by BigDave_39 on 28th Jul, 2009 20:16
|
Posts: 175
User Since: 26th Nov, 2008
Secunia System Score: N/A
Location: Washington, DC, US |
Haha that is funny :-)
But the PSI doesn't really *require* flash, it just uses it to display the fancy graphs - so I suppose if you can live without them until Adobe patches, then you should be good.
--
Big Dave |
|
|
| bjm-
| RE: PSI and OSI Catch22
|
|
|
by bjm- on 28th Jul, 2009 21:39, last edited on 28th Jul, 2009 21:39
|
Posts: 160
User Since: 9th Mar, 2009
Secunia System Score: 100%
Location: US |
Hi Big Dave
why is my query a HaHa funny?
please clarify...if it uses it how is that different from requires it.
I have all Macromedia/Adobe Add-ons disabled (precautionary until patch) and the fancy graphs still appear.
How does PSI use FlashPlayer when I have disabled the browser add-ons.
After I run a PSI scan. My Tracks Eraser application displays ~ AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\sett ings.sol
The Flash Player was utilized and left tracks of it's usage. Isn't that a potential threat. Secunia recommends uninstalling or at least not using Macromedia/Adobe until vendor releases patch.
So, does PSI scan pose a threat or does accessing a known safe server like Secunia through IE utilizing FlashPlayer negate the threat.
Regards
bjm-
same issue/query for OSI and Java |
|
|
| BigDave_39
| RE: PSI and OSI Catch22
|
|
|
by BigDave_39 on 28th Jul, 2009 21:50
|
Posts: 175
User Since: 26th Nov, 2008
Secunia System Score: N/A
Location: Washington, DC, US |
Hi,
I believe it is different in the sense that *if* you uninstall Flash Player from your system, the PSI *will* still function and provide you with the same results.
Also, as long as the evil websites can't start your vulnerable Flash Player, then there shouldn't be any problems.
The same goes for your Java - as long as only Secunia.com can start your Java, then there's not really any problems...
--
Big Dave |
|
|
| bjm-
| RE: PSI and OSI Catch22
|
|
|
by bjm- on 29th Jul, 2009 00:56, last edited on 29th Jul, 2009 00:56
|
Posts: 160
User Since: 9th Mar, 2009
Secunia System Score: 100%
Location: US |
Hey Big Dave,
Oh!!!
I thought Flash Player was the application that generated the Secunia PSI UI. I thought no Player no UI. So, in reality only the animated presentation is via Flash Player. So, why/how do I still get the barber polls with the Macromedia add-ons to IE disabled.
I know Java is required to run OSI because when I disable Firefox Java plugins. No OSI. Unable to load Java applets.
I know Java is required to run OSI because when I disable IE Java add-ons. No OSI. SunJava is required for the Secunia Online Software Inspector to work. Unable to load Java applets.
Naturally I prefer PSI. Just wish I understood what presents the UI. I have the Flash Player disabled and no change to PSI UI. I know if I block IE scripts then no PSI UI.
Thanks for your time and interest in my issue.
Thanks for supporting what I assumed but, was not 100% sure of...as long as I'm going to a known trusted server. The Flash Player and Java threat is negligible.
Any additional comments welcomed and appreciated.
Regards
bjm-
|
|
|
|
