Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: the advanced interface section...I don't think its accurate

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Hakimy the advanced interface section...I don't think its accurate
Member 24th Oct, 2009 09:04
Ranking: 0
Posts: 3
User Since: 24th Oct, 2009
System Score: N/A
Location: N/A
Hi All

I tried secunia psi and I think that its great.but I have some questions about the advanced section.

In the simple interface mode,I patched everthing and my score was 100%.then I went to the advanced one.now here is the weird part to me.it says that google chrome 3.0.195.21 is insecure but the version I have is 3.0.195.27 (beta version) and firefox 3.0.5 is insecure though my version is 3.5.3 so what is the problem?I used to have these old versions but I updated them to the ones I mentioned so why does secunia shows me these alerts?

it also says that I have 2 sun java JRE versions (6.0.70.6 and 6.0.30.5) and it asks me to uninstall those.is that safe?and why mentioning 2 versions?

and finally in the end-of-life section,it mentions that I have 2 programs but they are actually one! shockwave player v 10.4.0.25 which is mentioned twice!

I'm not sure if I should follow these advices or not.any help here please?

michaelsalis RE: the advanced interface section...I don't think its accurate
Member 24th Oct, 2009 09:56
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
I cannot give you an accurate technical reason for what psi is showing you, others on here will be able to if they read your post.

PSI does show the same program more than once on occasions and there are several reasons for this. PSI apparently uses both exe and dll files to determine if a program is secure, if you click on the + sign and expand the entry it will show you where the file psi is using is located sometimes both the exe and dll files are shown. Sometimes it is because the file is located in different places on your computer or perhaps a back up location. on other occasions is it because several different programs have the same file eg Adobe Flash player is located on my computer for use with IE and the dongle I use for internet connection.

The Sun Java version on my computer that psi shows as secure is 6.0.160.1, some programs when updating do not uninstal the original version and you have have to do this manually or sometimes they provide an uninstaller to remove the old version and then you can instal the new. However, if you have old versions on your computer you can update them and psi does in many cases help you with that either with the wizard or directing you to where you are able to find the update.

When you expand the entry it will show you the various options. If you don't know what to do with each program you can always repost here and there will be somebody more knowledgeable than I to help you.

Excuse the length and non technical explanations which I hope are of some help.

Michael

--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+0
-0
mogs RE: the advanced interface section...I don't think its accurate
Expert Contributor 24th Oct, 2009 12:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 24th Oct, 2009 12:56
on 24th Oct, 2009 09:04, Hakimy wrote:
Hi All

I tried secunia psi and I think that its great.but I have some questions about the advanced section.

In the simple interface mode,I patched everthing and my score was 100%.then I went to the advanced one.now here is the weird part to me.it says that google chrome 3.0.195.21 is insecure but the version I have is 3.0.195.27 (beta version) and firefox 3.0.5 is insecure though my version is 3.5.3 so what is the problem?I used to have these old versions but I updated them to the ones I mentioned so why does secunia shows me these alerts?

it also says that I have 2 sun java JRE versions (6.0.70.6 and 6.0.30.5) and it asks me to uninstall those.is that safe?and why mentioning 2 versions?

and finally in the end-of-life section,it mentions that I have 2 programs but they are actually one! shockwave player v 10.4.0.25 which is mentioned twice!

I'm not sure if I should follow these advices or not.any help here please?

You need to uninstall the older version of Chrome....it is not done automatically.I have 3.0.195.27 showing ok in the Secure browsing tab.
The same seems to be true of your Java....uninstall the older version. Apparently that will be done automatically from the latest version onwards.
Regarding Shockwave; Secunia is telling you of two files/progs it has detected. If you expand the entries by clicking the+sign alongside you will find more information. Regards and hope this helps.


--
Was this reply relevant?
+0
-0
Hakimy RE: the advanced interface section...I don't think its accurate
Member 24th Oct, 2009 13:15
Score: 0
Posts: 3
User Since: 24th Oct 2009
System Score: N/A
Location: N/A
but that is the point.I have the latest version of chrome,but in the advanced insecure section,it shows that i have an older version of chrome and firefox,which I'm not.
Was this reply relevant?
+0
-0
Anthony Wells RE: the advanced interface section...I don't think its accurate
Expert Contributor 24th Oct, 2009 13:52
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 24th Oct, 2009 13:55
Hello Hakimy


Here are some tips for using "advanced" mode :-

To help resolve your problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

If you are unable to resolve the problem yourself , all this info should allow someone on the forum to help/advise you .

1)for Chrome : v3.0.195.27 is the latest "stable" release , all versions prior to this are best removed , and definitely if PSI says they are "insecure" , updates often leave an older version's files behind. Basically the same for Firefox .

2)for Java , older versions are very rarely needed .
I will look for & post here Maurice Joyce's excellent method for cleaning up Java.

3)for Shockwave : v10.4.0.25 is "out of date" & what that implies ; but many Games & things still use it . If you uninstall it it , the next time you come across such a thing , this old version may ask to be installed. That is your choice.

Hope this helps , ask any questions if this is not clear.

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Anthony Wells RE: the advanced interface section...I don't think its accurate
Expert Contributor 24th Oct, 2009 14:02
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 24th Oct, 2009 14:06
Hakimy ,

This is Maurice Joyce's Excellent method for cleaning up JAVA :-

"QUOTE"
If U have not got the latest version of JAVA (Version 6 Update 15) download it from here:
http://www.filehippo.com/download_java_runtime/

Once the update is complete go to Control Panel>JAVA icon>Update Tab and take the tick out of box marked "Check for updates auto ....." (This will prevent a useless file called JUSCHED from being place in your start up menu.


Now remove all the old dross from previous versions.

The tool will remove all old versions, any useless files from previous installs except for the version U have just installed

http://raproducts.org/

*This link takes U to the site - select the Windows Binary (zip) option.
*This will lead U to Sourceforge.net to download it.
*Save the download to desktop.
*Activate the desktop zip icon which exposes the JAVARA EXE file. Click it
*Select RUN when asked.
*Select your language.
*The tool will now appear on the desktop - select REMOVE OLDER VERSIONS
*Once complete select ADDITIONAL TASKS - tick all boxes & activate.


* Right click on the desktop JAVARA zip file & delete it.

Future Updates Of JAVA.

Once all the old JAVA dross is removed future updating is easy.

Go to Start>Control Panel>click on the JAVA icon>select the Update tab>click the Update Now button.

Once the update is complete take the tick out of box marked "Check for updates auto ....." (This will prevent a useless file called JUSCHED from being place in your start up menu.

Run PSI & all aspects should register as secure.
"UNQUOTE"

Anthony

Java update 15 & 16 are both secure , you may wish to load v16.


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: the advanced interface section...I don't think its accurate
Expert Contributor 24th Oct, 2009 17:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
on 24th Oct, 2009 13:15, Hakimy wrote:
but that is the point.I have the latest version of chrome,but in the advanced insecure section,it shows that i have an older version of chrome and firefox,which I'm not.

So, in the Advanced mode, is the newer version of Chrome shown in the Secure Browsing tab? If another older version of Chrome is showing in the Insecure tab,it is because Secunia is still detecting the older Chrome files. There will be the + sign alongside, that when clicked, will expand the entry and allow you to find the path to the insecurity and delete it.

--
Was this reply relevant?
+0
-0
Hakimy RE: the advanced interface section...I don't think its accurate
Member 27th Oct, 2009 14:23
Score: 0
Posts: 3
User Since: 24th Oct 2009
System Score: N/A
Location: N/A
on 24th Oct, 2009 13:52, Anthony Wells wrote:
Hello Hakimy


Here are some tips for using "advanced" mode :-

To help resolve your problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

If you are unable to resolve the problem yourself , all this info should allow someone on the forum to help/advise you .

1)for Chrome : v3.0.195.27 is the latest "stable" release , all versions prior to this are best removed , and definitely if PSI says they are "insecure" , updates often leave an older version's files behind. Basically the same for Firefox .

2)for Java , older versions are very rarely needed .
I will look for & post here Maurice Joyce's excellent method for cleaning up Java.

3)for Shockwave : v10.4.0.25 is "out of date" & what that implies ; but many Games & things still use it . If you uninstall it it , the next time you come across such a thing , this old version may ask to be installed. That is your choice.

Hope this helps , ask any questions if this is not clear.

Take care
Anthony


C:\Users\omar\AppData\Local\Google\Chrome\Applicat ion\3.0.195.21\chrome.dll

it also showed that I have 2 versions! chrome 3.0.195.21 and chrome 3.0.195.27 in chrome > applications! so what should I do now?
Was this reply relevant?
+0
-0
Anthony Wells RE: the advanced interface section...I don't think its accurate
Expert Contributor 27th Oct, 2009 16:58
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Hakimy ,

In the Chrome Applications folder simply right click on the version 3.0.195.21 folder & select delete . PSI may still detect it in the "garbage" , so you also need to empty it from there.

When you look at Chrome in the "patched" tab , when it is not "expanded" you will see a coluor bar at the right end of the programme ; mouse over for more info , then click on the bar and it will take you to a Secunia advisory SA36913 which tells you that all versions of Chrome prior to 3.0.194.24 are insecure.

Depending on the method of updating Chrome , old version files are often not removed automatically , so you have to clean up manually. Downloading and running the latest version installer "usually" does clean up after itself .

Hope that is clear enough , if not , just ask .

Let us know how you go .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
puget1 RE: the advanced interface section...I don't think its accurate
Member 28th Oct, 2009 06:14
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
P.S. everything mentioned is correct only don't forget to reboot after clearing all those files and rescan. Most everyone that answered your question will tell you not to doubt secunia in 99% of all cases.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability