Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI fails to report Java after u.20

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
TiMow PSI fails to report Java after u.20
Dedicated Contributor 19th Apr, 2010 15:08
Ranking: 737
Posts: 728
User Since: 26th Jun, 2009
System Score: N/A
Location: CH
Hi Emil and Morten (@ Secunia), and all others who may be able to help.

Re.Sun Java JRE 1.6.0.20

After the recent security patch to u.20, PSI no longer lists Sun Java JRE 1.6.x/ 6.x. (2x entries), and Java console (extn. for Ff.) in patched or Sun Java JRE 1.6.x/ 6.x. (2x entries), as a browser component for any of my 3 browsers (Ff., Chrome, IE8) in secure browsing.

This followed the removal (uninstall) of u.19 from add/remove, and new download/install of u.20

I don't normally uninstall Java prior to updating, but following the previous update to u.19, using Secunia download solution link; there was a question mark over whether I had the correct Java version installed, due to Secunia providing the wrong link address; until this was later discovered and rectified.

My Java file size was 97.23 MB, whereas other regular forum contributors reported file size(s) of 94.53 MB - the additional 1.7 MB may have indicated additional "dross" that could have been included with Java JSE - so therefore I uninstalled u.19, before updating.

The new installation of Java JRE u.20 now had a file size of 90.61 MB, compared to others who had merely updated without uninstalling, still showing 94.53 MB. One other member that I know of, followed the same procedure as me with the same file size (90.61 MB).

After reboot and re-scan, PSI no longer lists any Java.

Since then I have:

- downloaded/installed U.20 using each of my 3 browsers;
- used different install links;
- installed u.18 from Java archive site and allowed Java to self-update;
- installed u.19 (not available from archive site) from Ff. download history and updated from Java.com using IE (as PSI does);
- run a registry fix (ASC) and CHKDSK on my computer;
- numerous reboots and re-scans after each step.
- satisfied myself that I have the correct u.20 installed from add/remove; Java control panel; correct addon and plugin versions on Ff.; file searches in Windows explore, and then checking properties - I have the 2 entries (C:\Program Files and C:\WINDOWS\system32) that PSI normally reports.
- have changed no settings in IE (I don't normally use it), or on anything else;
- no new programs.

My current installation of u.20 is the one outlined above - updated from u.19 using IE. This again, now has a file size of 97.23 MB.

Any ideas?

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.

Post "RE: PSI fails to report Java after u.20" has been selected as an answer.
M.Hansen RE: PSI fails to report Java after u.20
Secunia Official 19th Apr, 2010 15:31
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi Timow

I've been messing around with Java today. Both the 32bit and 64bit version (Java 6 Update 20)

After updating to the current version, the PSI did, flag it as secure as intended.

Does Java work as it should? (try to run a OSI scan)
TiMow RE: PSI fails to report Java after u.20
Dedicated Contributor 19th Apr, 2010 16:49
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 19th Apr, 2010 16:51
Thanks for coming back on this promptly, Morten.

I neglected to include details of my OS in my initial post - XP Pro SP3 (32bit).

I'm obviously getting no flags - secure or otherwise - as PSI is just not finding or reporting Java.

I'd never had problems before - but I'd never uninstalled it before.

@taffy078 also removed u.19 from add/remove, and gave the following reply when I asked if PSI was reporting u.20; towards the end of this thread:

http://secunia.com/community/forum/thread/show/399...

Quote:
To answer your questions:
1. All my Javas (u.20) are enabled. Thanks.
2. 'Patched' only shows Sun Java JRE 1.6.x/ 6.x.
3. 'Secure Browsing' shows this under both IE8 and Firefox.
4. File size in 'A/R' is 90.61 MB.
Unquote.


This implies that PSI is not reporting Java console in Ff., although I need to confirm this with them.

One of my concerns is the varying file size(s), from u.19 (97.23MB) to U.20 (90.61)MB, and now u.20 (97.23mB - as it was re-updated from u.19). The "normal" seems to be 94.53MB.

I'm afraid I couldn't tell if was working as it should - but it is installed where it should be (as far as I can tell).
@Maurice Joyce maintains that it (Java) isn't really necessary, and doesn't have it installed; so I don't know how you tell if it's working or not.

Will try OSI scan and report back if anything changes.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 19th Apr, 2010 18:03
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi TiMow ,

The reason to run OSI is that it needs Java to run and is a way of telling if Java is working ; it will also "double check" PSI - if it runs .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Maurice Joyce RE: PSI fails to report Java after u.20
Handling Contributor 19th Apr, 2010 18:16
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@Timow
I have copied this from a post I did for @Nikilet.
The file size is 94.54MB.
I got version 19 from Filehippo not the Java site.
++++++++++++++++++++++++++++++++++++++++++++++++++

@Nikilet
As previously stated, I do not have Java installed on my PC's.

To clear up matters what I have done on my test PC is as follows:

1. Installed Java (TM) 6 Update 19.

2. Did a full scan using PSI. This resulted in PSI showing this version as insecure in both the INSECURE TAB & the BROWSING TAB.

3. I updated to Java (TM) 6 Update 20 using this link:
http://www.java.com/en/

4 Completed another full scan with PSI. It is now showing that ALL aspects of Java are secure.

The tests were carried out using Windows XP SP3 32 Bit with only IE8 installed.

Hope this helps.

--
Maurice
++++++++++++++++++++++++++++++++++++++++++++++++++ ++

What do U require Java for? Once U know that U decide whether to install it - Windows works without Java.

U also keep mentioning a Console for Mozilla. Have U installed one from the Mozilla site? If so what is the URL.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
TiMow RE: PSI fails to report Java after u.20
Dedicated Contributor 19th Apr, 2010 18:27
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 19th Apr, 2010 18:44
Evening Anthony

Your reply beat mine, while I was waiting for the scans to finish.

To Morten, also.

Ran OSI which finds and reports both of the Java's normally found in patched:

1) "Sun Java JRE 1.6.x / 6.x 6.0.200.2

Sun Java JRE 1.6.x / 6.x is up-to-date. The detected version installed on your system is 6.0.200.2, which either corresponds to or is newer than the latest secure version released by the vendor.

Installed on Your System in:
C:\Program Files\Java\jre6\bin\java.exe"

2) "Sun Java JRE 1.6.x / 6.x 6.0.200.2

Sun Java JRE 1.6.x / 6.x is up-to-date. The detected version installed on your system is 6.0.200.2, which either corresponds to or is newer than the latest secure version released by the vendor.

Installed on Your System in:
C:\WINDOWS\system32\java.exe"

Then re-ran PSI - still nothing relating to Java being found.

OSI did not pick up on Java console for Ff. - but that's probably not in it's brief.

@A.W. - I'm not sure what you mean by the following .... "it will also "double check" PSI - if it runs." - there is no mention of PSI on the OSI results.

@ M.H. - is it normal that the OSI scan takes longer than the PSI scan, which is about 8 mins for me?

Regards

TiMow

EDIT: @Maurice Joyce - our posts crossed. Thanks Maurice - I picked up on this over the w/e - it was one of the different options (links) that I tried - but to no avail regarding PSI. Java console is included with the normal Java download/update when Ff. is installed - it's all done automatically without any user intervention/input. I really don't know (or fully understand) the need for Java - other than consensus appears to suggest that it enhances our www experience. I appreciate what you say (I have referred to this in my initial post above) - but the point is, that it is installed and appears to work as it should; but PSI is now not finding/reporting it, as it did before removal of u.19 and installation of u.20, but OSI is. Not such a big deal, leaves me a bit more vulnerable when insecurities occur, but I check this forum and have increased the frequency of auto update search.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 19th Apr, 2010 18:49
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi again TiMow ,

"it" refers to OSI , if Java is working then "it" should/will run or tell you "it" cannot find an applet . If it runs , will "it" or won't "it" see your Java installation ?? ; ie : "it" is "double checking" or "giving a second opinion" concerning the PSI results . "It" normally does not do browser "add-ons" as such .

Hope that is a bit clearer than my cryptic version ;)

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
gjjean RE: PSI fails to report Java after u.20
Contributor 19th Apr, 2010 19:06
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
Hi All

A simple solution for java that i'm using always if PSI find a vulnerability :

Before attampting to click the download solution from inside PSI i go to java site an tick the sticker " DO I HAVE JAVA " and that give informations about
java version on my computer.
I use revo uninstaller to get rid of the program if the site is delivering a new version.
I revisit the java site downloading and installing the new recommanded version.
At the end PSI is 100% secure and shows me java in patched.

Hope this help

--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 19th Apr, 2010 19:11
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 19th Apr, 2010 19:12
Me again ,

OSI has an email advisory "service" which advises major software updates - sometimes before PSI - such as for Java .

Have you cleared out all the old Java files with Javara recently ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 20th Apr, 2010 11:46
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Apr, 2010 11:48
Hello Timow ,

If you have not solved your problem , an uninstall/reinstall of PSI may "reset" your scan/scanner .

take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
TiMow RE: PSI fails to report Java after u.20
Dedicated Contributor 20th Apr, 2010 13:12
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Anthony

Sorry haven't responded 'til now - got a few things on at the moment; and when I do find time, my routers playing up again, and my connection keeps dropping out.

Anyway, I had considered your point re. re-installing PSI, but have one more thing to try first. Also would like to be able to re-install 1.5.0.0., due to some of the problems others had had with the latest.; I need to check this.

Maurice's post above to @Nikilet pointed to installing u.19 (which I tried - but only with my possibly dodgy one) and updating from there - I was only able to find u.18 as latest on Java archive, but now he wrote he downloaded from filehippo - so I'll give that a go next.

Not familiar with Javara, but if needed will check that out too. After uninstalling Java from add/remove, I did a search in windows explore and there were still about 40ish references to Java, mainly relating to other progs/apps.

Don't want to mess around too much though as other things keep getting thrown up - on the above search, 2x apps relating to 6.0.u.16 came up which I need to check.

Also the OSI scan found 2x issues that I need to get clarification on, but will start a new thread for that.

I'd already subscribed to the normal Secunia advisory, but stopped that as I was receiving too much that wasn't relevant to me; so I won't sign up for the OSI one - early warning may not always be an advantage. This current issue could stem from updating u.19 too early, before Easter, when Secunia gave out the wrong link, which necessitated the uninstall.

It's a bit of a conflict/balance between "knowledge is power" and "ignorance is bliss".

Got "stuff" on this p.m., so not sure when I'll be able to sort this, but thanks for the advice.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 20th Apr, 2010 13:33
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Apr, 2010 15:44
TiMow ,

Gotta go myself , but if PSI is the only thing that can't find your Java - whish OSI has proven is working - that should tell you something . Secunia were busy updating things at the end of last week when your problem arose ; believe me , reinstalling has solved a few problems since the weekend .

V1.5.0.1 is perfectly good .

JavaRa will clean out/up Java for you far better/quicker than you can .

The OSI email is different , it is about general rule updates for major software and not Advisories .

Take care
Anthony

EDIT : see Morten Hansen's recent post near the end of this thread :-

http://secunia.com/community/forum/thread/show/403...

Also ; re U 19 , I would forget it , if I were you , it is leading you round in circles , in my (unasked for :() opinoin .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+7
-0
barbareska RE: PSI fails to report Java after u.20
Member 21st Apr, 2010 19:40
Score: 2
Posts: 92
User Since: 27th Jan 2010
System Score: 100%
Location: AT
hi anthony,
I made am mistake and stopped getting the weekly reminder to update secunia, what shall I do now ?
thanks, barbareska

--
barbareska
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI fails to report Java after u.20
Expert Contributor 21st Apr, 2010 20:08
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi barbareska ,

Saw your "other" thread , so I have answered the question there - otherwise we might make TiMow more confused than ever , if we start chatting here :)))

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: PSI fails to report Java after u.20
Dedicated Contributor 22nd Apr, 2010 14:05
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Anthony

Just got round to sorting this out.

u.19 was a red herring - download from filehippo was the same as the one I already had - so it wasn't a problem in the first place, and didn't need to be uninstalled.

Let it update to u.20 - all OK, but file size still 97.23 MB, and not found by PSI.

Now you've drawn my attention to Secunia updating PSI on Fri. - the day I updated Java - it's obviously clear to un-/re-install PSI - which I've now done and everything is tickety-boo - java showing where it should.

New scan even picked up new Chrome update - despite Chrome telling me I was up to date with 1045.

Anyway, thanks for the nod re. PSI - pity I didn't pick it up earlier - it would have saved a lot of wasted time and messing about.

Will put this one to bed, now.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer