navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Need plain talk about Secunia Glitch

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple iTunes 9.x

This thread has been marked as resolved.
Lwiener Need plain talk about Secunia Glitch
Member 21st Apr, 2010 09:50
Ranking: 3
Posts: 18
User Since: 10th Dec, 2008
System Score: N/A
Location: N/A
There has been a lot of talk--technical and otherwise--and a lot of not very helpful help that misses the point. A clear response is missing.

Fact: I have I-Tunes 9.1.0.79 installed and that is the only I-tunes.exe that shows up in a search or the supposed target directory. Itunes updater says my version is the latest.

Fact: I have 7.66 version of QuickTime installed which Apple says is the latest.

In both cases Seciunia says an earlier version is unstalled and refuses to give in no matter what is done or reinstalled.

This is not a problem that has ever arisen before. Many others are wrestling with it. Advice on how to find the targeted installation and various ways to download updates are beside the point.

Secunia is simply botching this and not admitting it, in my opinion.

Post "RE: Need plain talk about Secunia Glitch" has been selected as an answer.
mogs RE: Need plain talk about Secunia Glitch
Expert Contributor 21st Apr, 2010 10:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello. Don't know much 'bout the two progs you mention; but does Secunia give you a file path to the insecurities or End of Life apps. it is detecting ?
You say you already have the up to date versions installed.....but Secunia checks for vulnerabilities....even if they've been "thrown out" and are still in the Recycle Bin. Maybe they're old back-ups somewhere ?
It might help someone to help you, if you included some info 'bout your OS/browser; so on and so forth, by including some details in your signature box....it might save you repeating them each time you post. Fact....I get fed-up repeating myself. Regards

--
Was this reply relevant?
+0
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 10:11
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
No there are no old programs floating around; the recycle bin is clean the paths that Secunia direct me to show no problem. This is not in my opinion a specific problem of my configuration or programs but something deeper as evidenced by all the complaints.

And now it also occurs with Java--only one updated version installed that Secunia says is not secure.

The clarity of operation and purpose of Secunia is in my opinion now clouded.
And Itunes, QuickTime (and Java) are not as implied by one responder some programs not widely heard of!
Was this reply relevant?
+0
-0
mogs RE: Need plain talk about Secunia Glitch
Expert Contributor 21st Apr, 2010 10:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Try being more specific, and including the file paths which in someone else's opinion may be very relevant.
What version of Java are you updated to ? It's not six of one and half a dozen of the other.....you are definately cloudier !!

--
Was this reply relevant?
+0
-0
This user no longer exists RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 11:01
Hi,

Could you try suggesting the files iTunes.exe and QuickTimePlayer.exe? The PSI works by extracting version info from these file, and matching it to specific rules. Since it works for the majority of users (eg. the version info on the file people usually download is correct), there must be some deviation in the info of the file you have installed (or you wouldn't be shown as insecure).

If you suggest the file (By clicking "Software missing? Click here to suggest" at the bottom of the page, we can check what may/may not be "wrong" with the local versions, and correct our rules accordingly.

If you feel you need a more clear and direct answer, please let me know.

hope this helps.
Was this reply relevant?
+0
-0
Anthony Wells RE: Need plain talk about Secunia Glitch
Expert Contributor 21st Apr, 2010 11:04
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Apr, 2010 11:06
@Lwiener

There was work done by Secunia on their servers and PSI at the end of last week which may cause some scanners/scans to appear to run normally , but not to display updated programmes correctly . This may well be the cause of your Java problem .

An uninstall/reinstall of PSI has solved several problems ; it would be better to do this and so remove any doubts as to whether this is the cause of any/all of your problems .

Re I-Tunes and Quicktime there has/have been several threads with some solutions , perhaps not working for everyone . If PSI is showing something as "insecure" , then it has found something . What , where , how accurate/relevant depends ...

I am sure you have them as up to date versions ; why does PSI see something "lurking" ??

To find it then , if PSI has been re-installed , you need to post all the specific details that PSI is presenting to you - using "advanced" mode and expanding the programme page - including opening the folder location of the insecurity using the icon in the "toolbox" and seeing where this leads .

As mogs says , details of your OS , browsers , etc would not go amiss .

Let us know how yo get on with "all" the details , that way Secunia or a Forum member can try to help you .

Take care
Anthony

Edit : my post crossed with that from Emil , but may have some relevancy

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 16:34
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
You know the solution and cause may be tricky but the issue is crystal clear. Secunia points to a specific ITune and QucikTime (and Java) file as being outdated, but the properties of those specific files give a later file version than Secunia displays. And if you try the download a solution route the program site for the affected files--and the specified program itself--says there is nothing new to dowlnload--the versions you have are the latest. This is clearly a fundamental problem with Secunia itself. The only suggestion here that I hgave seen thst has any possible merit is to uniunstall and reinstall Secunia? TMany of the other suggestions and demansd for more info strike me as "is the PC plugged in" type of support response. And the amount of talk about this problem here belies the point that I am somehow unusual.
Was this reply relevant?
+0
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 16:58
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
For what it's worth:

C:\program files\quicktime\quicktimeplayer.exe
Program properties shows version 7.66.710, which Apple says is up to date.
Secunia shows 7.65.17.80 which is flags as out of date.

C:\program files\itunes\itunes.exe
Program properties shows version 9.1.0.79 which Apple says is up to date.
Secunia shows 9.03.15, which it flags as out of date.

Windows XP updated and patched as required by Microsoft.
Was this reply relevant?
+0
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 17:41
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
Solved??

Deleted PSA 1.5.0.0. and installed PSI 1.5.0.1

Now it recognizes correct versions of programs it scans.

Thanks to the one person who suggested uninstalling and reinstalling. Obviously there is something going on between these two versions of PSI. In the end a rather simple solution, if it holds, that did not need as much talk as it generated.
Was this reply relevant?
+3
-0
Anthony Wells RE: Need plain talk about Secunia Glitch
Expert Contributor 21st Apr, 2010 17:46
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Apr, 2010 17:52
@Lweiner ,

Thank you for your info .

Believe me I do not have time to waste asking for "irrelevant" info just to annoy people .

You don't say if you have been to the folder which PSI opens with the toolbox" open folder icon . What versions , etc do the .exe files show on mouse over ??

Have you reinstalled PSI ??

Do you still have a Java problem ??

Anthony

My post crossed with your last ones ; there is nothing going on between the PSI versions .

Secunia worked hard on servers and PSI at the end of last week and that left some people getting inaccurate results from their scans . Many of those people have resolved their problem with a reinstall of PSI - the version is irrelevant , as such .

Glad to hear that you are sorted :)

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 21st Apr, 2010 18:16
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
I appreciate the help and now hope for the best. It is too bad the simple reinstall route was not more prominently offered in my and the other threads, rather than needless complex trouble shooting.

But I am done being cranky. PSI is a very good tool for which I would gladly contribute a donation/fee if Secunia were ever to ask.
Was this reply relevant?
+0
-0
mogs RE: Need plain talk about Secunia Glitch
Expert Contributor 21st Apr, 2010 20:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
"No there are no old programs floating around "......quote...and not very old !!
I see you havn't included any information, as per my suggestion, for future reference....how can I be sure you are not "deaf"? The onus is on you to keep your programs up to date....it may generate fewer arguements ? Regards

--
Was this reply relevant?
+0
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 22nd Apr, 2010 09:53
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
Last edited on 22nd Apr, 2010 10:01
According to Secunia the very minor update of PSI should not affect whether my problem is solved or not or how it was created. It appears to be more related to server work they did rather than an update in the program. And I gather any reinstall would have worked, not just because of the slight update. So I object to your hint that I do not keep my programs up to date. I do very much do so and I beg to differ with you on info to be provided as a knee-jerk default. The issue involved here was with PSI's recognition of a programs's proper version. Yes I realize that many things can interact but blindly demanding that I provide all sorts of information about my specific hardware or other very likely unrelated issues when it is not clear they matter seem seems a bit much. And I very clearly stated that I had opened the folder in which the wrongly recognized program was found, had confirmed the version ID problem and did other trouble-shooting on my own. And as this issue was finally resolved the extra data you seem to so much want was not an issue in the resolution; I would have gladly provided it if asked by a tech or if Secunia's own troubleshooting thought it might be useful in a broader sense. But I think you are going overboard on this point. I willingly provide information when it is relevant. Too often tech help from well-meaning helpers ends up getting more involved in side issues and detours when the main issue is missed or misuderstood.
Was this reply relevant?
+0
-0
mogs RE: Need plain talk about Secunia Glitch
Expert Contributor 22nd Apr, 2010 10:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
There we are then......for all the words you've written.....no eye for an eye....friendship with a stale mate ? My signature isn't under attack ?!

--
Was this reply relevant?
+0
-0
This user no longer exists RE: Need plain talk about Secunia Glitch
Member 22nd Apr, 2010 10:35
on 22nd Apr, 2010 09:53, Lwiener wrote:
According to Secunia the very minor update of PSI should not affect whether my problem is solved or not or how it was created. It appears to be more related to server work they did rather than an update in the program.


Hi,

Quick note, this is entirely correct. As you can see from our changelog:
http://secunia.com/vulnerability_scanning/personal...
Only new languages were added. The interface and rules are loaded over the network, and having a "dated" version doesn't affect you unless the changelog for the version in question includes bugfixes.
Was this reply relevant?
+0
-0
Lwiener RE: Need plain talk about Secunia Glitch
Member 22nd Apr, 2010 10:49
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
Thank you.I am now satisfied. And I really do feel that I should pay for this program and service.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+