Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Vulnerable Scanner vs. Update Scanner

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
OLLI_S Vulnerable Scanner vs. Update Scanner
Member 21st May, 2010 22:06
Ranking: 1
Posts: 7
User Since: 12th Apr, 2008
System Score: N/A
Location: DE
Last edited on 21st May, 2010 22:06

Hello,

I worked in the past for some update scanners (4 bigger projects).
Their purpose is to check if there are updates available for your installed software.
So they also inform me if there is an update that has no security issues.

The PSI is the ONLY application that scans my WHOLE computer.
So PSI also finds applications that do not need an installation.
PERFECT.

But in PSI also old versions of an application are listed in the tab "Patched", although the applications are out of date.
I have for example the tool xp-AntiSpy.
This tool you just download and extract, it is a simple EXE.
I have this tool twice, in two different directories.
The version numbers that I have are 3.9.7.2 and 3.9.5.0.
The actual version is 3.9.7.9.

So both versions on my PC are out of date.
But they are shown in the tab "patched".

So I suggest you also use the PSI an an update scanner.
Please tell the users also if an application is out of date.

Greetings

OLLI

Maurice Joyce RE: Vulnerable Scanner vs. Update Scanner
Handling Contributor 21st May, 2010 22:14
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@Olli
PSI does not do that by design. It is a vulnerability checker.

It does not report on updates for bug fixes,cosmetic enhancements or Beta versions of programmes.

Details here:
http://secunia.com/products/consumer/PSI/faq/#q6

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0
OLLI_S RE: Vulnerable Scanner vs. Update Scanner
Member 22nd May, 2010 09:53
Score: 1
Posts: 7
User Since: 12th Apr 2008
System Score: N/A
Location: DE
Hello,

this is very frustrating.

There are so many update scanners, that try to report updates to my installed software.
I have 4 of them installed and every scanner detects different patches and updates.
Some scanners detect the installed version correct, some have problems detecting the correct version of the installed applications.
Some report an update for an application while others do not report an update for the same application.

The advantage of PSI is, that the whole HDD is scanned.
So PSI also detects applications like "Open Office Portable".

If the developers would also report normal patches (with unknown Threat Rating) then I would have one application instead of 5 applications.

Please, dear Secunia Staff, consider this idea and please report also "normal" patches.
I have no problem supporting you by suggesting all applications that are not detected (that are missing).

I started an Excel file that compares my update managers (a list of installed applications and an overview how the applications are detected by the various update scanners).
If you need this file, please contact me (by email).
The email should be stored in my profile.

Greetings

OLLI
Was this reply relevant?
+1
-0
Anthony Wells RE: Vulnerable Scanner vs. Update Scanner
Expert Contributor 22nd May, 2010 12:10
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello OLLi ,

If it were easy to do and cost (next to) nothing or had significant commercial value , I'm sure Secunia would do what you ask .

Their revenue is derived from their main business of "selling/providing" security data to commercial customers and that appears to leave little room for the complexities of keeping up with say , Google Chrome Dev channel browser versions .

This question has been discussed many times before ; here for example :-

http://secunia.com/community/forum/thread/show/315...

Let's see what version 2.x brings us , first .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
OLLI_S RE: Vulnerable Scanner vs. Update Scanner
Member 22nd May, 2010 13:06
Score: 1
Posts: 7
User Since: 12th Apr 2008
System Score: N/A
Location: DE
Hello,

is there some information (or maybe a beta) of version 2.x?

Greetings

OLLI
Was this reply relevant?
+0
-0
Maurice Joyce RE: Vulnerable Scanner vs. Update Scanner
Handling Contributor 22nd May, 2010 13:20
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This gives the backdrop to V2 for Home Users.

http://secunia.com/blog/80/

Somewhere on the Forum a Secunia Official answered a query & were hoping for the Beta to be ready on or about 15th May.

They normally annouce such releases onto the Forum.








--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
OLLI_S RE: Vulnerable Scanner vs. Update Scanner
Member 26th May, 2010 20:31
Score: 1
Posts: 7
User Since: 12th Apr 2008
System Score: N/A
Location: DE
Hello,

a question to the developers of PSI: will the PSI in version 2.0 also work as an Update Scanner (Update Scanner 6+Vulnerable Scanner) or just as an Vulnerable Scanner (like now in version 1.x).

Thank you for your answer.

Greetings

OLLI
Was this reply relevant?
+0
-0
E.Jeppesen RE: Vulnerable Scanner vs. Update Scanner
Secunia Official 27th May, 2010 13:21
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Hi OLLI
Thank you very much for your suggestion regarding the PSI, we always welcome new suggestions for improvements.

As you have mentioned there are already several "update programs" available, but there are very few free and easy-to-use vulnerability scanners for home users. The Secunia PSI is just that kind of program and we do not currently have any plans of changing that. The Secunia PSI 2.x will also be a vulnerability scanner, not just an "update program", and with new features that will make it even easier to stay patched and secure.
michaelsalis RE: Vulnerable Scanner vs. Update Scanner
Member 27th May, 2010 18:07
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
Last edited on 27th May, 2010 18:28
hi

Surely you are describing two different subjects.

PSI will find programs on your computer that Secunia holds information on that is a danger to your computer, surely this is a good thing to know, they are always open to suggestions of new programs or other programs they have not yet included in their database.

In addition over they years there have been millions of programs both paid for and free and it would be an almost impossible task to include them in one datebase especially when the service is provided to us free of charge, I appreciate there is a paid for service for commercial use, however, I suggest the people using the paid for version from Secunia use a different range of software to that of an individual like ourselves although, there is obviously some sort of crossover.

As you mention there are many programs which offer to advise on software updates CNET and FileHippo come to mind. These are also limited to the programs they have on their databases and each company will decide which to include.

Surely it is better to have this information available from whichever source than not having it at all and as mentioned above it is unrealistic to expect any one source to hold information on each and every piece of software ever developed.

It is the responsibility of each and every one of us to keep our own computers upto date and safe from attacks and I find it very helpful to have programs such as already mentioned including PSI to assist in this task.



--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+2
-0
Maurice Joyce RE: Vulnerable Scanner vs. Update Scanner
Handling Contributor 28th May, 2010 01:41
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 28th May, 2010 01:48
@OLLI S

There is an alternative for U (and anyone else for that matter) to unclog your PC from various general "freebie" updater programmes.

Once set up, U can be notified by email each time the vendor of any programmes U have installed creates an update for whatever reason.

The advantages are:
1. U can uninstall all your updater programmes.*****
2. Save time searching for updates.
3. Be absolutely certain that the update actually belongs to the vendor in that the information presented by email notification is from the vendor webpage.
4.U can safely assume that programmes U wish to monitor are up to date unless notified.


The very slight disadvantage is there are occasions when the vendor adjusts the wording of the monitor webpage rather than the update link which will still trigger an email.

Set up for this free service is easy. As an example, this is how to set up to be notified that Secunia have updated PSI.

1. Go to: http://www.changedetection.com/
2. Sign Up (top right of page) & create a log in.
3. Find the PSI download page which is here:
http://secunia.com/vulnerability_scanning/personal...
Anything on this page that is updated by Secunia will trigger an email notification to U.The important bit is to ensure the page selected has got an actual download link
4. Close the web page.
5. Reopen the webpage http://www.changedetection.com/ & log in with your new ID to check it works.
6. There are now only 2 boxes to fill in to start monitoring PSI.
a. In the box marked Page Address insert http://secunia.com/vulnerability_scanning/personal...

b. In the Send Alert To box put the email address where the notification should be sent.

Once U have carried out this one time action for every programme U have installed U can sit back waiting for the vendor to notify U of changes.

The combination of this method,Microsoft Update & PSI (In the Advanced Mode) ensures U are kept fully up to date on all necessary updates & security fixes with little effort & no updater programmes installed.

***** This includes uninstalling InstallShield if U know how. It can be a bit tricky so perhaps best to stop the background service(s) from running via MS CONFIG or any start up programme U may be using.

The Service to look for is ISUSPM & in some instances its sibling ISSCH.EXE - just disable them.

I hope U find this useful - I have used it for years & it has never failed me.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
taffy078 RE: Vulnerable Scanner vs. Update Scanner
Contributor 28th May, 2010 08:37
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thanks for the link to Change Detection, Maurice.

Just one thing, there is a link on their site to "whitelisting". (This is to ensure that emails from them aren't blocked.)

If you need to use that link, please be aware that it has just failed twice for me.

I've emailed them about it.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Vulnerable Scanner vs. Update Scanner
Handling Contributor 28th May, 2010 08:48
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
All that means is the first email may arrive in the Spam/junk email folder. Once U alter the mail filter it will work anyway.

Mine works OK via secure mail.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
taffy078 RE: Vulnerable Scanner vs. Update Scanner
Contributor 28th May, 2010 09:09
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 28th May, 2010 09:11
I've already added it to my safe list in Live Mail, Very easy to do, as you know.

But there may be members who don't know how to do that and so need to follow the Whitelisting link on the Change Detection site. It may be fixed by the time they try it, of course.

But what a brilliant idea Change Detection is!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability