navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: older versions installed by mistake

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI 2.0 Beta

This thread has been marked as resolved.
taffy078 older versions installed by mistake
Contributor 10th Jun, 2010 22:13
Ranking: 408
Posts: 1,352
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
I 've just ran a scan of my desktop (XP).

It picked up two End-of-life programs: Sun Java JRE 1.5.x / 5.x (v5.0.70.3) in C:\WINDOWS\system32\java.exe and also in C:\Program Files\Java\jre1.5.0_07\bin\java.exe .

My ISP installed the older version today when they wanted to carry out a broadband speed test, and were 'in control' of my desktop. So I know how the older versions were installed. (I've since deleted them and a later scan is now showing 100% OK.)

The new Auto-Updates tab shows Sun Java JRE 1.6.x / 6.x 6.0.200.2. as a program that it updates for me

So:

(1) does the new Auto-updates facility only list programs installed when that list was made i.e. a snapshot at that time and

(2) if I later unknowingly/carelessly install an older version of one of those programs, will the Auto Update facility spot this? (and update it).

(Hoping this makes sense!)

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

Post "RE: older versions installed by mistake" has been selected as an answer.
taffy078 RE: older versions installed by mistake
Contributor 11th Jun, 2010 07:29
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
to expand a little, now that I've slept on it:

when you install a new program, Secunia shows an on-screen message noting the fact. It always in my experience describes the program/s as "patched".That's what it said about my Sun Java JRE v1.5 yesterday.

Personally, I always run a secunia scan after installing a new program and so if this 'new' program is EoL or insecure, it'll tell me straightaway.

But imagine a new member: installs Secunia and runs a scan, then resolves any problem or comes here for help.

That member might then install a 'new' program, one that is EoL or insecure. The Secunia message shows "installed/'patched'. The new 'Auto Updates' won't pick it up and so the new member will have an EoL or insecure program until he/she next scans again.

My suggestion: that the Secunia on-screen message says along the lines of "program XYZ installed - PLEASE SCAN A.S.A.P."

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
BLindow RE: older versions installed by mistake
Secunia Official 11th Jun, 2010 08:34
Score: 35
Posts: 35
User Since: 6th Nov 2009
System Score: N/A
Location: Copenhagen, DK
Hi Taffy078

thank you for your feedback

(1) The "Auto-Update" works like all the other tabs, it gets updated when there is a change; but remember this is only a technology preview, not all software are supported - it will only list software it's able to auto-update.

(2) Again the "Auto-Update" tab will only show software for which it knows how to auto-update and it wont auto-update a piece of software until you have checked the box in front of the software.


I'm not sure i get your last question correct; are you talking about the balloon tip, that pops up when the psi finds software changes?
I just installed java 1.5 on my windows XP system, looked at the balloon tip and it told me this:

Program changes detected
New programs:
- Sun Jave JRE 1.5.x / 5.x (End-of-Life)

taffy078 RE: older versions installed by mistake
Contributor 11th Jun, 2010 12:06
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
on 11th Jun, 2010 08:34, BLindow wrote:


I just installed java 1.5 on my windows XP system, looked at the balloon tip and it told me this:

Program changes detected
New programs:
- Sun Jave JRE 1.5.x / 5.x (End-of-Life)

I must have got it wrong! I'll keep an eye out then.

But it still leaves someone in the position that if they install an E0L/Insecure program, they have to notice the pop-up balloon.

It proves doesn't it that users should always run a secunia scan after installing software!

Thanks

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
BLindow RE: older versions installed by mistake
Secunia Official 11th Jun, 2010 12:51
Score: 35
Posts: 35
User Since: 6th Nov 2009
System Score: N/A
Location: Copenhagen, DK
You have to look at what the balloons tell you and what you can find in the different tabs - just as usually, now you just got the option for some program (already found by the psi) to let the PSI Auto-Update the software. You have the control over which software should be auto-updated.
Software will, as default, not auto-update.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+