Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Patched and Secure Browsing Tab anomalies.

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
ottchris-primary Patched and Secure Browsing Tab anomalies.
Member 18th Jun, 2010 15:06
Ranking: 5
Posts: 25
User Since: 19th Apr, 2008
System Score: 100%
Location: UK
Best explanation is to use a current example. Under Secure Browsing tab for the the Apple Safari 5x browser, the Apple Safari 5.x component is listed as Insecure, no solution Category 2 threat. In the patched column there is no indication that Safari 5.x although patched is still insecure. This discrepancy is further reinforced by the ambiguously titled "Patched threat" column for which one logical interpretation would be the threat status after patching, not what it currently refers to which is the threat status if it had not been patched. Of what use is the latter information to a confirmed user of PSI? Surely, it's more important to know what apps are insecure but for which no patch is currently available, i.e. 'Insecure, no patch'. To be honest, I never take to much notice of Secure Browsing tab because there's nearly always one or more 'Insecure, no solution' entries for all the browsers, for example Adobe Reader 9 which currently makes all my six browsers insecure. It happens to be another example of the anomaly as it is listed as a Category 5 threat under Secure Browsing and a Category 4 threat in the Patched Threat column under the Patched tab. I recommend that the Patched Threat column be changed to reflect the current threat level; I would even go so far as to suggest that column be replaced by the more useful Status and Rating columns that appear under Secure Browsing.

--
OS: Windows XP Pro SP3

This user no longer exists RE: Patched and Secure Browsing Tab anomalies.
Member 18th Jun, 2010 15:14
Hi,

The PSI is home user software, and as such, aims towards being useful to end users. Therefore, vulnerabilities with no solution aren't usually shown in the PSI (That is, a program will remain "patched" until there is an update for the product).

The Secure Browsing tab is an exception. Since Browsers frequently are exposed to the internet (as one of the only applications on a typical end-user workstation) they're at special risk. The Secure Browsing tab, therefore, informs you even of vulnerabilities you can do nothing about. This is to help you access which browsers you feel secure using.

Hope this helps.
Was this reply relevant?
+0
-0
ottchris-primary RE: Patched and Secure Browsing Tab anomalies.
Member 18th Jun, 2010 15:49
Score: 5
Posts: 25
User Since: 19th Apr 2008
System Score: 100%
Location: UK
on 18th Jun, 2010 15:14, wrote:
Hi,

The PSI is home user software, and as such, aims towards being useful to end users. Therefore, vulnerabilities with no solution aren't usually shown in the PSI (That is, a program will remain "patched" until there is an update for the product).

The Secure Browsing tab is an exception. Since Browsers frequently are exposed to the internet (as one of the only applications on a typical end-user workstation) they're at special risk. The Secure Browsing tab, therefore, informs you even of vulnerabilities you can do nothing about. This is to help you access which browsers you feel secure using.

Hope this helps.


Well, I was prompted to write the above having come across a new end user who was concerned about all the threats in the Patched Threat column having not unreasonably interpreted it as existing threats (yes I know the "?" help explains the column). So if you are tailoring PSI for 'entry level' users you would do better to drop the Patched Threat Column entirely.

That being said, home users are not all what you define as "typical end-user workstations", indeed I had assumed that the Simple Interface Mode was tailored for those users. And anyway, Apple Safari 5.x is listed under the Patched tab for which the heading is "Programs listed here do not require further attention from you" yet under Secure Browsing the advice is "Until a solution is available from the vendor, your best options are to: Uninstall, disable, or apply a workaround for this security threat."

Whichever way you look it, either from an entry level 'home' user, or the more experienced 'home' user, these contradictions need correcting.


--
OS: Windows XP Pro SP3
Was this reply relevant?
+0
-0
Anthony Wells RE: Patched and Secure Browsing Tab anomalies.
Expert Contributor 18th Jun, 2010 16:31
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 18th Jun, 2010 16:35
Hello E.P and O-P ,

The first time I saw the "patched thread" column in the "patched" tab it confused me (I know , not difficult :)) and I emailed support at the time . As O-P says , it still confuses "newcomers" and it still reads badly for me ; every time I see it .

I thought "secure browsing" was equally "bizarre" first time I saw it , but I am now convinced it is an essential and should be checked/looked at every time PSI is opened ; especially by newbies and those becoming blasť !!

How else (using the current display within PSI)would you know Adobe Reader had a vulnerability and that checking the SA provides a workaround ??

O-P , there is a workaround for Adobe Reader and should be applied now ; or simply do not open PDF files containing Flash images with it . Plenty of details here :-

http://secunia.com/community/forum/thread/show/443...

Of course , AR will still show in "secure browsing" as insecure as this is a workaround , not (yet) the patch .

Anomalies abound , fortunately :)

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-1

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability