Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: No Security Without Updating

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

See the original Secunia blog entry:
No Security Without Updating

Secunia No Security Without Updating
Secunia Official 12th Jul, 2010 12:07
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
As an organisation you may build strong perimeters, educate users, enforce effective policies, deploy signature based security software, harden your systems, and do any other trick in the book, however, one single vulnerability in a common piece of software may prove all your efforts futile!

taffy078 RE: No Security Without Updating
Contributor 12th Jul, 2010 12:07
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 12th Jul, 2010 12:07
excellent reminder, easy to understand, and one which applies to home PC-users too.
I bought my first PC in Jan 1999 - it came with the 1999 version of a well-known Firewall/AV program.
But the retailers didn't mention that I had to update it, nor that the (OEM) software had probably been installed in July 1998.

So it came as no surprise to them when I had to return it a month later to be 'cleaned'.

So many of my friends foolishly don't update their software. Unbelievable.
And from reading this article it's clear that many businesses don't update!


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+6
-0

fishdrum5467

RE: No Security Without Updating
[+]
This reply has been minimised due to a negative Relevancy Score.

fishdrum5467

RE: No Security Without Updating
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: No Security Without Updating
Handling Contributor 15th Jul, 2010 17:28
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 15th Jul, 2010 17:35
Are U using PSI in the advanced mode?

Edit: On second thoughts U may benefit from this. Once U get into the swing of it things are fairly easy to fix.

SETTING UP PSI IN THE ADVANCED MODE
+++++++++++++++++++++++++++++++++++
Are U using the latest version of PSI that has the added feature of automatic updates for some programmes? If not,and U would like to try it the download link is here:
http://secunia.com/PSISetupAUTP.exe

Whatever version U currently use try this:

1. Open PSI by clicking the System tray icon or right click the icon & select Reload Interface.

2.Select the OVERVIEW tab.

3. In the top right corner U will see INTERFACE MODE - SIMPLE/ADVANCED. To be in the advanced mode the word SIMPLE should be blue and advanced black.

4. If advanced is blue click it. A message about advanced users may appear - ignore it - using the advanced mode is easy.

SETTING UP PSI FOR MAXIMUM ASSISTANCE
+++++++++++++++++++++++++++++++++++++

1. Click on the SETTINGS tab.

2. The top box should be empty & the two remaining boxes ticked.

3. Right at the bottom is a facility to create Global Ignore Rules. By default PSI scans & publishes the results on all the hard drives of a PC. OEM partition (reinstallation) drives (normally drive D),second internal or external drives SOLELY used to backup your work & C:\Windows\i386 which can be ignored as they have no exposure. To save confusion in the future (by way of "false positives") U may consider it a good idea to create some Global rules now.

4. A separate Ignore Rule is required for each drive which can be set up as follows:

a.Click on CREATE IGNORE RULE

b.In the RULE NAME BOX insert something like MY BACKUP DRIVE (MY PARTITION DRIVE)

c.In the RULE BOX type D:\(or the drive letter U wish to ignore) - For folder i386 use C:\Windows\i386.

d.Click SAVE IGNORE RULE>CLOSE

All drives will continue to be scanned by default but the result from the ignored list will not be published.

This thread has an article by @Anthony Wells that may also be of help in understanding the advanced mode:

http://secunia.com/community/forum/thread/show/375...

It does not contain details of the auto update feature but that is very simple to use. There is a list of programmes under AUTO UPDATES - just tick (check mark) any U want PSI to auto update for U.

If a new Forum Member U might find these interesting reading as well:

http://secunia.com/vulnerability_scanning/personal...

http://secunia.com/vulnerability_scanning/personal...

Version 6 23:45 11/07/2010

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+7
-0
boblgoogl RE: No Security Without Updating
Member 23rd Jul, 2010 13:10
Score: 3
Posts: 1
User Since: 23rd Jul 2010
System Score: N/A
Location: BO
Truth hurts. Secunia helps. Some security software vendors actively promote software "radio buttons" implying updates without specifying they're actually merely selling upGRADES and sales of more advanced or simply higher cost software. Caveat Emptor indeed.
Was this reply relevant?
+3
-0
UnclejackDC RE: No Security Without Updating
Member 14th Aug, 2010 18:12
Score: 0
Posts: 2
User Since: 27th Jul 2010
System Score: N/A
Location: US
Last edited on 14th Aug, 2010 18:12
The interesting side-effect of this is that one can quickly get tired of updating programs that are only of peripheral benefit, or even less.

Do we WANT or NEED {program-x} badly enough that we will be willing to spend a half-hour a week updating it for security purposes, or (worse) living with known vulnerabilities?

Rather than the familiar 1990s slogan, "The one who dies with the most installed software wins," we may be moving to a value judgment that clean-and-lean is the cost-effective approach.
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer