Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Suggestion for Insecure tab, when Auto-Updates is downloading a file

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI 2.0 Beta

This thread has been marked as resolved.
thedillpickl Suggestion for Insecure tab, when Auto-Updates is downloading a file
Contributor 25th Jul, 2010 01:06
Ranking: 376
Posts: 872
User Since: 3rd May, 2009
System Score: 100%
Location: US
Last edited on 25th Jul, 2010 01:07

I did a manual scan in PSI TP today and the box came up letting me know I had one insecure program. I clicked to view the insecure program. PSI took me to the "Insecure" tab which showed Mozilla Firefox 3.6.6 as the insecure version detected. This is all quite normal and as expected.

Noticing activity on my modem, I looked in the "Auto-Updates" tab. I had already 'ticked' the box to auto-update Firefox. Under the "State" column, PSI reported that it was "Downloading file". Working great so far!

> My suggestion would be to add a notice in the "Insecure" tab, next to the program, about PSI downloading the file, as in the "Auto-Updates" tab. The "Insecure" tab is where PSI takes you to first, after a scan*. I believe this would cut down on confusion, as my first inclination was to click on the download link and start the update.

Note: *Of course, after a scan, you could be directed to the "End-of-Life" or "Patched" tabs, neither would cause an auto-update to happen.


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis

Post "RE: Suggestion for Insecure tab, when Auto-Updates is downloading a file" has been selected as an answer.
Anthony Wells RE: Suggestion for Insecure tab, when Auto-Updates is downloading a file
Expert Contributor 25th Jul, 2010 12:27
Score: 2445
Posts: 3,333
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Jul, 2010 12:47
Fred ,

If you have the/a programme "auto update tab" [] ticked , then it will run at the first possible opportunity :ie: normally the first time the selected programme is not in use . If the [] is not ticked , the "relevant" programme moves to the top of the list in the "a-u" tab but does not run .

After an "auto" auto-update has finished , the order is reset and the [] is re-ticked by default , thus retaining your original choice ; same re-tick after a manual "a-u" as you made the choice ..

You really should know which programmes you have selected in "auto update" if you are willing to let some else take all the download responsibility . Whether clicking the "solution" button would do any harm I could not say , but one should take responsibility for one's actions . Perhaps Secunia could add an indicator in the "insecure" tab that the programme was pre-set to download/install in Auto-update , but would you see it before you clicked "solution" ?? Do too many flashing lights and bells cause more confusion .

In the case of Firefox , I would think twice about choosing auto update at the moment anyway , if you have any special configuration in place :-

http://secunia.com/community/forum/thread/show/482...

FWIW , in fact and reality , I never use either the "solution" or "auto update" automatic [] ticked choice for any programme and in the case of Ff , I only use the internal updater from the "tools" menu which checks add-ons , etc .

Take care
Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
thedillpickl RE: Suggestion for Insecure tab, when Auto-Updates is downloading a file
Contributor 26th Jul, 2010 06:27
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Ant;

Admittedly, I run PSI in a different way than most users. Since (as you know) I'm on a dial-up ISP, the PSI doesn't load on boot (my choice). I make an effort to do a manual scan weekly during other maintenance. If a 'fast' connection was available, I would still opt to do most stuff manually. This is merely personal preference. PSI is one program that I would run at boot and let take care of itself. It has proven to be most reliable.

I loaded PSI, it connected and I started a scan. This is possibly the only way the above situation would occur. My point is, I can't be the only one that runs PSI this way.

I have all the boxes 'ticked' simply to see what happens (see below). I watch for certain events on my machines (easy to do when I initiate programs myself). The few auto updates PSI has done were 'good' and the listing of them in "Auto-Updates" made it easy to follow what was done.

I normally would update a program such as FF or Chrome via their internal update. Sometimes I click on things, like the "Solution" button, just to see what happens. Some would say that "curiosity killed the cat", I prefer to think that "if I don't look, I'll never know". Yes, this has backfired in the past. :)

Clicking the "Solution" button and starting a download while PSI was doing an auto update would most likely cause two downloads of the same thing. I doubt there would be a conflict. As you, I'm not sure.

I agree, flashing lights and bells & whistles are not a plus. On the other hand, something as I've suggested would only be visible when the program was auto updating. This is already available in the "Auto-Updates" tab to let the user know what's going on.

I understand there is an issue with FF auto updates. I don't normally use FF, it's on my machine for test purposes.

Thank you for explaining the auto update file moving. I haven't caught auto updates in action until this instance. Usually, I'll make sure PSI loads, start the scan and leave. I will have to 'untick' my boxes to see this.


Thanks;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+3
-0
This user no longer exists RE: Suggestion for Insecure tab, when Auto-Updates is downloading a file
Member 26th Jul, 2010 09:10
Hi,

I've forwarded your suggestion to our developers. They will evaluate your suggestion for a later version.

Thank you for caring about the quality of the PSI.
Was this reply relevant?
+0
-0
thedillpickl RE: Suggestion for Insecure tab, when Auto-Updates is downloading a file
Contributor 26th Jul, 2010 18:04
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Emil;

Thank you & Secunia for caring about our concerns and wants.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer