Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: false reports of 'threats'

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

This thread has been marked as locked.
dvorah false reports of 'threats'
Member 26th Jul, 2010 17:30
Ranking: 0
Posts: 3
User Since: 26th Jul, 2010
System Score: N/A
Location: US
I keep getting reports from secunia saying various programs need updating, like sun java, acrobat air, etc. And when I apply secunia's fix, I get message saying that this update is already installed. I don't know how to get secunia to register the downloads, or how to clear this list. Right now, all I can do is ignore secunia's warning..and it's a shame, but this program is inoperative for my computer.

Anthony Wells RE: false reports of 'threats'
Expert Contributor 26th Jul, 2010 18:03
Score: 2366
Posts: 3,279
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 26th Jul, 2010 18:04
Hallo again @dvorah ,

You need to use the PSI in the "advanced" mode , don't worry it is quite straightforward :))

In order to help you further , as a new poster to the Forum , here are some tips on using PSI in "advanced" mode (the link to advanced" is at the top right corner of the PSI page) :-

Click on each/all the tabs and there is plenty of written advice about what each tab contains .

If a "problem" shows in the "insecure" or "end of life" tabs , then to help resolve any problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

You need to tell us (minimum) the "installation path" data for each programme that is giving you a problem and we can deal with them one at a time .

Which version of the PSI are you using ?? Also which OS and which browsers are you using ??

No rush , plenty of helpers around :))

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
This user no longer exists RE: false reports of 'threats'
Member 27th Jul, 2010 08:38
Hi,

Have you tried running a full scan after installing the patches? The PSI might not necessarily pick up on the patch right after installation, though it tries if you have program monitoring enabled.

Please also post the paths to the insecure entries. Frequently, updaters Java and other products leave old versions of themself behind, so even though you've already installed a patch, the old version will still be lying around to be detected by the PSI.

hope this helps.
Was this reply relevant?
+0
-0
pherb RE: false reports of 'threats'
Member 28th Jul, 2010 15:03
Score: 0
Posts: 1
User Since: 18th May 2010
System Score: N/A
Location: N/A
I have the same problem with two reported threats. With Sun Java JRE 1.5x/5.x I followed the instructions and it reported that the file had already been downloaded but I replaced it to be sure. Absolutely no change. The MS Data Access Component (MDAC) 2X does not seem to be recognised by Microsoft and all possible up dates have been downloaded with no effect. I guess the only choice is to get rid of Secunia. It is just an annoyance to have the warning every time I switch on.
pherb
Was this reply relevant?
+0
-0
This user no longer exists RE: false reports of 'threats'
Member 28th Jul, 2010 15:10
Last edited on 28th Jul, 2010 15:10 Hi pherb,

Removing the PSI won't patch the problems, and could leave your system exposed. Many users before you have had similar issues, and all have been fixed.

I'm sure if you create your own thread, detailing your problems, they should all be fixed pretty soon. As long as you remember to answer the questions asked by staff and forum helpers, there are few issues that can't be solved within a day or so.
Was this reply relevant?
+0
-0
Maurice Joyce RE: false reports of 'threats'
Handling Contributor 28th Jul, 2010 16:09
Score: 11295
Posts: 8,716
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 28th Jul, 2010 16:10
Here is the solution for Java. Works every time.
JAVA PROBLEMS
=============
Can be used with Windows XP,Vista & Windows 7 - 32 & 64 Bit Systems.

Windows works perfectly well without JAVA.On that basis,U can safely uninstall the lot via Control Panel>Add/Remove. If U change your mind later due to programme dependencies just install & test the latest version from the links provided below.

If U prefer to permanently retain JAVA (many users do) see below:

The following fix is for the more widely used 32 Bit system.(By default 64 Bit systems still use the 32 Bit Browser) Details for a 64 Bit Browser are in PART 3.

PART 1
AUTOMATIC UPDATING OF JAVA
~~~~~~~~~~~~~~~~~~~~~~~~~~
1. If U are using PSI version 1.9.0.0 have U tried the Auto Update feature supplied? If not, it is worth a go.
2. If using PSI 1.5.0.2 Go to Start>Control Panel>click on the JAVA icon>select the Update tab>click the Update Now button.

If these options are not available or do not work try this:

MANUAL UPDATING OF 32 BIT JAVA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click this link & select run from here:
http://www.java.com/en/download/manual.jsp (select 32 Bit)

To test your JAVA is working correctly use this test link:
http://java.com/en/download/help/testvm.xml

As normal,reboot,carry out a full PSI scan & all should be in order. If not,go to Start>Control Panel>Add/Remove & uninstall ALL version of JAVA(TM),JRE,JSE or JDK that U can see EXCEPT for JAVA(TM) 6 Update 21.

Rescan. In the unlikely event of a vulnerability still showing scroll down to PART 2


OPTIONAL EXTRA'S AFTER UPDATING BY WHATEVER METHOD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Go to Control Panel>JAVA icon>Update Tab and take the tick (check mark) out of box marked "Check for updates auto ....." (This will prevent a Java updater notification from starting each time U switch on your PC - PSI is already doing this job for U)

2. If U prefer not to have the JAVA icon in the System Tray when in use, open the Advanced Tab>look for Miscellaneous>click the + sign & then remove the tick from clearly marked box.

3. U may also wish to speed up your browser by clearing out the JAVA cache & permanently lowering the quota allocation. If U are unsure how to do this post back for more information.

++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++
PART 2

Use the method below as a last resort.

CLEARING OUT OLD JAVA DROSS (32 Bit)
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If U have completed all the above actions & still have a problem it is because the new JAVA uninstaller only removes the previous version. U could still have very old JAVA dross on your system. Try this:

1.Install or double check U have the latest JAVA version (Currently Version 6 Update 21)from here:

http://www.java.com/en/download/manual.jsp (select 32 Bit)

2.This tool will remove all the old dross except for the version U have just installed. Click here:

http://raproducts.org/

*This link takes U to the site - select the Windows Binary (zip) option.
*This will lead U to Sourceforge.net to download it.
*Save the download to desktop.
*Activate the desktop zip icon which exposes the JAVARA EXE file. Click it
*Select RUN when asked.
*Select your language.
*The tool will now appear on the desktop - select REMOVE OLDER VERSIONS
*Once complete select ADDITIONAL TASKS - tick all boxes & activate.
*Right click on the desktop JAVARA zip file & delete it.

3.To test your JAVA is working correctly use this test link: http://java.com/en/download/help/testvm.xml

PART 3

a.If U have, but do not use your 64 Bit Browser, there is no requirement for Java 64 Bit to be installed.If already installed it can safely be removed via Control Panel>Add/Remove (64 Bit versions are clearly marked 64 if U have any)

b.To update this version click here: http://www.java.com/en/download/manual.jsp (select 64 Bit)

c.U can use the 32 Bit browser to install the 64 Bit version.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.


Update 7 06:24 10/07/2010


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
irsdl RE: false reports of 'threats'
Member 28th Jul, 2010 16:50
Score: 12
Posts: 10
User Since: 16th Jul 2010
System Score: N/A
Location: UK
1- Some applications such as Fortify 360, IntelliJ IDEA, and so on have the Java files inside their directories as well. Versions of these Java files are normally older than the latest version of Java as they are needed for running a certain application. Usually these old Java apps do not make the PC vulnerable via the browsers. However, it is still possible for someone to exploit them locally.
In order to update an internal Java directory inside another application -which is for usage of that application- you need to contact the main application provider and ask them about the compatibility with the latest version of Java.
2- Sometimes it is not possible to update vulnerable applications without closing some processes. For example, it is not possible to update Flash without closing the Secunia PSI first.

--
------
Soroush Dalili
soroush.secproject.com/blog/
Was this reply relevant?
+4
-0
Anthony Wells RE: false reports of 'threats'
Expert Contributor 28th Jul, 2010 17:31
Score: 2366
Posts: 3,279
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello @dvorah ,

This is still your thread ; however Maurice Joyce has posted his tried , tested and approved method for dealing with all things Java and should help you deal with one of your problems .

Let us know how you are getting on with the others .

Take care
Anthony .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability