Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Should be seen as 100%

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI 2.0 Beta

This thread has been marked as resolved.
sim94 Should be seen as 100%
Member 11th Sep, 2010 16:52
Ranking: 0
Posts: 5
User Since: 7th Sep, 2010
System Score: N/A
Location: UK
Hello,
After getting a score of 100% in PSI 2.0 Beta I used the OSI to check the online score.
OSI gave one insecure program (update SUN java 6.0.180.7), so I clicked the update link (to download it). I ran the updated java and unset the tick for YAHOO toolbar. But when it tried to restart java it could not do it as another instance of java was running (this must have been java 6.0.180.7 which I assumed needed a restart to install the new version). So I restarted the system and tried OSI again- which still found SUN java 6.0.190.7!. So I used the control panel - programs and features and uninstalled the two earlier versions of java (version 18 and 20), leaving me with only version 21 installed. So I restarted the PC and after logging on etc I ran OSI and it was now printing "no insecure programs found" in green (rather than red or black). So having got 100% score I am now checking if this thread will print the score (as now selected!)
Yours Sincerely
Simon Yarwood


--
WINDOWS 7 Home Premium

Post "RE: Should be seen as 100%" has been selected as an answer.
sim94 RE: Should be seen as 100%
Member 11th Sep, 2010 16:57
Score: 0
Posts: 5
User Since: 7th Sep 2010
System Score: N/A
Location: UK
Still no score (even though box ticked!).
Well time to have another try (then I will give up for now).
Simon Yarwood


--
WINDOWS 7 Home Premium
Was this reply relevant?
+0
-0
TiMow RE: Should be seen as 100%
Dedicated Contributor 11th Sep, 2010 18:02
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Simon

Now you have PSI installed, I wouldn't mess around with OSI any more - PSI is more thorough and checks more programs. I believe that OSI doesn't maintain any historical data, which is probably why it's not reproducing your score, on your forum post.

I would run a PSI scan again, make sure the "Show my Score " box is still ticked on your forum profile, and the post a reply to see if that works.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
sim94 RE: Should be seen as 100%
Member 12th Sep, 2010 10:55
Score: 0
Posts: 5
User Since: 7th Sep 2010
System Score: N/A
Location: UK
I have done a PSI scan and got (green) "Congratulations ... 100%" result.
My profile stll has the show score box ticked.
So is this now seen as 100% score?.
Yours Sincerely
Simon Yarwood


--
WINDOWS 7 Home Premium
Was this reply relevant?
+0
-0
TiMow RE: Should be seen as 100%
Dedicated Contributor 12th Sep, 2010 11:20
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi again Simon

Your score is obviously still not showing on the forum page.

It may be a glitch with the PSI beta, which Secunia may pick up tomorrow.

Although, one final thought.

Is your forum profile that you created, exactly the same as your Secunia Profile on the relevant tab in the PSI window?

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
sim94 RE: Should be seen as 100%
Member 12th Sep, 2010 13:19
Score: 0
Posts: 5
User Since: 7th Sep 2010
System Score: N/A
Location: UK
Hello,
I do not know how to check if the community profile is the same as the PSI profile, which just gives me the "settings" or community profile. I did try to copy and paste the screen but it would not come out as on screen (nor even when copying and pasting into Open Office writer).
I had assumed that there would be only one profile so I only checked the community profile (the one used online).
My experience of the OSI finding Old - (but by default not uninstalled, so co-existing) SUN java software has made me very doubtful that running PSI and getting 100% actually means I will get 100% in the OSI.
More to the point it means I MUST get 100% in the PSI and I MUST get 100% in the OSI to ensure that my system is secure (untill PSI has been taken out of the Beta stage and found to agree with OSI).
Yours Sincerely
Simon Yarwood

--
WINDOWS 7 Home Premium
Was this reply relevant?
+0
-0
mogs RE: Should be seen as 100%
Expert Contributor 12th Sep, 2010 13:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
You can check for any discrepancies/update your Secunia Community Profile by
going to Configuration.....left side on the psi 2.0 Beta panel, and then clicking on SCP in the drop down menu.
Hope this helps.......regards,

--
Was this reply relevant?
+0
-0
TiMow RE: Should be seen as 100%
Dedicated Contributor 12th Sep, 2010 15:55
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 12th Sep, 2010 16:11
Simon,

A couple or so points to pick up on - I'll try to be brief.

Firstly, once downloaded, it is possible to use PSI anonymously without setting up a profile - I used PSI for a couple of months as such - my member date is as on the left, but usage has been for longer.

On 1.5.0.2 (stable), there is a Secunia Profile tab; on beta @mogs has given details as to where to find it, above.

Secondly, anyone can post on the forum, whether they use Secunia products or not, providing they also create a profile to do so -see "My Profile", l.h.s. above log on.

For me, it is logical to assume that in order for the score from PSI to be displayed on the forum, then the profiles need to be the same.

It appears that many users have been using PSI for a long time, but when they make a first post to the forum, it shows them as a new member, as from the date of this first post. This suggests that they haven't set up a Secunia Profile on PSI, but only one for the forum, which is why many show N/A against System Score.

The next point - I get the impression from your posts, that as a previous OSI user, you're using the previous results from this as a benchmark to judge the results of PSI against.

The results from both must be viewed differently. PSI scans many more programs, so insecurities can be found in programs using PSI, that OSI doesn't even scan. If you show 100% score with PSI, you are as secure as you can be relating to vulnerabilities.

OSI also, as previously stated, maintains no historical data (as far as I'm aware), and scans in the here and now.

I show 100%, but do have insecure programs - these are located in a back-up location (C:\i386), which has no exposure to the bad guys, so although PSI scans this location, I have set an "Ignore Rule" so these results aren't reported after a scan, as these programs don't represent a threat.

However, if I run an OSI scan these programs are picked up and reported, as OSI has no reference to any rule I may have set up.

Therefore 100% in OSI may not equal 100% in PSI, and vice-versa.

I hope the above helps to clarify, and not to confuse.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+3
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer