Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Bug prevents updating

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
TimeShift Bug prevents updating
Member 22nd Sep, 2010 18:28
Ranking: 0
Posts: 1
User Since: 21st Dec, 2009
System Score: N/A
Location: N/A
Howdy,

I just noticed two odd behaviors of PSI:

1st: Google Chrome automatically updates its runtime. Therefore it downloads the new files and puts them into a new subfolder like Application\6.0.472.62 for example. If an update is installed, this folder remains, but a new one is created. PSI finds both folders, yet complains about the old version to be outdated. It could be just deleted instead :)

2nd - and much more severe: Files like the Flash-PlugIn for ActiveX can't be updated whilst PSI is running. PSI complains about the files to be outdated and offers a solution to be downloaded and installed....yet the solution is already installed. Like recently: the files Flash10i.ocx and Flash10k.ocx are in the same folder - the old and the new together in the same folder. Sadly none of them can be deleted because they're currently accessed....
....by PSI!

I don't think that works as intended, right?

TiMow

RE: Bug prevents updating
[+]
This reply has been minimised due to a negative Relevancy Score.
TiMow RE: Bug prevents updating
Dedicated Contributor 22nd Sep, 2010 18:59
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 22nd Sep, 2010 19:19
Unfortunately that is the long and short of it.

In the first point, re. Chrome - this is a Google issue rather than a Secunia one. By realising this you are one jump ahead of some users. You're right it can be deleted - but manually by you/me/us the users, until Google change the set-up. That's how it has always been since Chrome's inception.

In the second point, re. Flash ActiveX - this is more of a niggle than a bug - it's just a case of knowing that the display of graphics in PSI (v.1.5.0.2 and earlier) is reliant on ActiveX, and if not fully exited, then the old .ocx isn't removed; and realising that by clicking the red "X" only closes the window, and not exits the program (done from the the tray icon, for anyone reading who may not know).
Again your knowledge makes you richer than some - but by others reading these threads, it may benefit them too.

The Adobe Uninstall Flash does elude to the need to exit all programs that may be using flash:

http://kb2.adobe.com/cps/141/tn_14157.html

Incidentally the need for flash ActiveX is no longer, with PSI 2.0 beta - the chord has been cut.

TiMow

EDIT: Sorry folks - double post - the first one wasn't stopped in time (although I thought I had) to include the link I wanted to show (and now can't be edited) and the second one can't be removed, because it does contain the link.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+7
-0
This user no longer exists RE: Bug prevents updating
Member 23rd Sep, 2010 09:47
Hi,

Both your points are known problems with the currently stable version of the PSI (1.5.x).

The fact that Google Chrome is shown twice, has to do with the stable version of the PSI's grouping of results. Since the results are split out over multiple tabs, the installers that leave behind old versions will never get removed from the Insecure tab unless the user takes direct action.
This behaviour is outside of Secunia's control.

And, as you correctly noted, the stable version of the PSI can prevent the ActiveX version of Flash from being correctly updated, since it uses the Flash ActiveX controls to display the graphics on the Dashboard. This means you will have to close the PSI to successfully update the ActiveX Flash.

Luckily, both of these issues have been fixed in the Secunia PSI 2.0 Beta.

In the 2.0 Beta, multiple detections of one program are grouped together, and the fact that an up-to-date version exists will be enough to stop the PSI from alerting you - since this is the version that will be used anyway, the treat from old, unused software is neglectable, though it is of course still a good idea to remove old versions.

Furthermore, the PSI 2.0 Beta is completely independent from Flash, so updating Flash will go like a breeze - Especially since the PSI 2.0 can automatically update Flash, without any user intervention whatsoever.

If you are interested, you can download the Secunia PSI 2.0 Beta here: http://secunia.com/PSI2SetupBeta.exe
Keep in mind that it's beta for a reason, though, and several known issues exist with this version, though we will be releasing updates and bugfixes.

Hope this helps.
Was this reply relevant?
+0
-0
TiMow RE: Bug prevents updating
Dedicated Contributor 23rd Sep, 2010 13:25
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 23rd Sep, 2010 13:28
Hi Emil,

I'm surprised you refer to these 2 issues as "problems" in PSI (stable).

Re. Chrome - I think there have been many users who have been both surprised and relieved to learn that despite having updated to the latest version, that they haven't fully cleared any insecurity, until the old (often insecure) file is deleted. In many cases they initially believe this to be a PSI reporting problem, until advised otherwise. If both old and new files weren't reported, then many users could be ignorant to this fact and carry on regardless, not realising that an attack vector may still exist.

For me, the problem lies with Google (and other vendors), when a new update doesn't fully remove or overwrite the previous version, and not with PSI for alerting us to this fact.

Re. Flash - this obviously remains a continual problem for many, with every update. Again, I don't view it as a PSI problem, that PSI (stable) needs to use flash for the display of the graphics, and that, when updating ActiveX, if all programs using flash aren't fully exited prior to updating, then the old .ocx file isn't removed.

It's a bit late in the day (almost irrelevant now, as PSI 2.0 is being pushed forward for full release), but this information is already contained in the expanded entry for flash in the relevant tab where it may be listed (depending on it's current status) - but it is not always obvious to the user that they need to expand the [+] for more information; if they're using Advanced in the first place.

A heading to "Click here more information", above the [+] might have been a good idea.

The other problem, of fully closing PSI before updating Flash, was also an area of confusion for many. Maybe, when clicking on the red "X" to close the PSI window, a pop-up could have appeared informing that the program is still running and can only be exited from the tray icon (similar to the pop-up that currently appears when PSI is exited).

I appreciate that all time and effort is concentrating on tweaking 2.0 beta, but there are still many users of 1.x, and will probably continue to be so, even after v.2.0 becomes full release.

Just to finish with - now I'm "in the know", I have (up until this point) found that updating flash already goes like a breeze - famous last words.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
This user no longer exists RE: Bug prevents updating
Member 23rd Sep, 2010 13:54
Last edited on 23rd Sep, 2010 13:54 Hi TiMow,

The word "problem" is, of course, used relatively. I did not mean to imply any inherent problem with the PSI, but was simply thinking about the End-User experience. Because, while these things are immediately unfixable by Secunia (because the Vendors maintain installers, not us), the fact that the issues occured at all would be a "problem" in the eye of end users.

Our goal is to make the PSI as simple to use as possible, without cutting back on it's power. This isn't a very easy thing to do, as some may have noticed during the Beta period.

You are totally correct in saying that the problems are caused by the application's maintainers, and not us, but the fact remains: The "Problems", whether they "inherently" were the "fault" of the PSID, or Google/Adobe, are resolved in the PSI 2.0 Beta (Somehow, when discussing these things, I can't help but think of Nietze's concept of "spooks").

By the way, our goal for the PSI 2.0 Release is to have all users want to upgrade to the new version. Some people might not think so, but we really do listen to your feedback, and are busily working on the next release. ;)

Point is, simply, if the user is required to know about the behaviour of certain installers, that can be considered a "problem".

hope this is clear enough.
Was this reply relevant?
+0
-0
TiMow RE: Bug prevents updating
Dedicated Contributor 23rd Sep, 2010 15:02
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi again Emil,

Obviously, with hindsight, I realised your (Secunia's) stance on this, but just to say, that my first reading of your initial reply was perceived maybe not as intended - it seemed to want to pacify/empathise/agree with the o.p.'s comments - who for me, was barking up the wrong tree (but freedom of speech, etc.) - a bit like complaining to the postal service, because the postman brought you a tax bill.

Anyway, the clarification is appreciated - if not really needed - as my point was just to inform other readers, that the aforementioned issues aren't really as big a problem, as sometimes made out. The information to help, is already out there, if sought - sometimes the landing strip just needs to be better illuminated. I would imagine that PSI 2.0 is trying to do this.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Anthony Wells RE: Bug prevents updating
Expert Contributor 23rd Sep, 2010 15:23
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Sep, 2010 15:28
Hello TiMow and Emil and @TimeShift , of course ,
The expand for information idea that TiMow mentions above about the [+] box is being used in the 2.0 Beta , this is the first line in the results tab :-

""This view shows an aggregated list of programs detected on your PC with the latest Secunia PSI scan. Click any program for additional information and details.""

Unfortunately , if you click the box "all" you get is the "installation path" which you need to then double click to get a new inset/mini window with "all" the details you need to work on the programme . However , if you double click the entry initially rather than the [+] box you get the mini-window ; even if indeed this window is not so intuitive to use as one might hope - too many spooks .

Talking of Nietzsche (or should that be Dame Edna Everage) , this always comes to my mind :-

http://www.youtube.com/watch?v=xQycQ8DABvc

Hope this is useful for the developers .

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
TiMow RE: Bug prevents updating
Dedicated Contributor 23rd Sep, 2010 15:34
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Anthony

That brought a smile to my face - hadn't heard that in years.
My elder brother had/borrowed, M.P. L.P.'s that I always used to listen to - at one time could recite a lot of the well known songs (and sketches) - it was seen as more comedic than boring at the time - although I did seem to get my philosophers' mixed up (or was it mixed metaphors).

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability