Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI has become pointless - too many false positives

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
mkblack PSI has become pointless - too many false positives
Member 15th Oct, 2010 22:25
Ranking: 0
Posts: 1
User Since: 15th Oct, 2010
System Score: N/A
Location: US
I just did a scan and PSI is reporting that 44 applications or instances are insecure or out of date. But they are not. Among the results:

Adobe AIR (3 instances)
Flash (this gets even better - see the last paragraph)
Adobe Reader (2 instances)
Quicktime (2 instances)
Chrome (4 instances)
iTunes (3 instances)
Firefox (4 instances)
Thunderbird (3 instances)
OpenOffice
VLC media player (3 instances)
VMWare
avast! (2 instances)
uTorrent

All of these programs are up to date, and yet PSI is saying there's something there that it doesn't like. I checked each one of them just to be sure before posting this.

Do you really expect me to spend my valuable time investigating each and every one of those issues... digging and searching through the PSI forums... trying to find out why each and every one of these things it reporting wrong? AND THEN!... make some petty correction for a non-error to keep PSI reporting it as an error? Until the next time that is!!! Really?

PSI is useless now. It used to be better than this - not so many false positives. Shouldn't it be smart enough to know better?

I will no longer be using this product. Thank god it was free.

One more thing... the "Program Overview (right now)" has ALWAYS reported that it can't display the graphs because Flash is not installed, even though you're reporting that it is out of date and therefore installed!!!, or that IE 8 or better is not installed, which it is. More uselessness.

Goodbye.

Maurice Joyce RE: PSI has become pointless - too many false positives
Handling Contributor 15th Oct, 2010 22:39
Score: 11626
Posts: 8,915
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Not much detail there for anyone to help U.

What OS are U using? Which version of PSI? Have U checked the paths to the insecurities? Are U sure they are not in an OEM reinstallation patition?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
mogs RE: PSI has become pointless - too many false positives
Expert Contributor 15th Oct, 2010 22:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
Somehow I find it difficult to believe that you've used so much of your time writing, and have no intention of looking for a response or reply. Unless it's a bit like a suicide note ( which it may be , in a way...for your pc!).
You've only become a member today.....can't have been too much reading !

Firstly, unless the psi is configured aright....settings for IE8 (?)....it can't do it's job properly. You should have a good read thro' the following and ensure the settings are correct....particularly note 3 :-
http://secunia.com/vulnerability_scanning/personal... FAQ's
http://secunia.com/vulnerability_scanning/personal...
HOW IT WORKS
For you to see the graphs, Flash has to be installed for IE. In the new psi 2.0 Beta it is not a prerequisite.
You should note that tho' you update programs, as a generality, older versions/files are oft left behind which psi continues to detect even if still residing in the Recycle bin.
It is best to be using the Advanced interface....top right psi panel.
Click on a + sign and that entry will expand to reveal the file path....another click on Tech Details will confirm it. Post that info together with version of psi and Operating System if requiring further assistance.
I won't spend any more time on this, just in case you really are a hopeless case.
Regards.


--
Was this reply relevant?
+1
-0
Maurice Joyce RE: PSI has become pointless - too many false positives
Handling Contributor 16th Oct, 2010 09:54
Score: 11626
Posts: 8,915
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Good Morning Mogs.

Do not know if U are in the same boat but I was woken this morning by a horrendous noise. An investigation revealed it was a load of Teddy Bears stacked high in the corner of my study flapping their arms and mumbling incoherently.

Given that I know it is not the 25th December who could have sent such a gift?

There are a few clues but I cannot work out where the bears came from. The clues:

a.The Teddies all had a Freebie label attached. That matches all the programmes listed by the originator which are also freebies - is that a clue?

b.They all have buttons in the left ear with another message which clearly states" Yer gets what ye pay for" so they are clearly not Steiff bears from Germany who rightly pride themselves with quality.

c.They have a Danish flag in the left hand (in the lower to ground posture) and an American flag held high in the right hand.

d.They constantly move as if agitated.

e.They are fairly well manufactured in that some effort has been made to insert a voice box. Trouble is the speech is all Gobbledygook to me.

d.Some are personalised. I have one that can yodel (Swiss connection?),one with a bottle of quality Sancrere wine(definitely French),one chewing a Big Mac (no idea), one holding a Tesco bag (English) one grasping a bacon buttie (Danish?) and to complete the set one had FALSE teeth but a POSITIVE looking attitude!

So who sent me the teddies? Was it U?

Plucking at straws really - I must thank the sender (with a gentle reminder that spending money on quality Steiff bears is a good investment & a more acceptable gift) - any ideas? Have I missed the obvious?

Answers please on the back of a 2nd class postage stamp in block capitals.

Have a nice weekend.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-2
mogs RE: PSI has become pointless - too many false positives
Expert Contributor 16th Oct, 2010 10:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The only culprit that especially and immediately springs to mind....noticeable by his absence perhaps....is that sometimes devilmaycare character, the Wizard from OZ !! Perhaps he's trying to tell you that he's not as cuddly as imagined ? That, despite colourful attempts at genuine Europeanism....his own magic is doin' quite well ?
Have you since checked out what they're stuffed with ?! Didn't hear a thing....he must be aware I've got enough !!
Quality like freedom isn't a totally abstract British concept ?!
My Danish allies don't allow for any piggishness in internationalism ?!

Have a good weekend Maurice !




--
Was this reply relevant?
+2
-0
Moote RE: PSI has become pointless - too many false positives
Member 16th Oct, 2010 14:36
Score: 9
Posts: 2
User Since: 1st Aug 2010
System Score: 100%
Location: UK
Last edited on 16th Oct, 2010 14:37
Hello mkblack

I'm not sure what your issue is with Secunia, but I must say that this is an A1 piece of software.

Can I explain a few things; because you believe your software packages are 100% up to date, does not mean that they are, many packages do not inform you of intermediate updates, or the user has not enabled that facility, even downloading a so called Latest release from an official site does not mean it includes patches that might have been published since it's publication. OK I'm not saying that you are incorrect about the status of your report, but your tone just reveals someone who is just annoyed about something he believes is true.

Try patching your system and see if that improves the issues mentioned

Moote
Was this reply relevant?
+9
-0
getsmart37 RE: PSI has become pointless - too many false positives
Member 17th Oct, 2010 04:45
Score: 6
Posts: 23
User Since: 30th May 2010
System Score: N/A
Location: AU
Last edited on 17th Oct, 2010 04:46
Hello Maurice.

The only problem I have with Secunia is it some times tells me before the program maker does ( I get so stressed out about that) the last one was at least 48hrs earlier.

I will admit it does miss the odd one but I will pick it up doing other checks.

Sorry to complain about nothing as there is nothing to complain about except just complaining because I had nothing else to do.

Secunia is a fantastic I is far better than many of the paid products out there.

Regards Keith
Was this reply relevant?
+5
-0
taffy078 RE: PSI has become pointless - too many false positives
Contributor 17th Oct, 2010 10:58
Score: 408
Posts: 1,321
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I wish to complain - my PSI is showing too many correct results, with 87 patched programs. Why can't I have some false positives too - can anyone tell me where I can download them?

Why do Secunia's programmers always have to get it right?

Do you really expect me to spend my cheap time investigating each and every one of those issues... digging and searching through the PSI forums and Mogs' CClips?

And now I have to double-check my collection of teddy bears in case they're positively false, too. Or should that be negatively true? The first one I checked was holding a 2001 Space Odessey DVD with HAL - Fred must have sent me that.

And finally, I wish to complain about Maurice - he said, and I quote, "post me your answers on the back of a 2nd class postage stamp in block capitals". He didn't make it clear though that I should not have stuck the stamp on the envelope to him. I'll have write out my 2,000 words thesis again - when I find some valuable time.

Seriously though - thank you, mkblack, for making me laugh so much.
I've nominated you for a part in Secunia's annual pantomime - can anyone suggest which character? (Mogs has already been cast as the Dame.)

This may help you decide:

http://www.limelightscripts.co.uk/scripts/history....

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-1
Leendert Kip PSI has become pointless - too many false positives
Member 17th Oct, 2010 11:28
Score: 65
Posts: 520
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 17th Oct, 2010 11:35
[quote=p27756]Seriously though - thank you, mkblack, for making me laugh so much. I've nominated you for a part in Secunia's annual pantomime - can anyone suggest which character? (Mogs has already been cast as the Dame.)

Hi Taffy. I indeed was very surprised about that lon complaint. Such thing didn't happen in my system. So I don't understand what migh be wrong and I didn't respond because I cannot help anyway. There must be something awfully wrong in his system. The strange thing is that he just mentioned the problems but didn't ask for help and tells us he is finished with PSI. I am convinced that he should find solutions in this forum with all the experienced people we have here Obvously he has no patience and confidence; that's a pity!

--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+1
-1
taffy078 RE: PSI has become pointless - too many false positives
Contributor 17th Oct, 2010 22:50
Score: 408
Posts: 1,321
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 17th Oct, 2010 22:52
Hi Leendert. As Maurice said, some info from mkblack would have allowed us to help him/her.

Some of his/her problems are probably that the old/insecure versions weren't removed by installing the updates but we'll never know!

mkblack - please get back with some more info e.g.
1. What PC/operating system etc have you got?
2. What version of Secunia are you using? It's shown in the bottom-right of the main Secunia screen.
3. there could be some dross, old stuff, left in your PC. Can you tell us the installation paths of the files that have been picked up as insecure? This is what you need to do:

3a Go to the main Secunia PSI window & click on ‘Advanced’ if it’s underlined in blue. (Don't be put off by the name "Advanced"! It's easy to follow/use.)

3b Click on “+” to highlight & expand it.

3c Click on “Technical Details” (in Toolbox”)

3c This will give you the installation path of the insecure files. If you copy & paste them in your next reply here, we will be able to help.
You may find that the copy/paste controls on your mouse don't work. If that's the case, use CTRL & C (at the same time) to copy and CTRL & V (at the same time) to paste.

Please don't be put off by these procedures - it's very easy to do them.

And please don't be put off by my silly comments earlier. No offence was intended.

You did make me laugh - I needed it! - but we are all nice people and are here to help you. ;0)

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+4
-2
wardjfb RE: PSI has become pointless - too many false positives
Member 21st Oct, 2010 14:44
Score: 0
Posts: 9
User Since: 20th Oct 2010
System Score: 100%
Location: UK
I have suddenly started to have this problem because Secunia PSI has started looking on my maxtor backup drive where it is findiong old versions of programs that are not being used.

when I created a rule to ignore that drive it still looks there, so unless someone can help, I too may have to abandon this.

Jonathan

--
Jonathan
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI has become pointless - too many false positives
Expert Contributor 21st Oct, 2010 14:52
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Jonathan ,

The PSI Beta 2.0 (version number 1.9.0.4001) also lets you ignore drives and in this case the drives are not scanned ; should resolve your problem :-

http://secunia.com/PSI2SetupBeta.exe

See if you like it .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
wardjfb RE: PSI has become pointless - too many false positives
Member 22nd Oct, 2010 17:25
Score: 0
Posts: 9
User Since: 20th Oct 2010
System Score: 100%
Location: UK
Great problem solved. Thanks

--
Jonathan
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability