Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Why does OSI check so few Microsoft programs?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
xolotl Why does OSI check so few Microsoft programs?
Member 22nd Oct, 2010 17:45
Ranking: -9
Posts: 16
User Since: 13th Oct, 2009
System Score: N/A
Location: DE
Office, the .NET framework and Visual Studio are not on the search list:
http://secunia.com/vulnerability_scanning/online/p...
yet the first two at least are extremely common.

--
System: Windows XP SP3, Opera 10 or Firefox 3.6

Anthony Wells RE: Why does OSI check so few Microsoft programs?
Expert Contributor 22nd Oct, 2010 19:13
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Hello @xolotl ,

The OSI started well before the PSI and is a more basic programme ; both are offshoots of Secunia's commercial interests and the CSI for corporate use .

The OSI concentrates on major programmes which should be relatively easy to fix with limited data provided to you for your action .

The PSI in simple mode was a step up , then the "Advanced" mode gave more details and ability to search for any problems showing in things like .Net - a real beast .

Then we got "secure browsing" to help us see where we are vulnerable when browsing .

Now the latest Beta hopes to make it easier to "auto-update" those programmes which respond and still give enough info to attack more complex stuff .

The Forum has evolved as well with "tousands" of helpers here , at least Secunia say so , so that's OK by me .

Hope that helps .

Take care .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
xolotl RE: Why does OSI check so few Microsoft programs?
Member 22nd Oct, 2010 23:55
Score: -9
Posts: 16
User Since: 13th Oct 2009
System Score: N/A
Location: DE
Let me rephrase my question. OSI is a basic checker that looks for products most commonly found on the average PC and tries to be fast. Perhaps .NET is indeed "a real beast" and thus too complicated for OSI while perhaps VS is too uncommon to warrant its inclusion but most everyone has an office suite on his PC: if not MS Office, then OpenOffice (these two are the market leaders), yet OSI covers neither. Why?

--
System: Windows XP SP3, Opera 10 or Firefox 3.6
Was this reply relevant?
+0
-0
Anthony Wells RE: Why does OSI check so few Microsoft programs?
Expert Contributor 23rd Oct, 2010 12:35
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

To rephrase my answer , the OSI reports major programmes which are relatively easy to fix with limited info displayed .

M$ Office is/can be very complex to deal with ; just look at the amount of time and number of threads on it here in this Forum .

You may have a point with OOo , but the delays in the multiple language updating do cause a lot of confusion .

Secunia set the list and rules , they are as you see . If you want full patch security updates use the PSI - it's the reason it was developed .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
xolotl RE: Why does OSI check so few Microsoft programs?
Member 24th Oct, 2010 01:36
Score: -9
Posts: 16
User Since: 13th Oct 2009
System Score: N/A
Location: DE
Fine but PSI is not an option because it insists on searching the whole system drive. There is an option to define excludes but that's the wrong way to go about it: we should be given an option to define includes instead. As it stands PSI is just another obnoxious antivirus-like tool that insists on stressing your drive to the max, takes an eternity to run and is just plain unusable.

You security people are totally tone-deaf when it comes to usability: you never want to hear that the first quality of any tool, even a security tool, is to be as unobtrusive as possible and to defer to user wishes. This is all the more annoying in the case of PSI which, unlike an AV, has no reason to look into every obscure corner: it is a tool to assist in the updating of known and good software, not to ferret out rogue software. The user knows where he installed his software, so let him direct PSI to those areas instead of insisting on a total scan.

As long as PSI doesn't change OSI will remain the only one of your offerings that I consider a good trade-off.

--
System: Windows XP SP3, Opera 10 or Firefox 3.6
Was this reply relevant?
+0
-0
Anthony Wells RE: Why does OSI check so few Microsoft programs?
Expert Contributor 24th Oct, 2010 16:58
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 24th Oct, 2010 17:00
I'm not sure who you think you are talking to , but I do not work for Secunia and have no remit nor alliance to them .

I have used the Secunia OSI and then the PSI since their early days and contribute my experience therefrom to those who are interested in using it , especially the less technically competent computer user - like myself .

I do consider both to be key security products and that they are offered free is to Secunia's enormous credit .

Perhaps a Secunia official will drop by tomorrow CET (when they return to work on the PSI) to respond to your critique .

My time is precious to me and so I have absolutely nothing else to add to the discussion .

Take care .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Leendert Kip Why does OSI check so few Microsoft programs?
Member 24th Oct, 2010 17:20
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
on 24th Oct, 2010 01:36, xolotl wrote:
Fine but PSI is not an option because it insists on searching the whole system drive. There is an option to define excludes but that's the wrong way to go about it


Hi Xolot, You are free to give your comments on OSI and PSI, either positive or negative. But believe me or not, I am very happy with PSI which I use for some time now and experienced several versions. I am not very experienced and stumbled against problems now and then. Every problem up to now was solved easily thanks to experienced people like Anthony, TiMow, Maurice Joice etc. and, not to forget the Secunia support staff. So I am happy with this because it just helps me to prevent en solve problems. Why dont' you try PSI for some time and see how it works for you?


--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+1
-0
TiMow RE: Why does OSI check so few Microsoft programs?
Dedicated Contributor 24th Oct, 2010 18:21
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
By replying to relevant threads, will hopefully keep them on the first page, and relegate this overload of spam to the second page.
Apologies for unnecessary e-mail update.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

xolotl

RE: Why does OSI check so few Microsoft programs?
[+]
This reply has been minimised due to a negative Relevancy Score.
mogs RE: Why does OSI check so few Microsoft programs?
Expert Contributor 24th Oct, 2010 19:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Courtesy has always been apparent from Secunia staff: coupled with integrity, that obviously some cynics don't posess.
As a temporary OSI user.....you don't come over as the best judge of character, so I've no intention of reading your book.
I'm a very wary person, not sour ( I hope ): it may take some time to make certain of friends.....I doubt you'll ever find me particularly sweet !........Regards,

--
Was this reply relevant?
+1
-0
Maurice Joyce RE: Why does OSI check so few Microsoft programs?
Handling Contributor 24th Oct, 2010 23:25
Score: 11793
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 24th Oct, 2010 23:45
Well said Anthony (& Mogs). You need to check the other 2 threads created by the originator.Clearly looking in a mirror when he was typing the word obnoxious.

The only thing U have possibly forgotten is to use your voting power (whoops - someone has since I composed this offline) due to some totally irrelevant statements on his part:

1.As it stands PSI is just another obnoxious antivirus-like tool that insists on stressing your drive to the max, takes an eternity to run and is just plain unusable.

Total rubbish. My frequent tests of scans using PSI BETA average 31 seconds. It will be slower if U use older OS's with basic specifications. What stress on the hard drive? Where are the benchmark figures to prove this statement being as U appear so knowledgeable about programme design?

Solution: Do not blame the tool. Invest in a powerful CPU/64 Bit/8-16GB of RAM & it works like magic or continue to use what U have & live with the slowness U purchased.

2. This is all the more annoying in the case of PSI which, unlike an AV, has no reason to look into every obscure corner: it is a tool to assist in the updating of known and good software, not to ferret out rogue software.

Unbelievable. Secunia prides itself on finding system vulnerabilities. It is not a general updater of good software - of course it needs to check everywhere to alert users they have software installed that is vulnerable.This includes anti viral software which occasionally have security lapses.

3. The user knows where he installed his software, so let him direct PSI to those areas instead of insisting on a total scan.

Are U joking? As a helper on this Forum I can assure U that many do not know what is installed on their PC, nor how to use Windows Explorer to find a file path. This is no disrespect to them just that Secunia have recognised this & are continuing to build a programme that makes updating vulnerable software easier for these novice users. We should applaud such a stance not condemn.

4. As long as PSI doesn't change OSI will remain the only one of your offerings that I consider a good trade-off.

There is a word missing in this sentence - FREE.

Solution:
a. Dip your hand in your wallet & buy CSI. That has all the "whistles & bells" that U require for your slow PC.

b. What makes U think a Secunia Official reads this type of claptrap? If U want to improve PSI use the proper thread here:
http://secunia.com/community/forum/thread/show/572...

and U can add to some excellent RELEVANT suggestions/comments already made or write to Secunia Support with a Justification of Requirement to increase the number of programmes they choose to scan with OSI.

c. I note U have made no comment about OSI being reliant on JAVA. This is a continually vulnerable little nasty. A purist would hope that Secunia dump OSI as soon as PSI goes RTM or find an alternative engine as they did with Flash in PSI after constructive (& polite) comments from users.

In conclusion "Ye gets what Ye pay for". Use the ultimate if U are so unhappy - do not use Secunia products.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
TiMow RE: Why does OSI check so few Microsoft programs?
Dedicated Contributor 25th Oct, 2010 10:57
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
@xolotl
My post:
on 24th Oct, 2010 18:21, TiMow wrote:
By replying to relevant threads, will hopefully keep them on the first page, and relegate this overload of spam to the second page.
Apologies for unnecessary e-mail update.

Your response:
on 24th Oct, 2010 19:15, xolotl wrote:
@TiMow: Wow. So any critique of OSI/PSI design decisions is an "overload of spam". I was explaining why I don't use PSI, not trying to start a flame war. Since this is your attitude, don't bother updating the thread on Monday. And you might want to take some lessons of courtesy and etiquette yourself.


Is this a case of dillusional paranoia or mistaken identity? I don't see any mention by me, about updating on Monday - maybe another post?

I'm amazed that you were able to read so much into my couple of lines - which were not intended for you or relevant to your thread (feel free to score me accordingly).

If you remove your blinkers and look beyond your own self-interest, you may have seen that I had posted the same reply to several legitimate forum threads.
This was because this forum was being bombarded by advertising spam from the US (see posts by hoangwy - if Secunia haven't removed them by the time you read this).
These posts (about 15 in total) were pushing legitimate problems (and complaints), down the list and onto page 2. By my replying with this explanation (which you have completely mis-interpreted), would in turn have the same effect with this spam BS (as each new reply puts a thread to the top of the list).

We all reluctantly tolerate the occasional single piece of spam - but this was just taking the ****.

Regarding the situation with OSI and PSI, I had already offered a response on your Thunderbird thread relating to the differences (before the sourness of your opinions were apparent ), and felt no further need to respond here, as you only seemed intent on being confrontational against the other responders, and intent on belittling something that is offered free to you, anyway.

And, finally - the majority of reply posts are made by private individuals - if it doesn't say "Secunia Official" in a red rectangular box (on the left of each post), then it ain't Secunia.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+6
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer