Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI 2.0 Beta opening Non-Default Browser

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI 2.0 Beta

This thread has been marked as locked.
Quitch PSI 2.0 Beta opening Non-Default Browser
Member 24th Oct, 2010 12:09
Ranking: 5
Posts: 53
User Since: 17th Apr, 2008
System Score: 99%
Location: UK
The previous copy of this thread was closed owing to it being a browser issue. The problem is, experience shows its a very common browser issue and I think Secunia should, unfortunately, work around it.

For example, on my GF's machine I found that it open Chrome though Chrome is not the default, even if opened as an admin. I checked the classes area and find that Chrome is indeed set to launch for http so I launched Chrome as an admin, set it to default then launched IE as an admin and set it to default. This does not fix the key.

At this point we have moved well beyond what an end-user can do or understand, where as allowing Chrome to screw it up is incredibly easy and well within their ability.

The OS appears to store the default browser setting somewhere else as things such as the Start Menu are showing the correct setting. As browsers screw-up the setting currently used by PSI but not the setting used by the Start Menu, perhaps the program should be using a different key to detect this?

Yeah, it sucks that other programs cock this up, but as it appears to be common and end-user affecting I think this is the better route.

TiMow RE: PSI 2.0 Beta opening Non-Default Browser
Dedicated Contributor 24th Oct, 2010 18:24
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
By replying to relevant threads, will hopefully keep them on the first page, and relegate this overload of spam to the second page.
Apologies for unnecessary e-mail update.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Terradon RE: PSI 2.0 Beta opening Non-Default Browser
Member 29th Oct, 2010 20:30
Score: 9
Posts: 22
User Since: 24th Sep 2009
System Score: N/A
Location: US
I was about to open this thread again when I saw your post. I'm having the same issue, but with Firefox. I opened IE "as administrator" and it says that it is the default browser and in fact PSI 2.0 Beta is the only program that doesn't treat it that way. Checking the registry entry given in the original thread, I have this:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
Now, I can certainly change the path to the IE path, but, I certainly wouldn't recommend that the average user do that.

--
Don
Windows 7 Home Premium 64bit SP1
Intel Core 2Quad 8GB RAM 1000mb lan to cable
Was this reply relevant?
+0
-0
TiMow RE: PSI 2.0 Beta opening Non-Default Browser
Dedicated Contributor 30th Oct, 2010 19:04
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
The following guide was written by Morten Hansen of Secunia, for such instances as yours and may help.

http://secunia.com/community/forum/thread/show/471...

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Terradon RE: PSI 2.0 Beta opening Non-Default Browser
Member 30th Oct, 2010 20:19
Score: 9
Posts: 22
User Since: 24th Sep 2009
System Score: N/A
Location: US
Yep, I read his post. If you read mine, you'll see that I said that I could certainly change the registry entry, but I wouldn't recommend it to the average user. Why?
1) If you don't know what you are doing, you can muck up your system.
2) I'm running Win7 64bit and I had to really search for the key. It was not in the "normal" alphabetical order. I could easily have opened the wrong key.
3) The entire path was not visible when I opened the key. I had to copy it to a text editor to see the whole path. Editing the path inside Regedit would take more care than I would trust the average user to exercise.
Personally, I'll put up with the annoyance of having a non-default browser open. I haven't seen a problem with any modern browser rendering the site.

--
Don
Windows 7 Home Premium 64bit SP1
Intel Core 2Quad 8GB RAM 1000mb lan to cable
Was this reply relevant?
+0
-0
libove RE: PSI 2.0 Beta opening Non-Default Browser
Member 30th Oct, 2010 22:10
Score: 31
Posts: 71
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
I'd like to second the (implied) suggestion that PSI be a bit more direct about picking a browser which simply is more likely to work.

To make this rather nuanced, at the expense of more code, PSI could start out by trying whatever it thinks is the default browser (as it does now), but have something to detect whether the action was successful and allow the user to say "no, please try something else". Whereupon PSI should explicitly go after a known browser e.g. %ProgramFiles%\Internet Explorer\iexplore.exe (or on a 64-bit system, %ProgramFiles(x86)\Internet Explorer\iexplore.exe, along with specific instructions on how to manually launch the browser (as the appropriate admin user as which PSI is presently running - be aware of the difference between Administrator and Domain Administrator on Domain connected hosts) and set the necessary Trusted Sites settings. A cherry on top of this chocolate brownie would be some code which PSI would test against the necessary destination website (in particular, the whole "need to have trusted access to somethings.spi.com") to be able to cleanly report to the user e.g. "Uh, buddy, you need to launch this browser, as this user, and set these trusted site settings".

In short, because the point of PSI is to make it easier for "normal" users to be much more secure, strange failure modes (not so strange, really, with the proliferation of browsers) need to be handleable easily by the "normal" user.

Cheers,
Jay
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer