Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Unable to secure programs

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
805Lee Unable to secure programs
Member 20th Nov, 2010 18:50
Ranking: 0
Posts: 3
User Since: 20th Nov, 2010
System Score: N/A
Location: US
The following programs keep showing up as unsecure : Adobe Flash Player 10.X, Apple Safari 5.X, Sun Java 1.6.X/6.X. I run the solution and reload the new program, but it still shows up unseure when I rescan. Any ideas?

TiMow RE: Unable to secure programs
Dedicated Contributor 20th Nov, 2010 19:03
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 20th Nov, 2010 19:14
Hi Lee

Although you've updated, there are probably old files (or elements of), still remaining, which is what PSI is alerting you to.

In order to get you started - can you reply back, with which version of PSI you're using (1.5.0.2 or 2.0 beta); and if using PSI 1.5.0.2, are you using (familiar with) Advanced mode?

Are you able to provide full version numbers and installation paths of these insecure programs?

TiMow

P.S. I forgot - your Windows OS would also be helpful.
These are relatively common problems and usually not difficult to sort out (famous last words) when the above requested details are provided.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+3
-0
805Lee RE: Unable to secure programs
Member 21st Nov, 2010 00:13
Score: 0
Posts: 3
User Since: 20th Nov 2010
System Score: N/A
Location: US
I am not using the beta program, and I am not familiar with how to use the advanced program. The only version numbers I know are the ones I listed (except I forgot to put the entire Java version - Sun Java JRE 1.6.x/6.x).
I am using windows Vista home premium.

Lee
Was this reply relevant?
+0
-0
TiMow RE: Unable to secure programs
Dedicated Contributor 21st Nov, 2010 09:51
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Lee

Thanks for the info. I'm assuming that you're using PSI v.1.5.0.2 (and not an earlier version) - see bottom right of PSI window for version number.

In order to solve your problems, you will need to switch to Advanced mode:
- top right of PSI window, look for "Interface mode: Simple/Advanced" - click Advanced;
- do not be put off by the wording in the pop-up dialogue box, and click "OK";
- Advanced mode, gives much more information, that is needed to help solve your problems;
- using PSI Advanced, may list additional insecure/end-of-life programs - they haven't just been created, it's just that Simple mode only lists easy to patch programs - Advanced mode lists all problem programs. If you have any additional problems, these too can be addressed.

Now you're in Advanced, you should find the 3 programs you've listed under the Insecure tab (tabs along the top) - red lettering on a tab heading indicates problems.

Each program listing, will be followed by "Version Detected" - which is the full version number, I requested previously.

On the l.h.s. of each program listing is a "[+]" - by clicking this, reveals the "Installation Path" (also requested) and "Toolbox" icons.

It would be beneficial if you could still reply with full version numbers and installation paths **(see below), but I will post this reply for now.
Because of Continental time differences, I will try to compile another reply with possible/likely solutions, in the absence of the additional details requested.

** to include details from PSI to post on your reply:
- highlight required details - hold left mouse button, and drag mouse curser across from first to last;
- hold control button and press "C" (Ctrl+C) to copy;
- hold control button and press "V" (Ctrl+V) to paste on your reply.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
TiMow RE: Unable to secure programs
Dedicated Contributor 21st Nov, 2010 12:13
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 21st Nov, 2010 12:56
Firstly, you can check that you have all the correct/latest versions of your problem programs, by clicking on the tab "Patched" (PSI Advanced), and finding each in the list (alphabetically listed), and confirming that "Version Detected" is as follows:

- Adobe Flash Player 10.x 10.1.102.64 (NPAPI); and
- Adobe Flash Player 10.x 10.1.102.64 (ActiveX)
[It is correct to have 2 listings: NPAPI is the plug-in used by non IE browsers; and ActiveX is used by IE, and PSI to display its coloured graphics]

- Apple Safari 5.x 5.0.3
[I personally don't use this, but, from checking download sites, this seems to be the latest version]

- Sun Java JRE 1.6.x / 6.x 6.0.220.4

If you have these versions listed, then you are up to date. The versions of these same programs, showing in the "Insecure" tab, will be previous versions that have not been removed by updating.

1) Skipping Flash for the moment (will look at that later), deal with Safari:
- I'm fairly sure that this is similar to some other programs, that when it updates, it creates a new file. The old previous version file(s) is/are left for PSI to find as insecure.
- against it's listing in insecure tab, click [+], then from toolbox, click the "Open Folder" icon - this takes you to the file location (in Windows Explorer). Here, you should see version numbers for latest (5.0.3) and old (5.0.2, or 5.0.1 or 5.0). Right click any old version number and delete.
- this goes to Recycle bin and may need further deleting from there, to fully clear.

2) Sun Java JRE 1.6.x / 6.x
- when this updates (relatively frequently), this only removes the previous version of itself. An earlier version has somehow got missed (quite common), and PSI is finding that.
- go to Add/Remove Programs (from Control Panel, or 2nd last toolbox icon);
- scroll down to Java. The current listing you should find is:
"Java (TM) 6 Update 22" (this should be left);
- any other reference to Java (i.e. a lower update number, or other JRE or JDK) can be clicked to highlight, then "Remove" to delete.

I need to break now:- again - will post this reply and reply again for flash.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
TiMow RE: Unable to secure programs
Dedicated Contributor 21st Nov, 2010 19:10
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 21st Nov, 2010 19:16
Now for Adobe Flash

Without the precise details, it's difficult to suggest the best course of action.

One of the most common problems, when updating flash, is that if all programs that use flash are not fully exited before updating, then the old insecure element of the previous version is not removed - this is the ".ocx" ActiveX control.

I'm guessing that if you click [+] next to flash in Insecure tab, then the installation path will be the same/or similar to (I use XP, so there may be slight differences):

C:\WINDOWS\system32\Macromed\Flash\Flash10" letter ".ocx

where the "letter" is "k", or "i" or "h", or maybe even earlier, alphabetically.
If this is the case, then use the "Open Folder" toolbox icon (for the insecure listing of flash) to go to file location; then fully exit all browsers, messengers and PSI by right clicking tray icon to select exit.

Now in the window with the file location of flash, look, on the r.h.s. for a green/yellow gear wheel icon with "Flash 10l.ocx" written to the side - this is the latest and needs to be retained. All other similar icons with "Flash10"earlier letter, alphabetically".ocx" can be right clicked and deleted - but only when they end in .ocx

PSI can be re-launched from Start>All Programs.

ALTERNATIVELY:

If my assumption is not correct, or you are unsure of doing this, then you can fully uninstall flash to clear out the insecure part and then re-install the current version(s).

Download Uninstall Flash from here:

http://kb2.adobe.com/cps/141/tn_14157.html
Once downloaded, but before running, close all programs as previously described - then run it.

Current flash can be downloaded from the following links:

For Flash ActiveX:
http://fpdownload.adobe.com/get/flashplayer/curren...

and for Flash NPAPI:
http://fpdownload.adobe.com/get/flashplayer/curren...

Finally, re-boot PC and full re-scan PSI, so changes can be correctly recognised.

Post back with how you did, or any problems.

TiMow

P.S. sorry about the edit e-mails - there was small text display problem.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
805Lee RE: Unable to secure programs
Member 22nd Nov, 2010 00:54
Score: 0
Posts: 3
User Since: 20th Nov 2010
System Score: N/A
Location: US
TiMow, thanks for your help. I could not figure out what was going on because I went to the control panel/add/remove programs to uninstall the flash player, but it was not even listed as being on my computer. I finally found out that it is an add-on with my google chrome broswer. After I uninstalled chrome, and reinstalled the newest version - the problem was corrected.

Lee
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer