Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: this program does not work - out of date apps not updated

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
snadge100 this program does not work - out of date apps not updated
Member 16th Jan, 2011 04:29
Ranking: 7
Posts: 5
User Since: 16th Jan, 2011
System Score: N/A
Location: UK
i installed this 2 weeks ago and never got notified of 1 update which i thought odd given i have hundreds of apps installed...

i runs scan and it says 86/86 patched - so i run file hippos update checker which checks just a small handfull of my apps and it detects FOUR applications out of date that PSI is monitoring...

PSI let me down a year or two back when it was detecting updated apps as out of date and other issues... now its still not working proper

as file hippo only detects free apps i bet theres a lot of updates for other apps that PSI is monitoring..

the file hippos ones
1st. SUPER ANTI-SPYWATE
2nd. SANDBOXIE
3rd. DB POWERAMP
4th. SMART FTP

i opened the apps one by one and indeed FH was correct

also PSI runs at boot...why? if it just scans once per week this could be done by task scheduler rather than taking up memory and boot time every startup for no reason

why is it doing this? this is a major let down, the application is no use at all

taffy078 RE: this program does not work - out of date apps not updated
Contributor 16th Jan, 2011 09:41
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hi Snadge100.

To try to answer your first comment (not finding updates), did the updates to which you refer affect security issues? This is what Secunia PSI does. It doesn't find updates that are e.g. only cosmetic. Hope this helps.

I'll leave your other question to one of the many experts here to answer. They will need to know what your PC spec is and also which version of PSI you are using so could you post that info please? Thanks.

IMHO, PSI is a fantastic piece of software that has helped many users - and it's free!!!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-0
taffy078 RE: this program does not work - out of date apps not updated
Contributor 16th Jan, 2011 12:08
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
PS snadge100 - you've posted this twice so when you finally lock, please lock both. Thanks

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
ddmarshall RE: this program does not work - out of date apps not updated
Dedicated Contributor 16th Jan, 2011 12:29
Score: 1209
Posts: 961
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You have hundreds of apps but PSI is only detecting 86 programs. By default PSI only scans the boot partition and the partition containing %programfiles%.

To change this behaviour, open the configuration tab on the dashboard and select settings. Choose which disks you want to scan on the drives tab.

You can see which products Secunia monitors by selecting the Advisories tab on the left. If you wish to suggest a program to Secunia, follow the [/i]Are you missing a program?[/i] link on the scan results page.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
tytars RE: this program does not work - out of date apps not updated
Member 16th Jan, 2011 13:58
Score: 2
Posts: 3
User Since: 2nd May 2009
System Score: N/A
Location: N/A
I too am disappointed with accuracy of current version. Previous one seemed to be very good.
Current one reports Real Player out of date - not. Google Chrome out of date - not. Youno 5 should be 6 when in fact it should be 7.5!
Real Player & Chrome are hardly obscure programmes.
Was this reply relevant?
+0
-0
mogs RE: this program does not work - out of date apps not updated
Expert Contributor 16th Jan, 2011 14:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
It may be worth noting that the core detection engine within the different versions of Secunia psi, is fundamentally the same.
Chrome still leaves behind the previous version/file (as do other progs), which needs be manually removed. psi still continues to detect if resident in the Recycle bin.
Programs need to be auto updateable to be auto updated,
If you have a problem.....:-
Finding the file path.

psi versions 1.5.0.1 and 1.5.0.2

Use the Advanced interface...or switch to it ( Simple/ Advanced..top right of psi panel ).

1/. Click on the + sign alongside the programme to expand it.
2/. Click again on Tech Details in the Toolbox to confirm the installation path of the detected file/prog. 3/.Post the Installation Path back to the forum if you are uncertain how best to proceed.

psi version 2.0

Go to Results from the Dashboard


1/. Click on the + sign alongside the file.
2/. This will reveal the file path.
3/. Post the info back to the forum if uncertain how best to proceed.

Hope this helps ......regards,


--
Was this reply relevant?
+6
-0
snadge100 RE: this program does not work - out of date apps not updated
Member 16th Jan, 2011 21:59
Score: 7
Posts: 5
User Since: 16th Jan 2011
System Score: N/A
Location: UK
so it only notifies if the update is to fix security issues?

hmm seems a bit half hearted too me

thare are many other people I know of who use this thinking it updates (not just security updates) all their programs

the program is slightly misleading where it says "detects vulnerable and out-dated programs" - and its not just me, this should be changed to include details that say it doesnt detect normal/all updates but ONLY updates that are released due to security issues...

shame, thanks anyway
Was this reply relevant?
+8
-4
mogs RE: this program does not work - out of date apps not updated
Expert Contributor 17th Jan, 2011 08:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Would you agree that a program with no security vulnerability is secure ? What is misleading about that ?

--
Was this reply relevant?
+3
-0
taffy078 RE: this program does not work - out of date apps not updated
Contributor 17th Jan, 2011 09:36
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hi again, Snadge100.

I use FileHippo's update checker - many of the updates it finds aren't for security reasons.

Do you use it? If not, it's well worth a try - with it & PSI in place, you should be secure.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
This user no longer exists RE: this program does not work - out of date apps not updated
Member 17th Jan, 2011 10:47
Hi,

As mentioned, the Secunia PSI is a vulnerability scanner, and not a general update checker.

Please refer to this item of our FAQ: http://secunia.com/vulnerability_scanning/personal...

Insecure and outdated programs refers to programs that either have security patches, or are "End-Of-Life" in that the vendor has stopped supporting them and will no longer be releasing patches.

Hope this helps.
Was this reply relevant?
+0
-0
tytars RE: this program does not work - out of date apps not updated
Member 17th Jan, 2011 11:50
Score: 2
Posts: 3
User Since: 2nd May 2009
System Score: N/A
Location: N/A
Thanks Mogs.

It looks as if the out of date programmes were in temporary folders and once these were cleared out PSI (2) did not report Real or Chrome as being out of date. It would seem prudent to run Disk Space Cleanup Manager (Vista) before running a scan on PSI in future. Can't explain "Youno" but have since updated to latest version & now PSI records 100%.
Was this reply relevant?
+0
-0
snadge100 RE: this program does not work - out of date apps not updated
Member 17th Jan, 2011 15:20
Score: 7
Posts: 5
User Since: 16th Jan 2011
System Score: N/A
Location: UK
misleading that it says it detects "vulnerable" AND "OUT-DATED-PROGRAMS" - it should just say "VULNERABLE"
- honest its not just me, someone on my forum suggested I use it for that reason (making sure all your programs are up to date)

to the last poster - you are aware that it doesnt detect "out of date" programs..? it just notifies you if an update has been released to fix a security issue - if a new version of chrome or real player come out it wont update it for you .. unless that update was a critical security patch
Was this reply relevant?
+7
-4
ddmarshall RE: this program does not work - out of date apps not updated
Dedicated Contributor 17th Jan, 2011 17:27
Score: 1209
Posts: 961
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It just goes to show you can't be too careful. Don't take anything on trust. Read the documentation before you install a program.

PSI is the offshoot of a commercial program. The last thing an IT Department needs is to update their software just because the supplier has come up with something new. Don't forget, in many cases updating to a new release means having to pay.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
snadge100 RE: this program does not work - out of date apps not updated
Member 17th Jan, 2011 17:31
Score: 7
Posts: 5
User Since: 16th Jan 2011
System Score: N/A
Location: UK
i know, it can even mean losing functions as ive experienced once before with HANDBRAKE video encoder - its just the words "UPDATES OUT-DATED PROGRAMS" lulled me into thinking thats what it does...lol
Was this reply relevant?
+0
-0
taffy078 RE: this program does not work - out of date apps not updated
Contributor 17th Jan, 2011 18:45
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 17th Jan, 2011 21:01
Actually, Snadge100, I think that you are making a valid point!
All of us who have previously said you are wrong are regular users and know Secunia's intention.

However, perhaps we should look at the description here:

http://secunia.com/vulnerability_scanning/personal...

where it clearly says:

"The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs".

Perhaps it's a translation thing, or just a matter of useage of the english lanuage where we each live.

Replacing the 'and' with a comma (= " . . . designed to detect vulnerable, out-dated programs") would help but the phrase 'out-of-date' is meant by Secunia to mean "end of life".

So perhaps another way to describe PSI is "to detect vulnerable and unsupported programs"?

The Support team and regular users know what PSI does but in view of what Snadge100 has posted, perhaps there is the need to change the description?
I hope the Support team will take another look at the point raised.

We should be trying to encourage more people to use PSI. I think it was wrong for Snadge100 to be given -4 for his/her earlier post - he/she makes a valid and relevant point in my view. It looks to me that the -4 was because someone disagreed with what was said - but that's not what scoring is about.
I hope this doesn't get me negative scores! ;0)

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+7
-0
tytars RE: this program does not work - out of date apps not updated
Member 17th Jan, 2011 21:31
Score: 2
Posts: 3
User Since: 2nd May 2009
System Score: N/A
Location: N/A
Last edited on 17th Jan, 2011 21:31
To snadge100:

Accept your terminology re out of date programmes. My problem was that PSI kept reporting Real & Chrome as being "insecure" when in fact they had been updated to the latest versions.

To quote PSI's interface "During the scan, the Secunia PSI will detect programs installed on your computer and determine whether any of them are missing any security related updates (Insecure)................" Clearly this was not the case with these two programmes. As I said, PSI appeared to be picking up old versions which were "lurking" in temporary files. Only when I cleared out these old files did PSI not report them as insecure.
Was this reply relevant?
+2
-0
Midnight_Voice RE: this program does not work - out of date apps not updated
Member 18th Jan, 2011 01:06
Score: 50
Posts: 89
User Since: 1st Oct 2010
System Score: 96%
Location: UK
Last edited on 18th Jan, 2011 01:19
on 16th Jan, 2011 04:29, snadge100 wrote:
i installed this 2 weeks ago and never got notified of 1 update which i thought odd given i have hundreds of apps installed...

i runs scan and it says 86/86 patched - so i run file hippos update checker which checks just a small handfull of my apps and it detects FOUR applications out of date that PSI is monitoring...

PSI let me down a year or two back when it was detecting updated apps as out of date and other issues... now its still not working proper

also PSI runs at boot...why? if it just scans once per week this could be done by task scheduler rather than taking up memory and boot time every startup for no reason

why is it doing this? this is a major let down, the application is no use at all


Hi Snadge

A lot of what you are experiencing is, I think, due to English not being the first language of the Secunia people.

Detection and Reporting

PSI does not detect 'vulnerable and out-dated programs' in the sense you are taking it.

It reports programs where either: you are using an older version with a vulnerability, and an update exists which is known to Secunia to address that vulnerability; or: you are using a program where Secunia are aware that the vendor has ceased updating it at all (i.e End-of-Life).

These EoL programs are what Secunia means by 'out-dated programs'. It doesn't mean program versions that have been replaced by newer versions. Also note that Secunia will report all End-of-Life programs, whether a vulnerability is known to exist or not, on the grounds that perhaps a vulnerability has occurred since it went End-of-Life; as Secunia do not monitor programs past EoL, they have no way of knowing this.

Re the either, note that PSI does not report programs where there are new versions with solely cosmetic and/or functionality changes; only where a new version is known to exist which fixes a vulnerability in the version it has found on your machine.

And nor will it report on the scan results whether you have any programs with a known vulnerability, but for which no fixed version exists. That means they won't be reflected in your overall score, either.

However, if you go into the details for such a program, you will find a link to the vulnerability report shown in that more detailed description. Accordingly, Secunia can claim that they detect all known vulnerabilities.

But why they detect them, and then don't report them, or how you are supposed to find out there are vulnerabilities except by opening each program entry in the scan in turn and looking, is something you will need to ask Secunia.

That PSI perfectly well can report such programs is shown by the optional 'Secure Browsing' feature you can turn on in Configuration/Settings, which does work this way.

Apparently, as with the Secure Browsing feature, they fear it would confuse newbies. Fair enough, perhaps, but if so why not make full insecurity reporting a further optional extra?

However, now there's an API, perhaps some kind soul will write this, even if Secunia won't. But for the moment, PSI will quite likely report (EoL) programs for which no known vulnerabilities exist, and not report (no patch available) current programs for which vulnerabilities do exist. Backwards, innit?

Finding Old Versions

As regards PSI finding insecure old versions when you have the latest secure version installed, the issue is that PSI detects merely whether programs are present, and not whether they are actually installed. So if you have an old version, perhaps just kept 'in case' in an archive folder, PSI will see it, and want to report it. However, PSI 2.0 is a bit smarter than 1.5, and will assume, if it finds both old and new versions, that you are using the new version.

Accordingly it will generally not report the old version and affect your score, though it will show the old version in the detail for the program, as a 'zombie' copy.

If you have a large archive folder (as I do), it's worth excluding this from PSI's search criteria.

But if you still find an old version in your scan results, and affecting your score, when you have a newer version installed, this is worth reporting for PSI 2.0, whether the scan also shows the new version or not. e.g., PSI goes by program Id strings, so if these vary from version to version, it can make this happen.

Running at Boot

Finally(!), take a look in Configuration/Settings. There you will find that if you don't want PSI to run on boot, you can turn that option off. But the next option, Enable Program Monitoring, only operates if you start PSI on boot. This option, and the associated Show Detailed Program Changes, means that PSI can offer continuous monitoring of program changes on your machine at the time they happen, instead of only at the next scan.

By analogy with a virus checker (though admittedly less critical in the case of PSI) would you want one of those to detect viruses only on a scan, and not as they happened?

But as it is less critical on PSI, if you don't want the monitoring, it's easy to turn off.

NB: I wonder whether, if you don't tick the 'run at boot' option but you do tick for 'program monitoring', that PSI will do it. though only after you start PSI manually of course. And again, it's a small problem with the English.

Ronseal wisdom

PSI does work. It may not do exactly what it says on the tin, but it pretty much does what Secunia intended it to say on the tin.

--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz
Was this reply relevant?
+7
-0
This user no longer exists RE: this program does not work - out of date apps not updated
Member 18th Jan, 2011 10:23
Hi,

Thank you for your feedback.
I will forward your suggestions and commentary to the relevant people, who will consider changing the wording to make the functionality of the PSI more clear.

Hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability