Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI confusing GE with GE Plugin and misclassifying the scan results?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Google
And, this specific program:
Google Earth 5.x

This thread has been marked as locked.
metaed PSI confusing GE with GE Plugin and misclassifying the scan results?
Member 10th Feb, 2011 17:23
Ranking: 1
Posts: 109
User Since: 11th Feb, 2009
System Score: 100%
Location: US
---START---

Program Name:
Google Earth 5.x

Security State:
End-of-Life

Download Link:
http://www.google.com/earth/index.html

Instances Found:
C:\WINDOWS\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\geplugin.exe, version: 5.2.1.1588

Last System Scan (localtime):
10. Feb 2011, 08:51

Operating System:
Microsoft Windows XP Professional, Service Pack 3

---END---

1. Shouldn't Secunia PSI have classified this file as Google Earth Plugin 5.x, not Google Earth 5.x?

The file is nothing to do with GE 5.x. It is actually a piece of GE Plugin 5.x for Google Chrome, which is different software.

2. Shouldn't Secunia PSI have classified this file as a "Zombie Installation"?

Secunia PSI classifies this file as the "Actual Installation", but the actual installed version of GE Plugin on this system is version 6.0.0.1735 (confirmed by visiting http://www.google.com/earth/explore/products/plugi... in Google Chrome), and the actual installed location of GE Plugin on this system is C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (confirmed by visiting chrome://plugins/ in Google Chrome). So this file is a leftover temp file from a previous install. I suppose it to be an installer for the plugin.

3. In the scan results, should Secunia PSI be reporting that the latest version of GE is 6.x?

GE 6.x is currently a beta. It would be correct at this point to report the latest version of GE Plugin as 6.x, but the GE application is still 5.x.

I bet that people are misled into thinking that they need to upgrade GE (the application, not the plugin) to version 6 beta for security reasons, even though their application and their plugin are both up to date and it was probably never Secunia's intention to recommend a beta version.

I found that it sufficed to delete and rescan this temporary file.

Cheers,

MetaEd

--
Sometimes they fool you by walking upright.

Maurice Joyce RE: PSI confusing GE with GE Plugin and misclassifying the scan results?
Handling Contributor 10th Feb, 2011 17:41
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia are aware there is an issue with this programme.

I have just posted this to this thread

http://secunia.com/community/forum/thread/show/748...

I have just heard from Secunia Support - there is an issue with Google Earth that they are working on.

They will post their findings here once complete.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
E.Jeppesen RE: PSI confusing GE with GE Plugin and misclassifying the scan results?
Secunia Official 11th Feb, 2011 14:09
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Hi
Google Earth 6.x is the version users are offered by default when downloading Google Earth from the vendors website:
http://www.google.com/earth/index.html
In our view Google are thereby indicating that this version is stable enough to run on a production system. This is why we are treating Google Earth 6.x as a stable version, even though Google may consider it a beta.

After investigating this issue further it turns out that the latest vulnerability for Google Earth 5.x has been silently fixed in version 5.2.1.1588. We have now updated our advisory accordingly and are no longer considering Google Earth 5.x as end-of-life. Users of an insecure version of Google Earth 5.x will now get the download for the patched and secure version of Google Earth 5.x.

I understand the confusion this has caused and I hope this makes the situation a bit clearer.
metaed RE: PSI confusing GE with GE Plugin and misclassifying the scan results?
Member 11th Feb, 2011 19:40
Score: 1
Posts: 109
User Since: 11th Feb 2009
System Score: 100%
Location: US
on 11th Feb, 2011 14:09, E.Jeppesen wrote:
We [...] are no longer considering Google Earth 5.x as end-of-life.


Thank you Emil, that is very helpful.

Can you also most kindly give Secunia's decision on the other points:

- PSI seems to misidentify GE Plugin files as GE (standalone application) files. This misleads users into updating the wrong software.

- PSI seems to misidentify a GE Plugin zombie file as an installation file. This misleads users into trying to update GE Plugin and GE (standalone application) when no update is available and the actual solution is to remove the zombie file.

Cheers,

MetaEd

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
Maurice Joyce RE: PSI confusing GE with GE Plugin and misclassifying the scan results?
Handling Contributor 20th Feb, 2011 11:05
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
MetaEd,
This thread was auto locked. I have unlocked it & brought it to the top of the pile.

Secunia Support are aware a reply is outstanding.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
E.Jeppesen RE: PSI confusing GE with GE Plugin and misclassifying the scan results?
Secunia Official 24th Feb, 2011 10:30
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Last edited on 24th Feb, 2011 10:32
on 11th Feb, 2011 19:40, metaed wrote:

- PSI seems to misidentify GE Plugin files as GE (standalone application) files. This misleads users into updating the wrong software.

Whenever you believe that a program is getting incorrectly detected by the Secunia PSI, then please send us a software suggestion and mention the issue in the comments. We will then look into adjusting the current detection rule if required.

on 11th Feb, 2011 19:40, metaed wrote:

- PSI seems to misidentify a GE Plugin zombie file as an installation file. This misleads users into trying to update GE Plugin and GE (standalone application) when no update is available and the actual solution is to remove the zombie file.

By policy we cannot recommend user to delete any file. For removal of zombie files the user can contact the vendor of the software for advice on how to remove the zombie file that has been left by their program. In this case however it might also be possible for us to adjust our detection rules. If you send us a software suggestion for both relevant files and describe the issue in the comments, we will look into it as soon as possible.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability