Frequently Asked Questions (OSI)

Permalink

This error can be caused by a variety of reasons:

• You do not have the minimum version of Java installed, please see the system requirements: http://secunia.com/products/consumer/osi/system_requirements/. To see which version of Java you have, please go to www.java.com.
• If you have the latest version installed, check if you can access other websites that use Java.
• If you cannot access other websites that use Java, then this is likely a compatibility problem between your browser and your Java plug-in. Please refer to your browser documentation for more information, or use an alternative browser to access the Secunia OSI.

If you can access other websites but not the Secunia OSI, please refer to 16) below for instructions on how to submit errors to Secunia.

Permalink

The purpose of the Secunia OSI is to identify insecure software versions, and recommend secure versions for upgrade or installation purposes. The actual information on maintenance and remediation of the software is the responsibility of the vendor. However, the Secunia OSI usually provides a link to the required update.

Permalink

Updating rules are very much based on vendor specifications. It is recommended that you read the product documentation or contact vendor support to determine the best course of action. In many cases however, it is also possible to visit the vendor website to obtain and install the latest version, which will often remove the old version during installation, or you can sometimes open the insecure version you have installed and use a build-in update mechanism. Whenever possible, the Secunia OSI will also provide a download link to the required update or vendor website.

Permalink

For programs that are not included in the programs list in "Add or Remove Programs" or "Uninstall a program" in the Control Panel, you should contact the vendor, or refer to the software documentation for instructions on how to remove the program. In addition, please note that some programs detected by the Secunia OSI may be components of, or bundled with, other programs. In this case, you should refer to support and documentation of the main program.

Permalink

Old versions of Adobe Flash Player and Java among other programs are not always automatically removed when installing a newer version. That is why the Secunia OSI informs you of the vulnerable version that is still present on your PC. To see for yourself exactly which file is detected and where it is located, you can follow the installation path provided in the scanning result. Right-clicking the detected file and choosing properties will show you its exact file version information.

To uninstall Adobe Flash Player: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

To uninstall Java: http://www.java.com/en/download/uninstall.jsp

If you are unable to uninstall an old version of a program you can contact the vendor of the program for advice. You can also use our online Community where many other users have dealt with these issues. Direct link: http://secunia.com/community/forum/

Permalink

Some Microsoft updates are not fully installed until the computer is restarted. So please restart your computer and then rescan. If that should not fix the issue, please see the following.

Please check the "Installed on Your System in:" path of the detected insecure program. If the installation path begins with "C:\Windows\...", please send all relevant details (including screenshots, whenever possible) to support@secunia.com.

However, please note that some Windows systems may have an "installation backup" folder located in your computer, which can be used to reinstall your copy of Windows programs in the absence of an installation disc. For example, a common "installation backup" folder is "C:\i386".

The Secunia OSI may detect certain Windows programs in these "installation backup" folders as insecure. This may be because Microsoft Update installs patches only in the default installation folder of Windows, and not in "installation backup" folders. As a result, while your usable Windows files are patched, your backup Windows files may not be.

Another possible explanation is that Microsoft develops files that can be used by third-party vendors (such as .DLL or Framework files). If a vulnerability is patched by Microsoft in the original file, third-party vendors should follow suit by providing updates for their products. However, this is sometimes not the case, and as a result, Microsoft-developed vulnerable files in third-party programs may be detected by Secunia OSI as insecure if the non-Microsoft vendor fails to supply an update.

You can check if the detected vulnerable file is in a third-party program by checking the "Installed on Your System in:". If the path is not "C:\Windows\..." then the vulnerable file is likely used by a third-party program, and should be addressed by the appropriate vendor.

Permalink

Secunia recommend that you update your insecure or end-of-life software to ensure that your computer is protected against vulnerabilities that can be exploited by hackers and malware to take over your computer. However, it is of course your decision whether to update or not. If you choose not to update it is important that you understand the possible consequences. These include the possibility of vulnerabilities on your computer being exploited by hackers to gain access to your computer and achieve full control of it. Anything you can do on the computer, the hacker can also do. Your microphone and webcam can be turned on by the hacker. Your personal and sensitive data can be stolen (or deleted), any password you type can be caught by the hacker, and your computer can become slow and unresponsive while in the background hackers use it for their criminal activities. Updating your software could save you from these scenarios.

Permalink

Software can be detected by the Secunia OSI as secure, even if the vendor has released a more recent version. This is because vendors release software updates not just to patch vulnerabilities, but also to fix software bugs or introduce software enhancements. These fixes and enhancements may be non-security related (for example, adding new functionality or features). Therefore, prior versions of software can be secure even if they are not the most recent ones, as long as no known vulnerabilities are reported in them.

In these cases, Secunia recommend that you read the vendor release notes to determine if you prefer to install the update or not.

Permalink

The Secunia OSI identifies a few of the most common programs (complete list here: http://secunia.com/products/consumer/osi/programs_covered/), while the Secunia PSI can detect almost any program. In addition, the Secunia OSI is run using Java in a browser, while the Secunia PSI is a program the user downloads and installs. Both the Secunia OSI and Secunia PSI are completely free to use for typical home users.

Permalink

The Secunia CSI is a commercial product designed to allow you to scan for practically any program in computers within a network (such as in an office environment), making it ideal for corporate users. For sales and pricing inquiries please contact sales@secunia.com.

In contrast, the Secunia OSI is a browser-based application designed for private users. It scans for about 100 of the most common applications in the computer in which the application is run.The Secunia CSI is a commercial product designed to allow you to scan for practically any program in computers within a network (such as in an office environment), making it ideal for corporate users. For sales and pricing inquiries please contact sales@secunia.com.

In contrast, the Secunia OSI is a browser-based program designed for private users. It scans for a few of the most common programs on the computer.

Permalink

Since the Secunia PSI can detect almost any program and the Secunia OSI identifies only a few of the most common programs, it is recommended that you refer to the Secunia PSI for the most thorough results.

If you think you have different or conflicting results after trying out both scanners, we suggest that you take notice of the program name, version number, and installation path. Even though a program only has one name, different versions of it may be installed in your system; some of these versions may be secure while others are not.

Pay special attention to the following:

• Unless the checkbox "Enable thorough system inspection" in enabled during scanning with the Secunia OSI, only programs installed in their default installation path is detected. The Secunia PSI however always searches through all available drives and will detect programs even if they are not installed in their default installation path.
• When the Secunia PSI detects several versions of the same program, installed in the same path, it assumes the newest version is the one in use and labels the detected file from the old version a “zombie installation”. Zombie installations are less visible in the Secunia PSI interface but show up as any other program in the Secunia OSI.

Permalink

Secunia Research develops new detection rules every time a vendor releases a security patch for any vulnerability in a product detected by the Secunia scanners. For example, new detection rules are created after every Microsoft Tuesday patch cycle, as this allows the Secunia scanners to check if your Microsoft patches are up to date or not. When a detection rule is updated for a program that is on the list of programs detected by the Secunia OSI, the scanning result for the Secunia OSI will reflect the new detection rules almost instantly.

Permalink

For feature requests or error reports you can contact Secunia Support at support@secunia.com. To share your experiences or discuss your issues with other users you are welcome to participate in our online community: http://secunia.com/community/forum/all_threads/