Frequently Asked Questions

This error can be caused by a variety of reasons:

• You do not have the minimum version of Java installed. You need Sun Java JRE 1.6.x or later installed in your system. To check if you have the latest version, go to www.java.com.
• If you have the latest version installed, check if you can access other websites that use Java.
  • If you cannot access other websites that use Java, then this is likely a compatibility problem between your browser and your Java plug-in. Please refer to your browser documentation for more informaton, or use an alternative browser to access the Secunia OSI.
  • If you can access other websites but not the Secunia OSI, please refer to 16) below for instructions on how to submit errors to Secunia.

The purpose of the Secunia OSI is to identify insecure software versions, and recommend secure versions for upgrade or installation purposes. However, the actual information on maintenance and remediation of the software is the responsibility of the vendor.

For programs that are not included in the programs list in the "Add or Remove Programs" section, you should contact the vendor, or refer to the software documentation, for instructions on how to remove the item. In addition, please note that some applications detected by the Secunia OSI may be components of, or bundled with, other applications. In this case, you should refer to support and documentation of the main application.

Old versions of Adobe Flash Player and Java among other programs, are not always automatically removed when installing a newer version. That is why the Secunia OSI informs you of the vulnerable version that is still present on your PC. To see for yourself exactly which file is detected and where it is located, you can follow the installation path provided in the scanning result. Right-clicking the detected file and choosing properties will show you its exact file version information.

To uninstall old versions of Adobe Flash Player, please visit: http://kb2.adobe.com/cps/141/tn_14157.html

If you are unable to uninstall an old version of a program you can contact the vendor of the program for advice. You are also welcome to visit our Community where many other users have dealt with these issues. Direct link: http://secunia.com/community/forum/

Please check the "Installed on Your System in:" path of the detected insecure application. If the installation path begins with "C:\Windows\...", please send all relevant details (including screenshots, whenever possible) to support@secunia.com.

However, please note that some Windows systems may have an "installation backup" folder located in your computer, which can be used to reinstall your copy of Windows programs in the absence of an installation disc. For example, a common "installation backup" folder is "C:\i386".

The Secunia PSI may detect certain Windows programs in these "installation backup" folders as insecure. This may be because Windows Update installs patches only in the default installation folder of Windows, and not in "installation backup" folders. As a result, while your usable Windows files are patched, your backup Windows files may not be.

Another possible explanation is that Microsoft develops files that can be used by third-party vendors (such as .DLL or Framework files). If a vulnerability is patched by Microsoft in the original file, third-party vendors should follow suit by providing updates for their products. However, this is sometimes not the case, and as a result, Microsoft-developed vulnerable files in third-party applications may be detected by the Secunia PSI as insecure if the non-Microsoft vendor fails to supply an update.

You can check if the detected vulnerable file is in a third-party application by checking the "Installed on Your System in:". If the path is not "C:\Windows\..." or "C:\WINNT\...", then the vulnerable file is likely used by a third-party application, and should be addressed by the appropriate vendor.

In this case, Secunia recommends that you update your software manually even if your program has an Auto Updating feature. If you verify that you are running the recommended latest secure version, but the Secunia OSI still marks it as "insecure", please see the Answer for 8) below.

First, verify with the vendor if the product version that you have is indeed the latest. If the vendor agrees that you have the latest version, please send all relevant details (including screenshots, whenever possible) to support@secunia.com.

Please take note that due to the large volume of emails, you will likely not receive a response. However, all reported issues are tracked, and detection rules are updated accordingly.

Secunia recommends that you upgrade or update your insecure or end-of-life software to ensure that your system is protected against vulnerabilities located in these software. However, it is of course your prerogative not to upgrade or update as you see fit. In this case, it is important that you understand possible consequences of not performing the update. These include the possibility that your system may experience various malicious attacks (hacking attacks, automatic installation of malware in your system etc.) and, in the case of end-of-life software, the discontinued support of the vendor.

Software can be detected by the Secunia OSI as secure, even if the vendor has released a more recent version. This is because vendors release software updates not just to patch vulnerabilities, but also to fix software bugs or introduce software enhancements. These fixes and enhancements may be non-security related (for example, adding new functionality or features). Therefore, prior versions of software can be secure even if they are not the most recent ones, as long as no known vulnerabilities are reported in them.

In these cases, Secunia recommends that you read the vendor release notes to determine if you prefer to install the update or not.

The Secunia OSI does not monitor and detect BETA versions of software. However, the next stable release after the BETA version will, of course, be detected by the Secunia OSI.

The Secunia OSI identifies about 100 of the most common programs, while the Secunia PSI can identify practically any program. In addition, the Secunia OSI is run using the web browser, while the Secunia PSI is a program the user downloads and installs.

The Secunia CSI is a commercial product designed to allow you to scan for practically any program in computers within a network (such as in an office environment), making it ideal for corporate users. For sales and pricing inquiries please contact sales@secunia.com.

In contrast, the Secunia OSI is a browser-based application designed for private users. It scans for about 100 of the most common applications in the computer in which the application is run.

Since the Secunia PSI can identify practically any program, while the Secunia OSI identifies about 100, it is recommended that you refer to the Secunia PSI for the most thorough results.

If you think you have different or conflicting results after trying out both scans, we suggest that you take notice of the application name, version number, and installation path. Even though an application only has one name, different versions of it may be installed in your system; some of these versions may be secure while others are not.

Pay special attention to the following:

• Unless the checkbox “Enable thorough system inspection” in enabled during scanning with the Secunia OSI, only programs installed in their default installation path is detected. The Secunia PSI however always searches through all available drives and will detect programs even if they are not installed in their default installation path.
• The Secunia PSI has a feature called “Show only Easy-to-Patch programs”. Using the advanced interface of the Secunia PSI this feature can be changed in the Settings-tab. With this feature enabled certain program that the Secunia staff has marked as difficult to patch will be removed from the interface of the Secunia PSI. So with this option enabled the Secunia OSI may detect certain programs that the Secunia PSI does not detect.

Secunia Research develops new detection rules every time a vendor releases a security patch for any vulnerability in a product detected by the Secunia PSI and CSI. For example, new detection rules are created after every Microsoft Tuesday patch cycle, as this allows the Secunia PSI and CSI to check if your Windows systems patches are up to date or not. When a detection rule is updated for a program that is on the list of programs detected by the Secunia OSI, the scanning result for the Secunia OSI will reflect the new detection rules.

For feature requests, please submit all suggestions to support@secunia.com. In addition, for error inquiries, please send all relevant details (including screenshots, whenever possible) to support@secunia.com.

Please take note that due to the large volume of emails, we cannot guarantee a reply to everyone. However, all reported issues are tracked, and detection rules are updated accordingly. Those feature requests that are accepted will be reflected on subsequent versions of the Secunia OSI.