Secunia PSI insecure programs

Topic

New Reply

Adobe Reader should be at 8.1.3, there are definitely security issues with version 8.1.2.x
Firefox should be at 3.0.4, if you really have 3.0 then you are definitely at risk.

Make sure that Secunia has done a scan since you updated these applications. It may simply be reporting the status at the time of its previous scan.

StuartR

Reply | Quote

Replies

Subject edited and picture shrunk by HansV

Pci secunia keeps reporting these programs out of date/insecure.
I have updated all of them but I still keep getting the same report when I run a scan.
Any thoughts
Gus..

Reply | Quote

Stuart.
I have ff3.0.4 and I have uninstalled adobe.
I am more concerned about Microsoft core services MSXML as I can’t seem to update these at all.
Gus

Reply | Quote

Be sure you re-boot just for insurance, Gus and then make Secunia do the scan again to see what happens. However, I’m not too sure there aren’t a glitch or two in this current release as I’m also having a problem similar to yours. I’m running the downloaded version rather than the online copy.

My initial scan showed 14 problems, among which are Adobe Acrobat Reader 4 which is NOT installed. The solution button suggests installing a version of 8.x but… I have Adobe Reader 9.0 installed and believe it to be the latest. Secunia also listed Adobe AIR which I have now un-installed and re-booted AND re-scanned. Reader 4 and AIR still show up in the scan and I don’t have any idea where it’s getting that from.

I don’t know what to tell you about the MSXML thing except to wait and see if anyone else joins in with what “might be” false positive or other problems with this latest release. Secunia has been an excellent product up until now. I don’t know about other Loungers, but if I can’t resolve mine, I plan to write to them to see if they’re responsive.

Reply | Quote

I just installed the latest release of Secunia, I was previously running RC4.

It seems to work fine on the two PCs where I have installed it, and this encouraged me to get rid of my last two end-of-life programs and replace them with something more secure.

StuartR

Reply | Quote

Like Stuart, I’ve had no problems with the latest version of Secunia PSI. The result was the same as that of RC4: I have 3 end-of-life programs that I keep around because they are required for some old software that I want to run occasionally, and no insecure programs.

Keep in mind that Secunia PSI scans the entire hard disk, so it will also find programs in for example the C:I386 folder. This folder may contain old versions of programs from the Windows installation CD.

Reply | Quote

>>>for example the C:I386 folder

You can also set the program to “ignore” some locations like the above.

Reply | Quote

Yep, that’s entirely correct. I just wanted to point out that Secunia may display an alert because old versions of programs may be installed in folders such as C:I386, i.e. outside the Program Files and Windows folders.

Reply | Quote

Reading your post and I’m thinking how the did he do that. Then I discovered that the ADVANCED selection opens to a very different looking screen with a few more selections on the nav bar as well as some FOLDER icons on the list of software that tells me where the the “program” is that it’s complaining about. This, after me breaking my chops for a couple of hours this morning installing and un-installing Acrobat Reader and Adobe Air. NOW I see that it’s complaining about the VISTA drive! Whooee, ain’t this fun stuff…

Reply | Quote

If one would like the latest “XML Core Services 6.0” that’ll be MS08-069 from the November batch. Not everyone has installed that batch yet, or both updates. The MS08-069 also consists of “sub-updates” for different versions of the XML Core Services (not everyone has XML Core Services 6.0).

As always, there are file information in the bulletins (though since Vista and IE7 entered the arena, those lists became awfully long, so in general there is a link to another article).

For Windows XP SP2/SP3 32-bit, and according to the aforementioned list: Msxml6.dll 6.20.1099.0 10-Sep-2008.

Time and size can vary slightly depending on installed version and language (if language dependent file).

6.10.1200.0 is the, so called, 6.0 post SP1 (SP1 here referring to the XML Core Services, not the OS), a result of the MS07-042 update in the August 2007 batch from MSFT. File date should be 15-May-2007.

In general I don’t trust such test programs, since there is one extra factor that can cause false alarms (them being wrong), and in the vast majority of cases it is easy to check in different ways if your programs etc. are up to date.

The specific program, Secunia, as it seems, need Internet access both for downloading file signatures, this is obvious, but it also needs access to check the software installed and then uploads the information to the Secunia server. There is no explanation why this last step is needed after the file signatures have been downloaded.

Reply | Quote

Addendum:
Some extra info and clarification (if needed). I see that the screen shot has the Vista luminous UI …

The version number I mentioned as an example for XP SP2/SP3 is obviously the same for XML6 on Vista. As sometimes is the case the XML update also updates other files such as Msxml6r.dll, but that is a resource-only DLL, and its version is slightly different.

It is said that Vista shipped with 6.0 SP1, i.e. 6.10.1129.0. It is that version that later got updated to 6.10.1200.0 via the post SP1 update KB933579 for Vista, which in turn is made obsolete by the aforementioned November update.

Reply | Quote

Argus.
Ok I am with you.
After reading all other threads I think Secuina is reporting programs from my D drive ware I keep a ghost copy of my system .
Gus..

Reply | Quote