-{ Quote: "Secunia's free security tool is aimed at getting users to apply patches soon after their release" }-Story (http://www.infoworld.com/article/07/07/24/Free-security-tool-finds-unpatched-software_1.html)

For most of my PCs, I will get the "insecure" or "end of life" responses from this program. Windows 98 patches and for program versions that support it don't occur anymore, so it would just be another nagging message to upgrade to another version of Windows.:thumbd:

Thanks Ronjor, nice article again. I think i will give it a go later today.

I've tried the program and it picked up a few things like Java, Flashplayer. It is a good idea and adds a layer of protection. Given Microsoft's patch Tuesday crackers are probably looking at other vulnerable software. And given software updaters from other vendors are really adhoc, PSI does a good job of helping with patching discipline that I've overlooked ever since I stopped using Blink (due to vista upgrade). It sits at 6MB in my task manager so its not memory intensive at all.

Been using it for a couple of months now, and glad I do. Very useful for, as said above, common installations like Java, and the range of other known software scanned is fairly comprehensive. Vulnerabilities in older or end of life software are alerted (Yeah, watch out, you '98 users!) and referred to an advisory concerning this. In my case, the end of life application is MediaPlayer Classic. (Sad.) But I'm now able to mitigate against the known vulnerability simply by not using it for .avi files. Software you have that is not identified can be "sent" to secunia, and having done this, that software was added to the list in less than a week.
I would particularly recommend this for less knowledgeable users. Almost everyone knows to let Windows update, but sometimes other installations can be shockingly out of date. You see it in HJT forums all the time.
It offers a clear alert when non-windows (and Windows) components need updating, and in an easier to understand way than the Windows update site.

Was quite surprised to see MPC labeled as "end-of-life", cause I rem it was updated to v6.4.9.1 during one of the K-Lite updates this year.

'Fraid so. Secunia advisory (http://secunia.com/product/14824)
A possible workaround (http://www.heise-security.co.uk/news/95964), (and one I'm using,) basically involving not playing untrusted .avi files in this player.

Thanks. Actually I wasn't questioning the advisory abt untrusted avi files.

Rather, it was the "vendor no longer supports the product" & that last release was "20th March 2006" thingies....cause I rem it was updated this year.

Luckily u have screenshot:
v6.4.9.0, 20 Mar 2006, here (url taken frm screenshot)
http://sourceforge.net/project/showfiles.php?group_id=82303&package_id=84358

v6.4.9.1, 16 Oct 2007, here
http://sourceforge.net/project/showfiles.php?group_id=205650

Ah. Good. Do you happen to know if it is necessary to also download the Direct show AVI splitter, or just the updated MPC? And if the former, how does one install the splitter? My guess is to install it over the top of the ffshow program I have installed, but I don't really know. Maybe have to unzip it to a part of the program file of same?
(What I'd really like to hear is that it's all self-installing/updating.;)

Secunia I use It works

Oh...codecs, ffdshow, splitters & stuff are all over my head! I simply uninstall old, install new K-Lite mega codec pack when it's updated - Sorry!! Hopefully someone else can guide u.

P.S. On the v6.4.9.1 webby, I noticed it does say "this project is NOT actively being developed"... but at least new ver was recently released.

Thanks, yeah, just spotted that here (http://sourceforge.net/projects/guliverkli2/) where the salient words are "This project is based on the latest code from the original Guliverkli project plus a few patches made by various people. Please note that this project is NOT actively being developed."
Maybe that's the primary reason Secunia doesn't recognise the patch. I'll send them the info, see what happens.

Hi again, Tarq57

Looking at K-Lite Mega's changelog, I noticed they "fixed" some vulnerabilities on their 14 Sep 2007 release, which was 1 day after the report date on your link (A possible workaround (http://www.heise-security.co.uk/news/95964)). Dunno if it's regardg the same problem:

# Updated Media Player Classic to version 6.4.9.1
# Fixed three recently discoved security vulnerabilities in Media Player Classic

http://www.codecguide.com/changelogs_mega.htm

Rather curious, why K-Lite issued v6.4.9.1 on 14 Sep 2007 while on Sourceforge the same version is dated 16 Oct 2007. But I think I shudn't care so much...:D

OK, thanks for the info and links, yeow. Think I'' try updating it, using either the updated klite, or the mpc update. Let you know how it goes, and what secunia says, if you like.