Secunia Personal Software Inspector ferrets out unpatched software

Discussion in 'other security issues & news' started by ronjor, Jul 24, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Story
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    For most of my PCs, I will get the "insecure" or "end of life" responses from this program. Windows 98 patches and for program versions that support it don't occur anymore, so it would just be another nagging message to upgrade to another version of Windows.:thumbd:
     
  3. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Thanks Ronjor, nice article again. I think i will give it a go later today.
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I've tried the program and it picked up a few things like Java, Flashplayer. It is a good idea and adds a layer of protection. Given Microsoft's patch Tuesday crackers are probably looking at other vulnerable software. And given software updaters from other vendors are really adhoc, PSI does a good job of helping with patching discipline that I've overlooked ever since I stopped using Blink (due to vista upgrade). It sits at 6MB in my task manager so its not memory intensive at all.
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Been using it for a couple of months now, and glad I do. Very useful for, as said above, common installations like Java, and the range of other known software scanned is fairly comprehensive. Vulnerabilities in older or end of life software are alerted (Yeah, watch out, you '98 users!) and referred to an advisory concerning this. In my case, the end of life application is MediaPlayer Classic. (Sad.) But I'm now able to mitigate against the known vulnerability simply by not using it for .avi files. Software you have that is not identified can be "sent" to secunia, and having done this, that software was added to the list in less than a week.
    I would particularly recommend this for less knowledgeable users. Almost everyone knows to let Windows update, but sometimes other installations can be shockingly out of date. You see it in HJT forums all the time.
    It offers a clear alert when non-windows (and Windows) components need updating, and in an easier to understand way than the Windows update site.
     
  6. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Was quite surprised to see MPC labeled as "end-of-life", cause I rem it was updated to v6.4.9.1 during one of the K-Lite updates this year.
     
  7. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ

    Attached Files:

  8. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Ah. Good. Do you happen to know if it is necessary to also download the Direct show AVI splitter, or just the updated MPC? And if the former, how does one install the splitter? My guess is to install it over the top of the ffshow program I have installed, but I don't really know. Maybe have to unzip it to a part of the program file of same?
    (What I'd really like to hear is that it's all self-installing/updating.;)
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Secunia I use It works
     
  11. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Oh...codecs, ffdshow, splitters & stuff are all over my head! I simply uninstall old, install new K-Lite mega codec pack when it's updated - Sorry!! Hopefully someone else can guide u.

    P.S. On the v6.4.9.1 webby, I noticed it does say "this project is NOT actively being developed"... but at least new ver was recently released.
     
  12. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Thanks, yeah, just spotted that here where the salient words are "This project is based on the latest code from the original Guliverkli project plus a few patches made by various people. Please note that this project is NOT actively being developed."
    Maybe that's the primary reason Secunia doesn't recognise the patch. I'll send them the info, see what happens.
     
  13. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Hi again, Tarq57

    Looking at K-Lite Mega's changelog, I noticed they "fixed" some vulnerabilities on their 14 Sep 2007 release, which was 1 day after the report date on your link (A possible workaround). Dunno if it's regardg the same problem:

    # Updated Media Player Classic to version 6.4.9.1
    # Fixed three recently discoved security vulnerabilities in Media Player Classic

    http://www.codecguide.com/changelogs_mega.htm
     
  14. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    Rather curious, why K-Lite issued v6.4.9.1 on 14 Sep 2007 while on Sourceforge the same version is dated 16 Oct 2007. But I think I shudn't care so much...:D
     
  15. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    OK, thanks for the info and links, yeow. Think I'' try updating it, using either the updated klite, or the mpc update. Let you know how it goes, and what secunia says, if you like.
     
Loading...
Thread Status:
Not open for further replies.