Secunia Personal Software Inspector (PSI) 2.0

Discussion in 'other software & services' started by Boyfriend, Dec 20, 2010.

Thread Status:
Not open for further replies.
  1. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    PSI will let you know, when there is an update, which fixes a security vulnerability. Sumo will let you know, when there is any update (screen).
    Above that, PSI also reports, if the software is "dead" (as you know) and it can run in realtime, KC Sumo has to be maintained manually (sadly).
    I use KC Sumo only for a few days, I check for updates at startup and it reports new versions immediately, even before I receive email from Softpedia.
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    With version 1 one only had to have a firewall rule allowing outbound connection to https by process psi.exe. Now, for whatever reason, which I still couldn't find out why, it also requires one outbound connection for psia.exe, perhaps due to new settings, which I have them all disabled. But, now Secunia PSI also needs inbound connection from port 443 as well. According to Windows firewall no process name is shown.

    Has anyone needed to allow inbound connections o_O
     
  3. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I noticed the same. I ditched it right away. That, 1 startup entry, 1 process running forever in the background even when PSI was not even open. Don't know what happened to the good old PSI ver 1, but this is a no-go for me.
     
  4. wat0114

    wat0114 Guest

    No, I only have outbound TCP rules to ports 80 & 443 for PSI.exe and PSIA.exe. I've got the program configured for on-demand use only.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    I only use PSI on demand, so I never upgraded to v2 :)
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Initially, I only had the previous rules for process psi.exe to ports 80 and 443 (I forgot to mention I also had traffic allowed to port 80.). Since it was failed to connect, I opened TCPView and saw a new process by the name of psia.exe and after researching a bit, I came to realize it also needed to be allowed to communicate with ports 80 and 443.

    But, even after setting those permissions, it still fails communication. I decided to look through Event Viewer and saw that inbound communications were being blocked from the same IP Secunia was communicating to. But, there was given no indication of which process.

    Sadly, I'd revert back to version 1. It's not for me, rather to a relative, to whom Secunia PSI, used as on-demand, will give an indication of what would need to be upgraded. This way I'd know that applications would be kept up to date; well, at least the most dangerous ones.

    But, when you manually start a scan, does it start the process at all? Because, that's how I found out that it needed to the inbound communication. I won't be allowing such, specially when I got no indication of which process it is needed to bound this communication to. Even if such indication was given, I wouldn't allow it. ;)

    This makes me wonder what happened from version 1 to 2, that requires inbound traffic. If version 1 worked fine without inbound traffic, why does version 2 require it? In my own perception of it, it makes no sense.

    -Edit-

    I just decided to try it once more, and now it does its work? Maybe all it needed was a reboot. Crazy stuff, I tell you. :D
     
    Last edited: Feb 14, 2011
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Simply great. The damn thing requires its service to be set on Automatic, otherwise Secunia PSI won't start it, at all. :thumbd:

    I'm trying to save as much resources as possible from the laptop (not that powerful... it has a few years) where I installed, which belongs to a relative, but I don't think I'll keep it, not if it forces me to let it be on Automatic.

    Couldn't Secunia simply make PSI manually start its service? After all, PSI requires administrator privileges. o_O
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm liking the new version myself. The ability to have it automatically update programs, even without user interaction (I still make it ask me) is nice. The issue with the service being forced to stay automatic isn't something I like, but it's not a huge deal with my system. I don't really care about the outbounds it makes, I trust it.
     
  9. wat0114

    wat0114 Guest

    It's set to "Manual" on my system (Win7x64) and it starts no problem when I launch the program, and stops when I close it.
     

    Attached Files:

  10. sbseven

    sbseven Registered Member

    Joined:
    Jan 30, 2011
    Posts:
    140
    Same behaviour on Vista x86...
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Well, I tried again today, and it started, but it took a long time to load.

    But, when I opened Windows services, I could see there's one more service named Secunia Update Agent? It wasn't there until now. It also added an autorun entry to start Secunia PSI on Windows boot, despite the fact I disabled that option when installing. Until today, PSI never started automatically, but after disabling Secunia PSI Agent, it added both the secondary service and autorun entry o_O o_O

    Oddly, I took the same steps in another system, and Secunia PSI Agent service is set to Manual and it loads fast. Also, no secondary service or autorun entry created.
     
  12. sbseven

    sbseven Registered Member

    Joined:
    Jan 30, 2011
    Posts:
    140
    Maybe you have the "Enable Automatic Program Updates" checked on this PC and not the other? (See Configuration > Settings). The Secunia Update Agent service (sua.exe) controls this activity and will be installed with this option checked. ("Enable Automatic Program Updates" refers to auto-updating monitored software, not the Secunia PSI processes themselves).

    Re: Unexpected auto start & Update Agent, it sounds like your config options got reset back to the defaults somehow...

    You've described a couple of unusual issues on this thread, maybe try a clean install?

    For the record, for a simple Secunia PSI 2.0 on-demand version checker (no auto updating of monitored software):
    • Allow TCP 80,443 OUT for psi.exe
    • Allow TCP 80,443 OUT for psia.exe
    • Start the Secunia PSI on boot = unchecked
    • Enable Automatic Program Updates = unchecked
     
  13. wat0114

    wat0114 Guest

    Indeed, what's happening with m00nbl00d's secunia setup is strange.

    That should do it - perfect :thumb: I checked my settings and I've left all the checkboxes cleared, though it shouldn't be necessary to clear any more than those you've listed.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Indeed, strange issue. It all started after disabling the Secunia PSI Agent service. It also created a scheduled task.

    One of the first things I did was, precisely, to disable all the extra options and to disable the automatic PSI execution on system boot. It all got messed up after disabling that service.

    I did uninstall and reinstall and all is OK. Secunia PSI Agent service is set to Manual and it works fine.

    No idea what the heck happened before. lol
     
  15. sbseven

    sbseven Registered Member

    Joined:
    Jan 30, 2011
    Posts:
    140
    Ah right, that probably explains it! I expect the program decided to reset to it's default configuration when it couldn't load the agent service (in an attempt to rectify things)...
     
  16. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Personally really like this version for the auto update feature.

    This is critical when you install this program for family and friends. With v1, family and friends would never update their software even if they are told it is outdated. Now with v2 it is all done in the background.

    Yes there are some additional services / processes. How much does it really affect your boot time etc?
     
  17. SecSupport

    SecSupport Registered Member

    Joined:
    Dec 9, 2010
    Posts:
    2
    Hi,

    First off, I work for secunia, so I'm probably biased.

    Anyway, I wanted to provide you all with some feedback to this thread.

    We have, amongst other things, eliminated the workstation service dependency. So if you install the latest build of the PSI (Available here: ftp://ftp.secunia.com/PSISetup.exe) you will be able to use the PSI without this service enabled.

    To reduce memory usage, you will want to disable (under configuration -> settings):
    - Program monitoring (runs in the background and checks for changes to files/updates/etc).
    If you disable this feature, the Secunia PSI Agent should only run when the PSI UI is opened.
    - Enable automatic program updates
    If you disable this feature, the Secunia Update Agent service should not run (but will still be shown in the list).

    This will reduce memory load, but all in all it's not a good idea to entirely disable the services. Are you still experiencing 'excessive' load?

    The PSI should never need any inbound services allowed, only outbound for HTTP (80) and HTTPS (443). This is necessary to reach the Secunia servers for matching scan results to our rules, as well as for fetching updates and the PSI user interface.

    If you are still having problems connection with the PSI, try following the steps outlined here (Do it step-by-step, then try):
    http://secunia.com/vulnerability_scanning/personal/faq/#s3

    If you don't want to enable the settings describe in steps 4 & 5, try step 8 initally, this fixes a lot of connection problems.

    If you have any further problems or questions, post here and I'll eventually get back to you, or (even better, much faster response from our side), go post on our community forum, found at http://secunia.com/community/forum/.

    Hope this helps. :)

    Kind Regards,
    Emil R. Petersen
    Secunia PSI Community Support
     
  18. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    You're preaching to the choir(see my thread here), but as far as Secunia goes...as I had mentioned in my thread, Secunia often tells me that my software is outdated when it turns out that it isn't. Therefore, I was wondering if Secunia was the only game in town or if there were any other update sites....that actually worked....um, for all people. ;)
     
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  20. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.