Secunia software inspector

Discussion in 'other security issues & news' started by RexB, Dec 14, 2006.

Thread Status:
Not open for further replies.
  1. RexB

    RexB Registered Member

    Joined:
    Nov 27, 2006
    Posts:
    11
    Location:
    Puget Sound
    Hope I posted this to the right section, didn't see it already after a search.

    Secunia offered this Software Inspector to checkout browsers and some of the larger packages on our machines for security gaps. It reminded me to uninstall old Sun Java and Flash installs. Another scan tool for the arsenal :~)

     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Too bad that it uses Java, other than that it´s cool. ;)
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    its very useful it alerted me that im running an old unsecured version of quick time. where can I download the latest quicktime without itunes?
    lodore
     
  4. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    What's wrong with Java o_O You better watch out or java programmers are going to challenge you to a coding smackdown :eek:

    I personally enjoy java and its portability but anyways...

    The software inspector is pretty nice, alerted me to macromedia flash v. 7 hidden in some random file on my harddrive, so I just erased it. Everything else was up to date, so I am riding good right now.

    Cheers,

    Alphalutra1
     
  5. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    How long did it take to run the program? I started it and let it run for 45 min. with no results.Maybe it's having trouble with my security programs but I did not read where you had to turn anything off,just that it may take longer to scan if A/V was left on. Correct?
     
  6. RexB

    RexB Registered Member

    Joined:
    Nov 27, 2006
    Posts:
    11
    Location:
    Puget Sound
  7. RexB

    RexB Registered Member

    Joined:
    Nov 27, 2006
    Posts:
    11
    Location:
    Puget Sound
    Yea, that's the way I read it too. It didn't take long, just 5 or 6 minutes maybe, for Secunia security inspector to scan with the A/V on here.
     
  8. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    Oh well,I tried.lol.
     
  9. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Alternative to Quiktime: QuickTime Alternative (aptly named): http://www.free-codecs.com/download/QuickTime_Alternative.htm
    As to Secunia Software Inspector:
    Very interesting.
    Alerted to: Application - Sun Java JRE, Version Detected - 5.0.xxx, Status - fail.
    Huh? I recently installed latest JRE. (??)
    However, scrolling down, it found the latest version. Status - OK. (o_O)
    OK, open up the + sign for details, and I find older JRE versions in a couple app.s.
    Delete old "java.exe" in offending app.s, install latest "java.exe" and all is well.
    Same occured with Adobe Reader (which I don't have installed!).
    It was embedded in another app. Deleted the AcroRD.exe. file, and when the command for a .pdf reader was invoked, my GSView (my alt. pdf reader) opened up.
    Although I think none of these particular "fails" warranted a serious security concern, I found it quite enlightening.
    P.S.: Now the Secunia Software Inspector yields nothing but 'green checks'.
    All in the household can now rejoice & sleep well (yea, right)
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Removing old versions of macromedia flash and adobe flash? Could anyone shed some light on how that is safely done? Also, Java 2 Runtime Environment older versions (1.4.2_04 and 1.4.2_05) ? Can (or should) those be removed with the windows add/remove program?

    thanks
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    Uninstall Flash

    As far as Java goes, use the add/remove programs in the control panel.
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks!
     
  13. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,524
    Location:
    USA - Back in a real State in time for a real Pres
    Thanks.
     
  14. Green Giant

    Green Giant Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    252
    I did a Google search for an uninstaller for Flash to remove old versions having run Secunia Software Inspector. There is a separate uninstaller available, but I also found an MS update for November 2006, which when installed corrected the flaw in Flash, at least according to a re-run of the Secunia check.
     
  15. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Thanks very useful - zero spyware has a similar feature.
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Agreed. Very nice indeed.
     
  17. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I have a question.

    I got this message

    "This installation of Adobe Reader 7.x is insecure and potentially exposes your system to security threats!

    The detected version installed on your system is 7.0.8.218, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 8.0.

    Update Instructions:
    Update to Adobe Reader 8.0.
    http://www.adobe.com/products/acrobat/readstep2.html

    Vulnerabilities Fixed:
    Read about the vulnerabilities fixed with this update in Secunia advisory SA23138 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.


    Installed on Your System in:
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe"

    How risky is it if I don't update to 8.0?
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    Like with most content-rendering apps, the risk is in scripts. By default Acrobat Reader supports scripts. I warmly recommend you use Foxit. It's much lighter and does not support script by default; you must download the script plugin to properly view .pdf files that contain scripted (active) content. Which makes it ideal for viewing risky files even if you are not fully up to date with latest version.

    An alternative option is to try to disable scripts in Acrobat.

    Haven't tried doing it, but got tired of constant updates and reboots, just like Java, which is why I'm not using either anymore.

    You might wanna look into other pdf readers / distillers, as well. Ghostscript and Postscript conversion could also do the trick.

    Mrk
     
  19. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    That Adobe Reader 8 is a behemoth, like 100 MB's. How do you disable scripts in Adobe 5? Also, has anyone tried Foxit Reader 2.0?
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    Foxit runs well. Quickly and simply.
    Disabling scripts in Acrobat - haven't tried but I promise I will.
    Mrk
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    Here it is:

    http://netzreport.googlepages.com/how_to_use_adobe_reader_7_with_javascript_disabled.html

    For those too lazy to click the link:

    The first step to disable JavaScript is to start the application, click on "Edit" and then "Preferences". Choose in the left column "JavaScript" and remove the check mark next to "Enable Acrobat JavaScript" in the right column.

    Then the article continues about an annoying message warning that javascript is disabled and how the alert can be disabled. But the security is in the above sentence.

    Mrk
     
  22. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have adobe reader 5.0 and it does not have the same preference options as 7.0. There is no place uncheck "enable java script." All I ever use a pdf viewer for is to read attachments as I never create anything that fancy. What would you (and anyone else) recommend: upgrade to adobe reader 7.0 and uncheck "enable java script" or delete adobe from my system and download foxit? Can java script be disabled in foxit? Their 2.0 has the following feature:
    "Java script support: Advanced users are able to use Java script to create complex logic for PDF forms, to validate user input and process data."

    But as an add-on, foxit has:
    "Java Script Support- This add-on is used to execute Java Script in many interactive forms. If you don't install this add-on, although you still can fill in such forms, you wouldn't be able to perform some automated tasks like field value verification and recalculation."

    So does that mean java script will be available only as an add-on? If so, I'll just not add it.

    Thanks.
     
    Last edited: Dec 24, 2006
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Btw this tool does not seem to work correctly, I´m pretty sure I didn´t install all patches on my virtual machine running Windows XP Home and IE, but according to this tool everything is just fine. o_O
     
  24. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Good advice Mrk, I've tried FoxIt and can only advise it as well, thank you :
    http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm

    Moreover, the vulnerability history for the versions 1.x to 2.x is null :
    1.x : http://secunia.com/product/9640/?task=advisories
    2.x : http://secunia.com/product/12995/?task=advisories

    I was tired also to update adobe reader constantly, good alternative.

    Regards,
    gkweb.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    Cheers!
    Mrk
     
Loading...
Thread Status:
Not open for further replies.