Results 1 to 12 of 12
  1. #1
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: PCI Secuina insecure programs

    Adobe Reader should be at 8.1.3, there are definitely security issues with version 8.1.2.x
    Firefox should be at 3.0.4, if you really have 3.0 then you are definitely at risk.

    Make sure that Secunia has done a scan since you updated these applications. It may simply be reporting the status at the time of its previous scan.

    StuartR

  2. #2
    2 Star Lounger
    Join Date
    Jul 2008
    Location
    Brisbane, Queensland, Australia
    Posts
    102
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Secunia PSI insecure programs

    Subject edited and picture shrunk by HansV

    Pci secunia keeps reporting these programs out of date/insecure.
    I have updated all of them but I still keep getting the same report when I run a scan.
    Any thoughts
    Gus..
    Attached Images Attached Images
    • File Type: jpg x.jpg (44.4 KB, 1 views)

  3. #3
    2 Star Lounger
    Join Date
    Jul 2008
    Location
    Brisbane, Queensland, Australia
    Posts
    102
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PCI Secuina insecure programs

    Stuart.
    I have ff3.0.4 and I have uninstalled adobe.
    I am more concerned about Microsoft core services MSXML as I can't seem to update these at all.
    Gus

  4. #4
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: PCI Secuina insecure programs

    Be sure you re-boot just for insurance, Gus and then make Secunia do the scan again to see what happens. However, I'm not too sure there aren't a glitch or two in this current release as I'm also having a problem similar to yours. I'm running the downloaded version rather than the online copy.

    My initial scan showed 14 problems, among which are Adobe Acrobat Reader 4 which is NOT installed. The solution button suggests installing a version of 8.x but... I have Adobe Reader 9.0 installed and believe it to be the latest. Secunia also listed Adobe AIR which I have now un-installed and re-booted AND re-scanned. Reader 4 and AIR still show up in the scan and I don't have any idea where it's getting that from.

    I don't know what to tell you about the MSXML thing except to wait and see if anyone else joins in with what "might be" false positive or other problems with this latest release. Secunia has been an excellent product up until now. I don't know about other Loungers, but if I can't resolve mine, I plan to write to them to see if they're responsive.

  5. #5
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: PCI Secuina insecure programs

    I just installed the latest release of Secunia, I was previously running RC4.

    It seems to work fine on the two PCs where I have installed it, and this encouraged me to get rid of my last two end-of-life programs and replace them with something more secure.

    StuartR

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: PCI Secuina insecure programs

    Like Stuart, I've had no problems with the latest version of Secunia PSI. The result was the same as that of RC4: I have 3 end-of-life programs that I keep around because they are required for some old software that I want to run occasionally, and no insecure programs.

    Keep in mind that Secunia PSI scans the entire hard disk, so it will also find programs in for example the C:I386 folder. This folder may contain old versions of programs from the Windows installation CD.

  7. #7
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PCI Secuina insecure programs

    If one would like the latest "XML Core Services 6.0" that'll be MS08-069 from the November batch. Not everyone has installed that batch yet, or both updates. The MS08-069 also consists of “sub-updates” for different versions of the XML Core Services (not everyone has XML Core Services 6.0).

    As always, there are file information in the bulletins (though since Vista and IE7 entered the arena, those lists became awfully long, so in general there is a link to another article).

    For Windows XP SP2/SP3 32-bit, and according to the aforementioned list: Msxml6.dll 6.20.1099.0 10-Sep-2008.

    Time and size can vary slightly depending on installed version and language (if language dependent file).

    6.10.1200.0 is the, so called, 6.0 post SP1 (SP1 here referring to the XML Core Services, not the OS), a result of the MS07-042 update in the August 2007 batch from MSFT. File date should be 15-May-2007.

    In general I don't trust such test programs, since there is one extra factor that can cause false alarms (them being wrong), and in the vast majority of cases it is easy to check in different ways if your programs etc. are up to date.

    The specific program, Secunia, as it seems, need Internet access both for downloading file signatures, this is obvious, but it also needs access to check the software installed and then uploads the information to the Secunia server. There is no explanation why this last step is needed after the file signatures have been downloaded.

  8. #8
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: PCI Secuina insecure programs

    >>>for example the C:I386 folder

    You can also set the program to "ignore" some locations like the above.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  9. #9
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: PCI Secuina insecure programs

    Yep, that's entirely correct. I just wanted to point out that Secunia may display an alert because old versions of programs may be installed in folders such as C:I386, i.e. outside the Program Files and Windows folders.

  10. #10
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: PCI Secuina insecure programs

    Reading your post and I'm thinking how the <img src=/w3timages/censored.gif alt=censored border=0> did he do that. Then I discovered that the ADVANCED selection opens to a very different looking screen with a few more selections on the nav bar as well as some FOLDER icons on the list of software that tells me where the <img src=/w3timages/censored.gif alt=censored border=0> the "program" is that it's complaining about. This, after me breaking my chops for a couple of hours this morning installing and un-installing Acrobat Reader and Adobe Air. NOW I see that it's complaining about the VISTA drive! Whooee, ain't this fun stuff...
    Attached Images Attached Images

  11. #11
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PCI Secuina insecure programs

    Addendum:
    Some extra info and clarification (if needed). I see that the screen shot has the Vista luminous UI ...

    The version number I mentioned as an example for XP SP2/SP3 is obviously the same for XML6 on Vista. As sometimes is the case the XML update also updates other files such as Msxml6r.dll, but that is a resource-only DLL, and its version is slightly different.

    It is said that Vista shipped with 6.0 SP1, i.e. 6.10.1129.0. It is that version that later got updated to 6.10.1200.0 via the post SP1 update KB933579 for Vista, which in turn is made obsolete by the aforementioned November update.

  12. #12
    2 Star Lounger
    Join Date
    Jul 2008
    Location
    Brisbane, Queensland, Australia
    Posts
    102
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: PCI Secuina insecure programs

    Argus.
    Ok I am with you. [I think]
    After reading all other threads I think Secuina is reporting programs from my D drive ware I keep a ghost copy of my system .
    Gus..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •