Secunia PSI
Results 1 to 8 of 8

Thread: Secunia PSI

  1. #1
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Secunia PSI

    Secunia PSI (Personal Software Investigator),

    This is now a full version release (v1.0.0.1) following on from the RC4.

    http://secunia.com/vulnerability_scanning/personal/

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #2
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    I actually find this to be very helpful software. For those of you who don't know what this is, it scans all installed software (or most of all) and makes sure each one is the most up to date version to keep your computer as up to date with patches as possible. It saves a lot of hassle (well, i mean, i wouldn't take the time to make sure everything was updated before I had this software), keeps your computer more secure, and even gives you a link that will download the update for you for the software that hasn't been updated yet.

  3. #3
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Wink

    Hmm carn't seem to get the thing to work, it keeps crashing while doing the initial scan, it get's to 4% and just freezes up and starts getting non-responsive.

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by t34b4g5 View Post
    Hmm carn't seem to get the thing to work, it keeps crashing while doing the initial scan, it get's to 4% and just freezes up and starts getting non-responsive.
    Are you possibly attaching a debugger or do you have a proxy that doesn't support CONNECT?

    I spent some time playing with this because I love the concept. I think it's a great tool for a home user... I dislike the implementation though.

    I understand that it's a free tool and that building lists of vulnerable software takes resources and effort (I've done it myself ). However the approach of scanning my computer for files, uploading the versions to their server to match against the scan engine and then pulling the results back down. I dislike that... I dislike it a lot.

    I want to know exactly what they're looking at, what pieces of software they identify, and a number of other things. Maybe it's just me, but if I don't know what they're scanning and uploading... especially given that this is free software... what's to stop them from taking information they shouldn't?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    I love how it says for personal use only and then expects you to choose between personal and corporate

    Its complaining about not having a connection to the server ... there is no proxy support though which could be a problem.

    I ran a tracert on psi.secunia.com [213.150.41.227] and it died on 213.150.41.227.

    Nihil, did yours run fine?
    Last edited by Cider; December 1st, 2008 at 10:28 AM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by Cider View Post
    Its complaining about not having a connection to the server ... there is no proxy support though which could be a problem.
    It does indeed have proxy support. It uses whatever your proxy is configured as in IE. As I mentioned above it has to support CONNECT, this is because SSL is used, so you can't just pass it a get. Which means you can't use a proxy to even log the transactions (you'll simply see CONNECT -- host in your proxy logs).

    Some things I noted. On startup it resolves psi.secunia.com (which has two IPs). If you filter the IPs at your firewall, it won't start. If you point psi.secunia.com to another IP where you have a server running with SSL, it won't start (due to a certificate mismatch). If you setup a proxy, it will use CONNECT, which means you still can't log transactions.

    The most you can do is looking in your temporary internet files folder and take note of the files that are created (which contains a UID... which I'm wondering if it's unique, which means they can track software installed on various machines over time).

    As I said.. software that behaves in this way doesn't sit right with me...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, I have been running this on XP Sp3 since RC3 without problems.

    I am just using a standard ADSL connection.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hmmm I dont know about this software

    HT~ I'll go through your steps and see if I can get it up and running.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Ethical Disclosure
    By Soda_Popinsky in forum The Security Tutorials Forum
    Replies: 7
    Last Post: January 19th, 2006, 10:44 PM
  2. Highly Critical Linux Secunia Advisory
    By Egaladeist in forum *nix Security Discussions
    Replies: 3
    Last Post: October 2nd, 2005, 01:44 PM
  3. Gentoo - Secunia
    By Soda_Popinsky in forum *nix Security Discussions
    Replies: 34
    Last Post: January 4th, 2005, 08:42 PM
  4. WebRoot Enterprise
    By fraggin in forum Spyware / Adware
    Replies: 13
    Last Post: December 28th, 2004, 10:57 PM
  5. What happened to Secunia?
    By NeonWizard in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: July 16th, 2004, 03:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •