Secunia

Secunia Flags Flash10a.ocx as threat, but clean-up requires some contortions

Now that I’ve been running Secunia Personal Software Inspector (PSI) on my Vista machines for about three months I’m starting to learn a little about this program’s behavior. Last Friday, Secunia notified users about an important update to Adobe Flash, part of which involved replacing an older version of its ActiveX control for Explorer with a newer version. This involved installing a package that included a file named Flash10b.ocx, which replaces Flash10a.ocx.

Apparently the installer is not only supposed to add Flash10b.ocx to the %windir%\System32\Macromed\Flash directory, it’s also supposed to delete the previous version, Flash10a.ocx as well. The problem is, deleting ActiveX components you use requires that they be unregistered first. To do this for the aforementioned file, enter this string at the command line:

regsvr32 “C:\Windows\SYSTEM32\Macromed\Flash\Flash10a.ocx” /u

On the other hand, you could use your handy-dandy WinPE boot UFD to reboot the machine and delete this file without having to unregister, because you’re then running inside a different Vista runtime that isn’t using that ActiveX control. However, a double reboot takes at least 5 minutes on my Vista machines: once to boot into WinPE, and again to return to a normal Vista runtime environment after deleting the file. On the other hand, unregistering this ActiveX control takes less than ten seconds. Thus, it’s easier and faster to unregister the file first, then delete it without resorting to the UFD. You can even write a short batch file to automate the entire process, and deploy it around your network to Vista desktops.One more thing: before you attempt to delete this file, please close Secunia PSI as well. If you leave it open, it will hang onto a handle to this file. And of course, that too will prevent you from deleting it.

Those readers who’ve followed my advice and have installed PSI or CSI (the newly-renamed “Corporate Software Inspector” or CSI, that replaces the older NSI for Network Software Inspector) may benefit from this tidbit of information, if they haven’t figured it out already for themselves. As foibles go, however, this one’s pretty minor, and would only require Secunia to add a short note to this effect in their clean-up instructions. I’m still glad to have Secunia in my corner, though, and since I’ve started using their software inspectors my machines have kept up with patches, fixes, and updates on a more-or-less a same-day basis, except for occasional weekends or holidays when I choose not to check on my growing collection of PCs.

A Somewhat Hidden Secunia Benefit

Last week I blogged about Danish information security firm Secunia’s outstanding Network Software Inspector. In that capsule summary I neglected to mention that Secunia sends out e-mail updates to all registered users any time the rules base gets updated.

This turns out to have significant value, of course, because some updates are more important than others–Microsoft Security Updates are probably the best example, especially those pushed to Windows Update outside the usual Patch Tuesday cycle. In this case, my reminder came in the form of an observation that Sun had released a new set of Java and Java Runtime Executable (JRE) updates, which addressed some reasonably serious (Category 4) vulnerabilities from the previously-current version.

This was all the information I need to go out and grab the updates for the various Vista and XP machines that I work on every day. In an enterprise setting, the same email can trigger the download-test-push cycle that’s more typical for updates in such environments. Either way, timely access to this kind of information is absolutely invaluable, and lets us all respond more quickly as and when known vulnerabilities are patched or fixed.

The Secunia vulnerability scanning toolset is a good one, and this real-time e-mail update service only makes it better. I hope you’ll check it out, and try it out, in your own environments.

–Ed–

Secunia Network Inspector

I’ve been working in some depth around Windows security topics since 1997, when I began teaching Windows hardening classes at Interop with my colleague and co-author James Michael Stewart. In 2003, I started researching malware topics and tools, a quest that eventually led to my 2005 book “Fighting Spyware, Viruses, and Malware” for PC Magazine Press. Along that path, I became familiar with Swedish infosec firm Secunia, whose many threat and vulnerability warnings, proof of concept exploits, and timely malware information always proved accurate and reliable.

Yesterday, Secunia released a final version (1.0.0.1) of its Personal Security Inspector, a free, single-shot vulnerability scanner that examines Windows PCs running Windows 2000, Windows XP, Windows Server 2003, and Windows Vista to make sure that Windows Updates are current and correct, and that checks installed applications to make sure they are also patched and up-to-date. The tool flags unpatched code, and end-of-life programs that are no longer being updated, to help individuals update or replace potential sources of vulnerability on their desktops.

For enterprise use, Secunia also makes a Network Software Inspector (NSI, currently at version 2.0) available to companies and organizations that want to perform similar scans on the PCs on their networks. At 20 Euros per machine per year (about $25.68 at today’s exchange rates), it’s not too different from what the Microsoft Baseline Security Analyzer (MBSA) can do for Windows and MS apps. But when you add its substantial (over 7,000 programs) database of applications with security status, and its built-in, easy-to-use, and intelligible remediation advice, NSI comes out way ahead at a very reasonable per-user cost (contact Secunia sales for purchases of over 50 seats, where discounts begin to kick in).

If you’re interested in trying out this outstanding tool, you can download a 30-day evaluation copy at no charge. It’s definitely worth digging into further for those companies or organizations seeking to deploy a good vulnerability scanner, or those interested in replacing their current scanner with something better and more capable.

On a personal note, let me wish all my readers and their families a happy holiday, with plenty of quality leisure time and good eats. I’m off shortly to pick up a brined Kosher turkey, and expect wonderful results when it emerges from the oven tomorrow afternoon.

Best wishes,
–Ed–