- Why do I get an "Unable to load Java applet" error every time I try to access the Secunia Software Inspector?
This error can be caused by a variety of reasons:
- You do not have the minimum version of Java installed. You need Sun Java JRE 1.5.0_12 or later installed in your system. To check if you have the latest version, go to http://www.java.com.
- If you have the latest version installed, check if you can access other websites that use Java.
- If you cannot access other websites that use Java, then this is likely a compatibility problem between your browser and your Java plug-in. Please refer to your browser documentation for more informaton, or use an alternative browser to access the Secunia Software Inspector.
- If you can access other websites but not the Secunia Software Inspector, please refer to 16) below for instructions on how to submit errors to Secunia.
- For the items marked as "INSECURE", how do I upgrade to the new, secure versions?
The purpose of the Secunia Software Inspector is to identify insecure software versions, and recommend secure versions for upgrade or installation purposes. However, the actual information on maintainance and remediation of the software is the responsibility of the vendor.
- For the items marked as "INSECURE", do I need to uninstall the old version before updating?
Upgrading rules are very much based on vendor specifications. It is recommended that you read the product documentation or contact vendor support to determine the best course of action.
- How do I uninstall items that are not in the "Add or Remove Programs" section?
For programs that are not included in the programs list in the "Add or Remove Programs" section, you should contact the vendor, or refer to the software documentation, for instructions on how to remove the item. In addition, please note that some applications detected by the Secunia Software Inspector may be components of, or bundled with, other applications. In this case, you should refer to support and documentation of the main application.
- Why do I have so many versions of Flash/Java/Adobe?
Flash, Java, Adobe, and other applications may be downloaded onto your system as plug-ins whenever you visit a website that requires it. For example, to play online games your browser may require a certain version of the Flash Player. If the website that you are trying to access sees that you are not running Flash Player, or running an older version, it installs the current version in your computer but does not remove older versions. Hence, older versions can accumulate in your computer, leading to the Secunia Software Inspector detecting multiple installations of these applications.
- Windows Update says my Windows files are up to date, but the Secunia PSI is still reporting my software as insecure. What should I do?
Please check the "Installation path on your computer" value of the detected insecure application. If the installation path begins with "C:\Windows\...", please send all relevant details (including screenshots, whenever possible) to support@secunia.com.
However, please note that some Windows systems may have an "installation backup" folder located in your computer, which can be used to reinstall your copy of Windows programs in the absence of an installation disc. For example, a common "installation backup" folder is "C:\i386".
The Secunia PSI may detect certain Windows programs in these "installation backup" folders as insecure. This may be because Windows Update installs patches only in the default installation folder of Windows, and not in "installation backup" folders. As a result, while your usable Windows files are patched, your backup Windows files may not be.
Another possible explanation is that Microsoft develops files that can be used by third-party vendors (such as .DLL or Framework files). If a vulnerability is patched by Microsoft in the original file, third-party vendors should follow suit by providing updates for their products. However, this is sometimes not the case, and as a result, Microsoft-developed vulnerable files in third-party applications may be detected by the Secunia PSI as insecure if the non-Microsoft vendor fails to supply an update.
You can check if the detected vulnerable file is in a third-party application by checking the "Installation path on your computer". If the value is not "C:\Windows\..." or "C:\WINNT\...", then the vulnerable file is likely used by a third-party application, and should be addressed by the appropriate vendor.
- My software has an Automatic Update feature but the Secunia Software Inspector is reporting the version as "Insecure". What should I do?
In this case, Secunia recommends that you update your software manually even if your program has an Auto Updating feature. If you verify that you are running the recommended latest secure version, but the Secunia Software Inspector still marks it as "Insecure", please see the Answer for 8) below.
- I've already (manually) updated my software version, but the Secunia Software Inspector is still reporting my software as insecure. What should I do?
First, verify with the vendor if the product version that you have is indeed the latest. If the vendor agrees that you have the latest version, please send all relevant details (including screenshots, whenever possible) to support@secunia.com.
Please take note that due to the large volume of emails, you will likely not receive a response. However, all reported issues are tracked, and detection rules are updated accordingly.
- What can happen if I choose not to upgrade or update my insecure or end-of-life software?
The Secunia Software Inspector recommends that you upgrade or update your insecure or end-of-life software to ensure that your system is protected against vulnerabilities located in these software. However, it is of course your prerogative not to upgrade or update as you see fit. In this case, it is important that you understand possible consequences of not performing the update. These include the possibility that your system may experience various malicious attacks (phishing and hacking attacks, automatic installation of malware and spyware in your system) and, in the case of end-of-life software, the discontinued support of the vendor.
- The Software Inspector detects my software as secure, but I know that there is a more recent version of the software. Does this mean that I am really secure?
Software can be detected by the Secunia Software Inspector as secure, even if the vendor has released a more recent version. This is because vendors release software updates not just to patch vulnerabilities, but also to fix software bugs or introduce software enhancements. These fixes and enhancements may be non-security related (for example, adding new functionality or features). Therefore, prior versions of software can be secure even if they are not the most recent ones, as long as no known vulnerabilities are reported in them.
In these cases, Secunia recommends that you read the vendor release notes to determine if you prefer to intall the update or not.
- I recently updated my vulnerable software to a BETA version, and now the Secunia PSI doesn't detect it anymore. What happened?
The Secunia PSI does not monitor and detect BETA versions of software. However, the next stable release after the BETA version will, of course, be detected by the Secunia PSI.
- What's the difference between the Secunia Software Inspector and the Secunia Personal Software Inspector (PSI)?
The Secunia Software Inspector identifies about 40 of the most common applications, while the Secunia PSI can identify over 6,000. In addition, the Software Inspector is run using the web browser, while the Secunia PSI is downloaded and installed.
- What's the difference between the Secunia Software Inspector and the Secunia NSI (for enterprise networks)?
The Secunia NSI is a commercial product designed to allow you to scan for over 6,000 applications in computers within a network (such as in an office environment), making it ideal for corporate users. For sales and pricing inquiries please contact sales@secunia.com or visit this page.
In contrast, the Secunia Software Inspector is a browser-based program designed for private users. It scans for about 40 of the most common applications in the computer in which the Applet is run.
- The Secunia Software Inspector and the Secunia PSI give different or conflicting results. What does that mean?
If you think you have different or conflicting results after trying out both scans, we suggest that you take notice of the application name, version number, and installation path. Even though an application only has one name, different versions of it may be installed in your system; some of these versions may be secure while others are not.
Since the Secunia PSI identifies over 6,000 applications, while the Secunia Software Inspector identifies about 40, it is recommended that you refer to the Secunia PSI for the most thorough results.
- How often do you update detection rules?
Secunia Research develops new detection rules every time a vendor releases a security patch for any vulnerability in a product detected by the Secunia PSI. For example, new detection rules are created after every Microsoft Tuesday patch cycle, as this allows the Secunia PSI to check if your Windows systems patches are up to date or not.
- How can I suggest a feature or report an error in the Secunia PSI?
For all feature requests or error inquiries, please submit all suggestions to support@secunia.com, or click on the "Tell us what you think" task in the Secunia PSI to submit your suggestion via online form. In addition, for error inquiries, please send all relevant details (including screenshots, whenever possible) to support@secunia.com.
Please take note that due to the large volume of emails, you will likely not receive a response. However, all suggested features are tracked, and those that are accepted will be reflected on subsequent versions of the Secunia PSI.
