Avast IM Shield & SECUNIA; Is Secunia causing recording of many items?

[kls490]

Success!  Problem has been resolved DJBone & ady4um!  Seems the Secunia program was causing all the massive numbers of items to be scanned since Feb. 16th in the IM Shield.  Once I uninstalled it, the log now shows no more activity.

Onec again...my thanks to both of you for all your help on this one!  My thanks also to you Logos for your feedback!

Best Regards,

[Hermite15]

can't see how this could be related to secunia ...

[ady4um]

Well, secunia needs to transfer the info somehow so to provide you with the feedback, which is the whole point of secunia.

Interestingly, secunia is not listed in the programs list in IM Shield, but it may be using some additional common way to transfer the info and that's what IM Shield is catching.

I wonder if installing secunia as "on demand only" would cause the same communication / detection issue, or if it is secunia itself or some "add-on / ad" thingy.

[Hermite15]

and how would you explain that secunia reported data "could" be seen and scanned as IM data by Avast ? ... you probably know that do you ... Not mentioning that the screenshot posted by the OP only shows some IE temp files scanned (and yes, I know that many utilities use IE to connect) ...whatever, the bug is on Avast side.

[Hermite15]

oops guys ... just launched Secunia (on demand here) and instantly tens of files started to get scanned by the IM shield okay that's still an Avast bug.

[ady4um]

and how would you explain that secunia reported data "could" be seen and scanned as IM data by Avast ? ... you probably know that do you ... Not mentioning that the screenshot posted by the OP only shows some IE temp files scanned (and yes, I know that many utilities use IE to connect) ...whatever, the bug is on Avast side.

I don't explain it . That's why I posted that I don't know if secunia itself is the one "detected" (read as "traffic being scanned") or some "extra" installed with it. Secunia does transfer info, and who knows what that possible "extra" is.

We only can get to some conclusion from what the OP reports, nothing else.

We don't even know if there is some bug really. The fact that secunia (or whatever) is not listed in IM Shield doesn't mean it is necessarily a bug; but it could be.

The devs should try to reproduce this issue, being secunia a popular utility.

[Hermite15]

see my new post above, I could reproduce it

[Hermite15]

@ the OP of this thread, could you modify the topic title and mention Secunia in it?

[kls490]

I changed the title, Logos.  Will the change be effective for your needs?  Unfortunately...it only seemed to change the title in my OP and in this last post.

[Hermite15]

I changed the title, Logos.  Will the change be effective for your needs?  Unfortunately...it only seemed to change the title in my OP and in this last post.

that's alright thanks main thing is the topic title is now changed.

[mchain]

Something I should note here is that prior to February 16th, I had NEVER seen ANY activity recorded in either the IM or P2P shield logs.  The only thing I did yesterday (Feb 16th was to download that Secunia program and use it.

I have seen that also with Secunia PSI v 2.0.0.3003, but not with v 2.0.0.4003, which I am now running. 

It seems to be related to traffic between your computer and Secunia servers, as Secunia is set to use IE for connectivity (annoying for me, as who knows when a new exploit will pop up in IE that might affect this traffic).  As the point of PSI is to monitor the status of installed programs on the host system, it makes sense that  there would be some IM traffic done in this way.  Secunia chose to use IE, like many vendors, and I just happen to have to run IE8, which isn't upgradable to IE9 on my system.  There has been a minor vulnerability for IE8 existing for more than a year that Microsoft just seems not to have gotten around to addressing, not that I think they ever will.

Secunia Link here:  http://secunia.com/advisories/product/21625/?task=advisories_2011  is an example.  See the unpatched vulnerability here:  http://secunia.com/advisories/43623/.  This is not the one I'm thinking of, will have to exit user account, fire up PSI to find the more severe one, so there will be an EDIT at the bottom of the post when I find it.

Back soon.

EDIT:

My bad.  This vulnerability first reported 2/26/2007 and still not fixed.  Here:  http://secunia.com/advisories/24314/

This is the most severe one IE currently has.

Attached find PSI gif of Secure Browsing page.

[Saulius]

Thanks Mchain. Very interesting, at least I'm no longer using XP and still stuck with IE8, but I know plenty of people who are and will remain with XP/IE8 for the foreseeable future! Bloody M$ knows that almost half of all PCs are running XP, but also unfortunately far too many 'good' or popular programs use IE exclusively or by default. I hope that practice changes... at least Avast! chooses to offer their uses to go through Chrome instead, not that I reckon Google is all that much better than M$ to be sure.

[YoKenny]

I have seen that also with Secunia PSI v 2.0.0.3003, but not with v 2.0.0.4003, which I am now running. 

You are missing  an important Adobe Flash Player update.

[mchain]

You are missing  an important Adobe Flash Player update.

As the flash player update came in two days ago (I think) it takes some time for Secunia to implement it in their server database and update.

It is not uncommon for Secunia to report a user has an insecure version of a program file until this update occurs.

I really don't need flash, but when it is known clean, it is nice to have.  I did update to the latest version, it just doesn't show yet. 

I just will not install it in IE, though.

Re PSI v 4.0.0.4003 not causing IM traffic, I was wrong.  I ran a manual scan in admin, and voila!  Traffic! 

[Saulius]

Who doesn't need flash?

Also if you aren't in the habit of keeping it up to date you might be more likely to try to update it when trying to view something online and get prompted by 'unknown' parties to download an update... which often is malware just saying.