Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Secunia PSI security threats

5 views
Skip to first unread message

Jo-Anne

unread,
Dec 3, 2008, 11:28:57 PM12/3/08
to
Tonight I installed and ran Secunia PSI, which found five programs with
security threats--all of them, as far as I can tell, older versions than
what are currently available. I deleted one program--Adobe Acrobat Reader 5
(apparently, Adobe didn't remove it when it updated me to version 9). I'll
update two others--WinZip and Adobe Flash Player. I'm unsure of what to do
with the remaining two, however:

Apple Quicktime 5.x--I have no idea why this program is on my computer. As
far as I know, I've never used it. Is it OK to remove it through Add/Remove
Programs?

Adobe Air 1.x--I believe this program was installed when I updated Adobe
Acrobat Reader earlier this year. It shows up in C:\Program Files\Common
Files, in C:\Program Files\Adobe\Reader 9.0\Reader\AIR, and in C:\Program
Files\Common Files\Adobe AIR\Versions\1.0. I have no idea what to do with
it. When I Google the program, it appears to be something used by
developers. Any suggestions?

Thank you!

Jo-Anne


Leonard Grey

unread,
Dec 4, 2008, 12:21:59 AM12/4/08
to
You should uninstall QuickTime 5 because it's not secure. If you want to
play media files in QuickTime's native formats, the latest version of
QuickTime can be downloaded from Apple's website.

AIR was 'conveniently' bundled with Adobe Reader 9 to provide a way to
interact with the Adobe website directly from Adobe Reader. (Previously
you had to open a web browser.) I do not believe you can uninstall AIR
separately from Adobe Reader. It's one more reason why many of us have
shifted to other PDF readers, like the Foxit Reader.
---
Leonard Grey
Packin' the 'K'

Jo-Anne

unread,
Dec 4, 2008, 12:27:05 AM12/4/08
to
Thank you, Leonard! I'll uninstall QuickTime right away. I think I once
tried to uninstall AIR and couldn't do it. Right now, after I installed the
new Adobe Flash (version 10), Secunia is still showing me as having the
insecure version 9. People at the Secunia forum have been complaining a lot
about difficulties with Adobe's updating. I'll check out Foxit. Maybe it's
time to get rid of Adobe Reader. (I gather one can't really get rid of Flash
or many websites just won't work.)

Thank you again!

Jo-Anne

"Leonard Grey" <l.g...@invalid.invalid> wrote in message
news:ecuw7AdV...@TK2MSFTNGP06.phx.gbl...

Jo-Anne

unread,
Dec 4, 2008, 12:31:39 AM12/4/08
to
Addendum: I just started to uninstall QuickTime and got the message from
Microsoft that if I uninstall QuickTime system extensions, it can cause
applications to malfunction. It recommends clicking on "Uninstall" rather
than on "Uninstall Everything." Should I follow the recommendation?

Thank you!

Jo-Anne

"Leonard Grey" <l.g...@invalid.invalid> wrote in message
news:ecuw7AdV...@TK2MSFTNGP06.phx.gbl...

Leonard Grey

unread,
Dec 4, 2008, 12:42:22 AM12/4/08
to
Re Adobe Flash: You have to read Secunia's results in detail before
drawing conclusions. The version of Flash you installed is obviously up
to date. However, other programs you have installed may incorporate
Flash and /their/ version of Flash may not be up to date. You usually
cannot update the version of Flash bundled with a third-party program.
Instead, you should contact the technical support for those programs
with your concerns. If those third-party programs do not connect to the
internet for their Flash content, they may not need the most recent
version of the software.

Our complaint with Adobe Reader is that it has grown bloated (and
therefore slow) with features that few people actually use. Foxit Reader
and its competitors concentrate on what most people do with PDF
documents: they read them or fill in forms. Foxit Reader and its cousins
often cannot properly display complicated PDFs with lots of fancy
features - but not many people see that kind of document. We just want
to read our broker statements (and cry.)

David H. Lipman

unread,
Dec 4, 2008, 6:29:38 AM12/4/08
to
From: "Leonard Grey" <l.g...@invalid.invalid>


| AIR was 'conveniently' bundled with Adobe Reader 9 to provide a way to
| interact with the Adobe website directly from Adobe Reader. (Previously
| you had to open a web browser.) I do not believe you can uninstall AIR
| separately from Adobe Reader. It's one more reason why many of us have
| shifted to other PDF readers, like the Foxit Reader.
| ---
| Leonard Grey
| Packin' the 'K'

Yes... You can. "Add/Remove Programs" Control panel applet.

BTW:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases Update for AIR

Original release date: November 18, 2008 at 8:03 am Last revised:
November 18, 2008 at 8:03 am


Adobe has released a security bulletin to address a vulnerability in
Adobe AIR. This vulnerability can be triggered if an Adobe AIR
application loads data from an untrusted source. Exploitation of this
vulnerability may allow a remote attacker to execute JavaScript code
with elevated privileges.

US-CERT encourages users to review Adobe Security Bulletin APSB08-23 and
upgrade to Adobe AIR 1.5 to help mitigate the risks.

Relevant Url(s):
< http://get.adobe.com/air/ >

< http://www.adobe.com/support/security/bulletins/apsb08-23.html >

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_releases_update_for_air

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSSLDKHIHljM+H4irAQJg0QgAkQkwIQH+6jLMglb0YcTAhrOXuamafclL
+vj7YDTcfxZYtH/LWHoMwblN0JPaRXC2+Ksk6u4JB/xskZHeuFa7IlZx3qt7TUHx
zMS7viMmu8JHNO9wXOL+fKKSo7xTtxDMH3naDvuFwXUOdmoNueeCABqlv8a4F5hX
UUPDs3EPj4N64M6+8JNmrsddwG7gTo04GQOQ0wdZEtwfcOyGmhNB7x/q8O9qCEyx
XXjIOotLTmprIu4M2hk3/WGND3M05nRIYd4UgtVExEITB+tdvSKRBjUVSch9a4eB
tXZVChtVGbZqehZzTB+Mn7rGEvS1Bv9DQpWB+Xro/Hp11xDnlAsMDg==
=P/ZU
-----END PGP SIGNATURE-----


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


Leonard Grey

unread,
Dec 4, 2008, 9:57:14 AM12/4/08
to
Good news. Thanks, David.

---
Leonard Grey
Packin' the 'K'

W****n S***********g

unread,
Dec 4, 2008, 11:47:46 AM12/4/08
to
That is what I did.

--
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.

"Leonard Grey" <l.g...@invalid.invalid> wrote in message

news:%23FepZCi...@TK2MSFTNGP05.phx.gbl...

David H. Lipman

unread,
Dec 4, 2008, 6:01:56 PM12/4/08
to
From: "Leonard Grey" <l.g...@invalid.invalid>

| Good news. Thanks, David.
| ---
| Leonard Grey
| Packin' the 'K'

I wouldn't call this "Good News".

Yes it is good that Air can be un-installed individually from Adobe Reader. It is bad
that Adobe Air was "bundled" with the Adobe Reader installer without those downloading the
Adobe Reader installer knowing it. Thus those who installed it have a severe
vulnerability without even knowing they have it installed. You go to Adobe.Com to
download Adobe Reader and you get Air bundled without your knowledge. But you can
download the Adobe Reader installer from the FTP site without the bundled crap.

And then there is the bundle with Aobe Acrobat which can not be un-installed via the
"Add/Remove Programs" Control Panel applet.

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air

PA Bear [MS MVP]

unread,
Dec 4, 2008, 10:06:31 PM12/4/08
to
Secunia Discussion Forums
http://secunia.com/community/forum/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Jo-Anne

unread,
Dec 4, 2008, 10:48:37 PM12/4/08
to
Thank you, Robear. I knew about the Secunia forum, but I thought my
questions were more general--whether I should attempt to get rid of the
programs shown as security issues. I figured this question was more in line
with the security newsgroup here.

Jo-Anne

"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:OabYAcoV...@TK2MSFTNGP02.phx.gbl...

Richard Urban

unread,
Dec 5, 2008, 8:06:53 AM12/5/08
to
If you had a door lock on your front door that was broken (security issue),
what would you do?

Treat your software the same way. Why invite undesirables into your
computer?

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message
news:%23hFFcxo...@TK2MSFTNGP03.phx.gbl...

Jo-Anne

unread,
Dec 9, 2008, 2:48:52 AM12/9/08
to

I offer a couple more questions in response:

*Is everything that's labeled a security issue really one? For example, I
notice in another newsgroup that some people are using earlier versions of
Adobe Reader and plan to stay with them. Secunia claimed anything earlier
than the current version (version 9) is a security threat.

*Is it safe to remove some of the programs indicated as security issues--or
even to update them? For example, Secunia keeps noting that a few of the
programs I've already updated are still around in their earlier versions. It
seems that some other programs incorporated these programs. I would think
that making changes to the programs attached to others could cause problems.

Jo-Anne

"Richard Urban" <richardurba...@hotmail.com> wrote in message
news:eXLPaptV...@TK2MSFTNGP05.phx.gbl...

Dave M.

unread,
Dec 9, 2008, 3:11:28 AM12/9/08
to
http://windowssecrets.com:80/2008/11/20/03-Dont-be-a-victim-of-Sinowal-the-super-Trojan

Here is one reason to make sure you are using the latest versions of 3rd
party apps. Even then it may not be enough, but you will have at least
reduced the number of holes for the hackers to climb into your computer
through.

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

news:eYOhSKdW...@TK2MSFTNGP04.phx.gbl...

Leonard Grey

unread,
Dec 9, 2008, 9:20:06 AM12/9/08
to
Question 1 - Yes.

Question 2 - I addressed this in an earlier post.
---
Leonard Grey
Errare humanum est

David H. Lipman

unread,
Dec 9, 2008, 4:45:06 PM12/9/08
to

From: "Leonard Grey" <l.g...@invalid.invalid>

| Question 1 - Yes.

| Question 2 - I addressed this in an earlier post.
| ---
| Leonard Grey
| Errare humanum est


To be MORE specific...

There are a dozen or so "kits" available (such as El Fiesta) for the generation of
malicious PDF files whose shellcodes exploit two Javascript functions in Adobe Reader and
Acrobat. There are so many forms of this exploit code is is very dangerous to have a
vulnerable version of Adobe. When exploited it WILL lead to a malware infection.

Many forms of this Exploit are heuristically detected by Symantec as
"Bloodhound.Exploit.196"

The following Google Dork will provide an example.

http://www.google.com/search?filter=0&num=100&q=site%3Asafeweb.norton.com+Bloodhound.Exploit.196

Jo-Anne

unread,
Dec 11, 2008, 1:10:10 PM12/11/08
to
Twice I tried to remove Adobe AIR from my laptop (WinXP SP3) through
Add/Remove Programs, and both times it locked up Add/Remove Programs; when I
restarted the computer, AIR was still there.

Jo-Anne

"Leonard Grey" <l.g...@invalid.invalid> wrote in message
news:%23FepZCi...@TK2MSFTNGP05.phx.gbl...

PA Bear [MS MVP]

unread,
Dec 11, 2008, 1:46:29 PM12/11/08
to

Jo-Anne

unread,
Dec 11, 2008, 2:28:56 PM12/11/08
to
According to the Adobe support website, you should be able to uninstall
Adobe AIR through Add/Remove Programs. However, it looks like you first have
to install the program by itself; it's at

http://get.adobe.com/air/

I thought I'd be getting the latest version of AIR with Reader 9, when I
reinstalled Reader last week. However, Reader 9 did not come with the
current version of AIR, as Secunia informed me. Today I downloaded and
installed the latest version of AIR (1.5). Presumably, now I would be able
to remove the program, although I haven't tried it yet.

Jo-Anne

"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message

news:ORs63J8W...@TK2MSFTNGP04.phx.gbl...

PA Bear [MS MVP]

unread,
Dec 11, 2008, 2:59:33 PM12/11/08
to
Uninstall Reader 9 and see what happens. If no joy, contact Adobe Support
(which probably won't be free).

Foxit Reader: Read PDFs w/out the +34MB bloatware!
http://www.foxitsoftware.com/pdf/rd_intro.php

Jo-Anne

unread,
Dec 11, 2008, 3:46:34 PM12/11/08
to
Thank you, Robear! I've bookmarked Foxit and will give it a try. Someone
else mentioned, though, that sometimes Foxit can't deal with a PDF that was
tied to Reader--so I might have to keep Reader around.

Jo-Anne

"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message

news:%23jveoy8...@TK2MSFTNGP03.phx.gbl...

David H. Lipman

unread,
Dec 11, 2008, 4:04:06 PM12/11/08
to
From: "Jo-Anne" <Jo-AnneATnowhere.com>

| According to the Adobe support website, you should be able to uninstall
| Adobe AIR through Add/Remove Programs. However, it looks like you first have
| to install the program by itself; it's at

| http://get.adobe.com/air/

| I thought I'd be getting the latest version of AIR with Reader 9, when I
| reinstalled Reader last week. However, Reader 9 did not come with the
| current version of AIR, as Secunia informed me. Today I downloaded and
| installed the latest version of AIR (1.5). Presumably, now I would be able
| to remove the program, although I haven't tried it yet.

| Jo-Anne

Yes. Now if you don't want or need Adobe Air remove the updated version.

Jo-Anne

unread,
Dec 11, 2008, 4:22:49 PM12/11/08
to
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:e3P1CQ9W...@TK2MSFTNGP06.phx.gbl...
Thank you, Dave! I assume there's no need for it to run Reader?

Jo-Anne


David H. Lipman

unread,
Dec 11, 2008, 4:31:11 PM12/11/08
to
From: "Jo-Anne" <Jo-AnneATnowhere.com>

| Thank you, Dave! I assume there's no need for it to run Reader?

| Jo-Anne

Absolutely not.

In fact, if you go to Adobe's FTP site you can download Adobe Reader without ANY bundled
software.

ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.0/enu

And you can see TWO versions. 25.7MB and 34.3MB
The 34MB version is what you get from www.adobe.com and includes that Adobe Air crap
add-on.
The 25MB version, AdbeRdr90_en_US_Std.exe , is free of the added software.

Jo-Anne

unread,
Dec 11, 2008, 7:28:10 PM12/11/08
to
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ukRsLf9W...@TK2MSFTNGP05.phx.gbl...
Thank you again, Dave!

Jo-Anne


0 new messages