Best posts made by Tom

It seems that the Flexera guys didn't like that we, as a new user, posted about the VulnDetect project, despite them discontinuing the beloved Secunia PSI.

We would very much appreciate if you would gently the spread the word and a few links to vulndetect.org / https://vulndetect.com/?1, it is much needed, so we have a lot of testers once the alpha is ready.

We also feel that it is important to invite all the PSI forum users to come here and join the VulnDetect forum.

We are also very open to creating new Categories and Sub-categories here, where different, related subjects can be discussed and provide moderator privileges to those who want to contribute.

/Tom

group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want

Suggested by @CTaylor

At this point, we believe that we have developed approx. 80% of the core functionality, this includes:

• Binary to collect data on the client system
• Scheduling of the binary
• Data collection and parsing from the binary
• Authentication and account management
• Backend for curating data about software and vulnerabilities
• Infrastructure

ToDo:

• Processing of the collected data / matching with the curated data
• UI
• Optimisation and testing of the binary
• Curating data

And loads of more stuff, but first we need to finish the above and get an alpha version out to you.

/Tom

This thread is a summary of all user contributed suggestions that were posted in this forums.
It will be updated with links to new suggestions and also reflect the status of suggestions.

Please make one new thread for each feature suggestion were other users can vote and discuss about the suggested features.
Thank you for sharing your ideas!

Notes:

• At the time of writing (May 2018) the SecTeer Personal CARMA is only in Tech Preview. A beta version is not due before late 2018.

• Inclusion on this list does not imply that we will implement it, nor does it indicate any sort of priority.

• We may rewrite suggestions (titles) to fit with the terminology that we intend to use or to fit how we believe that feature should be designed.

---

List of Applications:

• [Work in progress] Download Updates with one click
• Show Available Version
• Column-Headers
• Optional Columns
  • Column "Company"
  • Column "File Path"
  • Column "Users"
  • Column "Last Used"
• Report Errors
• Filter Applications
• Threat Level
• Show Updates of the VulnDetect-Client on top
• Overall Score
• Add icons to indicate collapse feature
• Rename "By" and "Based on"
• Start scan manually with a button click
• Column "Available Minor Version"
• Allow to ignore Updates and Apps
• Allow to Sort the Columns
• Color Contrast of the Status text
• Report missing apps
• Show excluded applications in a "Debug-Mode"
• New Status values:
  • New Status "Outdated" (for non-security updates)
  • New Status "Under Review"
• Separate download link for 32-Bit and 64-Bit Apps
• Show Reason for Unsafe Status
• Ignore detections
• Simple program listing
• Download link / info if no update available
• Flag auto-updating apps
• Grouping multiple programs
• Exclude apps updated by Windows update
• Hide Apps
• Show updates immediately (Server-Sided)
• Recommend Deletion of Unsafe Installers
• Show Counters
• Show Last Inspection in List of Applications
• Export List of Applications
• Expand/Collapse all entries in the List of Applications
• Show Replacement Application
• Increase the width of the Version Number
• Allow Notes in List of Apps
• One Application List for all Clients
• Additional Status for Update Available
• Suggest apps via the List of Applications
• Show Changes over time in the List of Apps
• Mark Windows 10 Store Apps in the List of Apps
• Mark VulnDetect Updated Apps in the List of Apps
• Link to Vulnerability ID from the List of Applications
• List of Applications - Improved UI
• Different Views in the List of Applications
• List of Apps - Recommendations could be problematic
• Update List of Applications after Update immediately
• Explain the Labels in the List of Applications
• [Implemented] Show full path
• [Implemented] New Status "End-Of-Life"
• [Implemented] End of Life Info
• [Implemented] Unique display of missing version information

---

Configuration:

• [Work in progress] Exclude specific drives/folders from scan
• Allow to rename the computer (Host name)
• Allow to change the email address
• Button colours in the Review Agent window
• Add multiple computers (Family/Companies)
• Show the online status of each computer
• Configure CheckIn interval
• Multi-Language support at the VulnDetect website
• Show Warning at unsaved changes
• Allow to set up a Proxy Server
• Change Language at the Website and VulnDetect Agent
• Allow to change the order of computers
• Tooltip Help in Configuration
• Log of actions / applied updates
• Optional partial scan
• Scan Oprions
• [Implemented] Show hours in configuration with leading zero
• [Implemented] Show timestamp of the last scan
• [Implemented] Full scan by default

---

Local Agent / app:

• [Work in progress] Auto-update
• Show VulnDetect Icon in the System Tray
• Open the VulnDetect website from the VulnDetect Agent
• Show Version Information of the VulnDetect Agent
• Start Full System Scan from the VulnDetect Agent
• Check for Updates of the VulnDetect Agent
• Change time in logs to local time
• Show Scan Status in the VulnDetect Agent
• VulnDetect Agent should notify Available Updates
• Pause Inspection
• Automatically Pause Inspection (Silent Mode)
• GUI as app, not online
• Progress Bar
• Automatic scanning
• Portable Version of VulnDetect Agent
• Show "VulnDetect Scan" Desktop Icon
• Create Log-Folder before Scanning
• Warn when installing applications with known vulnerabilities
• New Parameter "--pause"
• [Implemented] Don't store log files in the Windows folder

---

Application detection:

• [Work in progress] Differentiate between 32-Bit and 64-Bit
• [Work in progress] Consider installed Language at applications
• [Work in progress] Hide bundled applications
• Handling of Beta versions
• Consider ESR Versions
• Show updates for Browser-Plugins
• Show available Windows Updates
• Show updates of Microsoft Products (not Windows)
• Show updates for Drivers
• Show updates for Portable Applications
• Show updates for Games
• Comprehensive Detection
• Show BIOS-Updates and Firmware-Updates

---

Other:

• Lookup in database
• Easier program suggestion
• Library and easy Installation of popular apps
• Two factor authentication

---

Business Users:

• Gather installed software in the company
• Send Admin information about available updates
• Detect Manually Installed Software (in companies)

---

@ted OK, this explains, the agent did not yet do an inspection. With the current schedule it will take 10 hours.
Btw. you may want to delete / modify the picture / comment, since it displays your IP.

What you mean is that there should be a notification on the Windows system and not just in the Web UI?

The agent already has support for this. How we display this, is decided in each rule. Thus, we may treat this independently for each program, but it seems most likely, that we will report individually, since most programs require separate updates for 32 and 64-bit versions.
It is something that we will pay attention to and if you see errors in the results, then it should be reported individually for each program.

If initialization takes longer than a few seconds, show a progress bar to indicate program is still initializing and not hung

Suggested by @Alex-Connolly

Categorize programs that have security vulnerabilities separately from those that are just bug fixes and feature updates. Best would be a simple filter. I could look at just security vulnerabilities normally, but would flip a switch to see bug fixes/ feature updates

Suggested by @CTaylor

report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.

Suggested by @CTaylor

UI should be GUI not line

Suggested by @Alex-Connolly

option of having updates installed automatically

Suggested by @CTaylor

This is detected because it also is an independent program, which you may download and install.
We will not detect system components that are not accessible as standalone programs.
But I suppose we need to add OpenSSH to the list of products that needs contextual rules, so only the user managed versions will be reported and not the one managed by Windows.
Thank you for highlighting this.

LibreOffice has been added. It has been added as one product, since the vendor doesn't seem to support the individual apps with individual updates.

Nitro PDF Reader and Nitro Pro has been added.

You should note that version 5 went End-of-Life long ago and should be considered insecure.

Secunia includes both an Installed version number and (if different), a Secure version number of each program. The latter is useful for when I need to find the update myself.

Suggested by @HempOil

Hi Zian,
Thanks for reporting this.
This is a known issue, if you read this post:
https://vulndetect.org/post/1310

However, GIMP seems to be vulnerable to this old vuln:
CVE-2017-17789 in file-psp.exe
There is no immediate announcements or entries in the changelog about this being fixed.

As soon as we get some pointer to a changelog or other statement about this being fixed in a specific version, then we will update the rules to reflect this.

@gregalexandre Yes, this is due to the way we detect programs. One of the upcoming features of our rules, will be the ability to "group" based on what program it was bundled with. 7-zip is bundled with a lot of different apps, including certain Nvidia packages, so, in the future, you should only see Nvidia, and then when you expand Nvidia, you will see that it also includes 7-zip (which can't be updated). But again, that is part of the many things we are still working on, so please be patient.

@Anselm See this:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19857

Hi Ascendor,

Did you read this, we do link to this during installation:
https://secteer.com/privacy-policy-personal-carma/

SecTeer will collect the following information for CARMA consumer accounts:

Name (optional)
Email / Username (mandatory)
Password (mandatory)
Other personal information is not required to use the product, but you may be encouraged to supply this
IP addresses used to log in and submit data

The SecTeer CARMA products will collect the following information from your PC or device:

Program file names (NOT data files)
Meta data of program files, including, but not limited to size, version information, date, hashes, digital signatures, and other header / meta information
Directory structure i.e location of program files
Registry information related to installed software
Hostname or other unique identifier, to ensure correct correlation in reporting

Unfortunately, we do not offer a way around this nor do we have any plans to offer a different way of detected this and providing the results.

If you are concerned about this, then you can achieve a bit more anonymity, by registering using an alternative email address and perhaps send your data via a VPN (we do not support a proxy yet, but that may be implemented at a later stage).

And, soon, we will start anonymizing the data further i.e. by using placeholders for usernames in e.g. "c:\Users<yourusername>". However, this has NOT been implemented yet.

We've also planned another feature, which will allow you to exclude certain folders or drives.