Some users have reported an issue when installing on some (all?) Windows 7 systems. We have identified the cause of this and will soon be releasing a new installer / binary that fixes the issue.
Also, we have some improvements for the UI and the emails in the pipeline.
We are looking for various sources of information about vulns and new security related patches.
We will naturally monitor all relevant vendor websites, but as we all know, the vendors aren't always open and upfront when they fix security related issues, so we need a number of other sources.
And for too long the NVD and CVE has not been up-to-speed, nor do they cover everything.
We are aware of the following open databases:
https://sec.hpi.de/vulndb/
https://vuldb.com/
https://www.securityfocus.com/bid/
https://www.kb.cert.org/vuls/
https://jvn.jp/en/jp/index.html
https://www.exploit-db.com/
http://seclists.org/fulldisclosure/
Please comment on this topic, with links to other sources you may find relevant.
This has been a great week. We have achieved a lot in terms of development, testing and generating content / rules.
And we expect to release the first Tech Preview on Tuesday (8th of May).
This is, as I have promised before, a very early stage of the product.
You will be able to install it.
It will scan your system and find around 20 of the most common programs on your Windows desktop.
You should note, that there is no direct communication between the user interface and the agent. This is very unlike the PSI, which was a local program, that talked directly to the agent and could do "live" scans. This will be changed, but it is a low priority and will not be made before later this year.
Also, patching, or auto updating, is not due to be implemented before around August, give or take a bit.
In the first two or three weeks (maybe more), you should not rely on it to provide a reliable reporting of Safe / Unsafe programs.
But we need you to install it anyway, so we get data to generate new rules from. And we will work to improve rules and reporting everyday, from now on.
And remember, we do read all the posts and comments here on https://vulndetect.org - but we are not anywhere near being able to implement all the great ideas and feedback you have provided, yet. (but keep posting)
We are currently updating the forum, changing hosting and moving the database.
SecTeer Personal Carma installation instructions.
You must install the SecTeer Personal Carma Agent in order to use SecTeer Personal Carma.
Note that the SecTeer Personal Carma Agent has no graphical user interface.
All user interaction with SecTeer Personal Carma (other than installing the Agent) is through the web page:
~~https://carma.secteer.com/personal-carma/~~ https://vulndetect.com/?1
There are 2 ways to install SecTeer Personal Carma Agent:
1)
A) Start by downloading the agent installer: secteerSetup.exe.
B) Run the agent installer, enter your email address when prompted, and complete the installation.
If an account does not already exist for that email address, it is created, a password is generated and sent to the email address, and an additional email is also sent to the email address, containing an account confirmation link.
C) Open the account confirmation link in a web browser and then log in to the account using the email address as a username, and the password that was sent in the email.
D) Go to the Configuration page and approve the agent.
2)
A. Start by going to the web page: ~~https://carma.secteer.com/personal-carma/~~ https://vulndetect.com/?1
B. Use your email address to register, supplying your own password. An email is sent to you, containing an account confirmation link.
C. Open the account confirmation link and then log in to the account using the email address as a username, and the password you supplied when registering.
D. From the Configuration page, download the agent installer: secteerSetup.exe.
E. Run the agent installer, enter your email address when prompted, and complete the installation.
F. In the your browser, refresh the Configuration page and approve the agent.
Note that at this time, there is no way to change the account password.
If you register by first installing the agent, then a password is generated and emailed to you, and there is no way to change the password.
If you first register an account on the web page, then you can select your own password, but there is no way to change or reset it at this time.
The reason you saw this in the past, is that you used to use the Personal edition.
The Personal edition by default displays files that are considered libraries.
The issue with 7z.exe is that it is hugely popular, as a library. In fact, there is an average of 1.6 7z.exe files on each host that uses VulnDetect, which are "real" libraries, only a tiny fraction of these are portable, like yours.
22% of all hosts have a "real" 7-Zip installation. These "real" installations are displayed correctly and updated automatically.
Sadly, there is no simple way (for us) to make a distinction between a 7z.exe that is used as a library, and one that is a portable file, like yours.
The Privacy Policy has been updated to reflect that data now is stored at Hetzner, rather than at AWS.
The module that allows custom content like the Privacy Policy has also been reinstalled and reactivated.
Ping @tom if there are any issues with the forum.
The forum is now updated and hosted at Hetzner, like all other production systems.
We are currently updating the forum, changing hosting and moving the database.
The systems are all back online.
The maintenance, which really wasn't maintenance at all, but rather a move of all our infrastructure from AWS in Ireland, to Hetzner in Germany.
The policies will be updated soon, to reflect this. There is still some backup data at AWS, which will be purged soon.
Also, we will continue to use AWS S3 for some transient storage.
All databases and all processing of data is now conducted on our "own" systems hosted at Hetzner.
This has given us significant more computing resources as well as cost savings.
More importantly, we have upgraded the setup, in almost every way possible, allowing much smoother deployment of changes, as well as much more control and insight of operations.
The coming week or two, will likely call for some fine tuning and tweaking, but all in all, it looks like everything is running smoothly.
We are currently conducting system maintenance. This means that we will be closing all access to the services.
The UI is expected to be back within an hour.
The Agent servers and processing of inspections are expected to be back online within 3 hours.
The maintenance will not affect the forum, only services on *.vulndetect.com are affected.
We will update this post or post new comments when there is new information.
@olli_s Thank you, it was added some days ago, but some changes were made to last few versions, so the detection had to be updated.
That is now in place and so is the icon, thank you.
Thank you for bringing this to our attention. It appears that there is at least three different "names", and this appears to be based on the license.
We have changed the rules, so we now select a title based on what is in "Add/Remove".