I've been looking for software like this for my clients for a long time! Nice find!

Unfortunately, this tool requires Java, which is on my software blacklist.

Minimum Requirements:
* Windows 2000, Windows XP, or Windows 2003
* Sun Java JRE 1.5.0_06
* Internet Explorer 6.x, Opera 9.x, or Firefox 1.5.x
* Latest version of Microsoft Windows Update

Such is the case with various other tools. Some require an ActiveX plug-in. So, it can be a trade-off, do you allow such things to inspect your system and hope the tool itself is not susceptible to exploit? Or, do you run manual checks that do not have such requirements? Catch-22

I test it last year.. Very Good

Adobe never un-installs previous versions. Does it need to keep those on the machine for sites that don't implement the latest version of Flash or do the Adobe programmers don't care?

I'm sure it's not malicious in intent, the host being Secunia, but this is a slightly scary little squirrel. It uses a Java applet to load a native Windows DLL (secuniasi.dll), then executes a Java program to survey your system, relying largely on methods defined in the DLL. One of the tests is to check for the presence and versions of a collection of files; you can see which by hitting this url:

http://si.secunia.com/?action=rules&rp_id=foo

It also inspects some registry keys, enumerates drives, and checks drive types, and queries some info about Windows Update status.

As the survey progress, the Java program appears to upload the various info to si.secunia.com, which crunches them and produces a verdict for each uploaded survey chunk. So users should be aware that all this information about your box is being transmitted, in the clear, to Secunia, albeit gzip-compressed.

Adobe 7.0.9 must be a real kludge of a fix. A full installer to replace what? The Secunia test showed 7.0.9 as 7.0.8 and sure enough AcroRd32.exe shows 7.0.8. Help/ About/ Adobe Reader 7 shows 7.0.9. Adobe is such a disappointment.

I use the AOL browser and this tool doesn't work with it. I changed the settings on IE to allow active-x control but still nothing. Anybody got any ideas?

This secunia application is based on a Java applet - which conceptually is similar to ActiveX or Flash in that a program downloads and runs on your machine.

The problems with Java applets include there being too many versions of Java and installing and upgrading Java on your computer is too hard for non-techies. Then too there is the techie terminology (JRE, JVM, runtime) to confuse the issue even more. At one time Java was hot, but these problems led to its demise on client machines and the eventual rise of Flash.

Back when Java was the next big thing, it was included on new Windows machines, but no longer. Which leads to the question: is Java on your computer? If so, which version? And is it enabled?

Secunia mentions the need for Java version 1.5.0.0.6 but offers no help in determining if you have this on your computer or not.

The best answer to this question is my website http://www.javatester.org

Brian, I'm finding the old Flash files, too, even though I've updated recently. Did you find a way to uninstall or safely remove those?

eightsouthman,

Use Firefox (preferred) or IE7 (if you must) instead of the AOL browser. You can log into AOL, minimize it (after checking your email or whatever), then open up Firefox or IE7 and browse the web from there. Then more stuff will work and you'll probably be more secure.

CosmicAvenger -- Love the name. Yes, if you read the last part at the bottom of this post (http://blog.washingtonpost.com/securityfix/2007/01/be_careful_with_those_pdf_docu.html#more) I know, I know it's a long post...there are some instructions there for removing old plugins for Firefox that should work for older Flash plug-ins as well.

In IE, I believe you can delete old plug-ins by going to, Tools, Manage Add-ons.

Not only does Adobe not remove previous version of Flash, but neither those JAVA

This program found previous version of the latter still installed that had vulnerabilities. It say though that they could be easily uninstalled from the Add/Remove Pane.

Thanks for the link, Brian!

PS Love your blog.

I thought I always deleted old versions of flash before installing new, but Secunia Software Inspector discovered Macromedia Flash Player 4.0.7.0 on my machine (dated 1999!). It doesn't show up in Firefox's about:properties, IE7 tools/manage addons, or the control panel's add/remove programs list. However, I did find an Adobe technote on removing old versions called (appropriately enough) "How to remove the Macromedia Flash Player ActiveX control" at http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_12727

It explains how to pull the plug on these old critters.

Thanks, this is a very useful tool. Although they should include a copy to notepad feature so you can save the scan results.

There is a paid version at driverscan.com that works pretty well too. And in addtion to the large number of virus scanners online, I would throw in pcpitstop.com's computer health scan as well. It worked so well for me I picked up their Optimize software.

Other online scans I use periodically are Trend Micro, McAfee, Panda, Kapersky, Microsoft One Live, Hijack This and F-Secure. Although they all include d/l active-x components that may bog down a browser if too many are loaded at once.

And one other recommendation for website owners with a formmail script, try a few of these tricks to keep spam bots from hijacking your form and mass emailing spam with it.

http://www.webmasterworld.com/forum23/4305.htm

Keep up the cool blog.

I had an older version of Flash in a directory in System32/Macromed/Flash. Just trying to delete the Flash .ocx file itself resulted in a file in use message. There was an uninstall utility in that folder. I ran this, rebooted and was able to delete the entire folder without problem.

Frank -- Yeah, anytime you try to delete a browser plug-in, you need to make sure the browser is completely closed out and shut down. Sometimes even when there are no browser windows visible, IE or Firefox will still be listed as a running process in the Windows task manager. If that happens, end the task in task manager and then try deleting it.

Maybe I missed something - surfed to the Secunia page, clicked on the start button for the Inspector and nothing happens. No error message, no progress/status bar, nothing. Other apps still work, but its like the start button isnt connected to anything. Am running XP Pro with Norton (everything) - Personal Firewall, Internet Security, anti-virus, plus (WebRoot) Spy Sweeper and a router. Do I need to disable some shielding (other than permitting Javascript) to enable the inspector to run?

tried Secunia Software Inspector. Nothing happened. Tired all start buttons - still nothing. Well done.

tried Secunia Software Inspector. Nothing happened. Tried all start buttons - still nothing. Well done.