daveinpoway
Premium
join:2006-07-03
Poway, CA
| Blink Personal Vulnerability Assessment
When doing a Vulnerability Assessment scan in BP (Version 3.0.6), it tells me that several Microsoft patches (for both Windows and Word) are not installed, but Microsoft Update and Office Update say that I am completely up-to-date; Belarc Advisor does not indicate any problems, either. I am running XP Professional (SP2) and Word 2000.
Just false positives, or something to be concerned about? Anyone else experiencing this? |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| and are the patches, it flagged, installed (if you check in Add/Remove prog - select show updates)? If yes Blinks needs to fix it, in which case email their tech support and let them know.
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006-2007 |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| I haven't had time to check, but I would think that Microsoft's update services would tell me that patches need to be installed. Also, as I said, Belarc Advisor tells me that everything is patched correctly.
About a year or so back (I have reformatted and reinstalled my software since, so this took place on a different installation), I recall that the Microsoft Baseline Security Analyzer program also told me that I had a bunch of missing patches. Even when I re-installed these manually, MBSA continued to tell me they were missing. I solved the problem that time by just not using the program any more.
When I get a chance, I will do some further checking (with tax stuff coming up this week, it may take some time for me to get around to Blink). |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to daveinpoway
I do not use Blink but..
When I used Belarc from the get go when XP first came out it was great at tracking and giving me info on the KB's. Then when SP1 came along and I installed it from a WUS and also then again when I installed SP2 from a disk that Microsoft sent in the mail for free..things started to get very strange in each case with Belarc..at times it would still list KB's I had installed between XP and XP1 but some as failed..then some of the same things happened when upgrading to SP2..I have also seen it happen on Win 98 systems when upgrading when it came to IE 5 to 5.5 and then to IE 6.
To anyone who uses Belarc I suggest you uninstall your current Belarc Advisor from the Add/Remove..then go to their site and download a new one after you have done a full reboot if you think it might be giving you conflicting info.
Also take into consideration if you have ever used system restore on WinXP..and just happened to roll it back past the time you have just installed a hotfix or critical update.
I like Belarc for all the other info it puts at the users fingertips.
I also like siw.exe by Topala..he has a free version and a tech version now.
»www.gtopala.com/
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to daveinpoway
BTW your comment on Microsoft Baseline Security Analyzer program (MBSA), you should be aware there is a difference between hotfixes..critical updates..etc.
thsi link might shed light for you.
»Re: Latest Security Update Causing an Issue
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| I don't recall exactly what MBSA called the supposedly missing items, but it flagged them as serious security risks to my system. Given that MS Update and Office Update told me there was nothing available (either critical or optional) for my PC, I decided that MBSA was just another buggy Microsoft program and decided to never use it again. Harsh, perhaps, but I have become tired of the flawed stuff that MS has dished out.
|
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| reply to Cudni
No, not a single one of the items that Blink says are missing show up under Add/Remove Programs, but I have installed everything that MS has put out (except for IE7), and MS Update and Office Update tell me there is nothing presently available for my system (except for one optional update related to my display, which I don't feel that I need).
Will all of the fixes that MS has put out appear in Add/Remove Programs? Is there one method used by Blink and A/R P to tell what is installed, and a different method used by MSU and OU? If so, which should I trust?
By the way, the items that Blink says are missing are:
915384 (MS 06-039)
917344 (MS 06-023)
917422 (MS 06-051)
902400 (MS 05-051)
904706 (MS 05-050)
900725 (MS 05-049)
914389 (MS 06-030) |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| reply to Cudni
Update- I downloaded (from Microsoft) what were supposed to be the missing items and installed the last 6 in the list again manually; now, Blink no longer says that they are missing. Regarding the first item in the list (which applies to Office), I cannot install this manually, as I get a message that it is already installed, yet Blink continues to tell me that it is missing. No time to proceed further with this today. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | reply to daveinpoway
Many people are still running MBSA 1.2.1 and you might want to check the first link to find out how third party products interface like your Blink Professional.
MBSA 2.0 Frequently Asked Questions
»www.microsoft.com/technet/securi···/qa.mspx
Q. What is MBSA 2.0?
A. Microsoft Baseline Security Analyzer (MBSA) 2.0 is an easy to use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.
Q. What is MBSA 2.0.1, why was it released, and do I need to upgrade from MBSA 2.0?
A. MBSA 2.0.1 is an update to MBSA 2.0 to enable compatibility with the new Windows Update (WU) offline scan file. (For information on the new scan file, see »support.microsoft.com/kb/926464.) This fix enables MBSA to download and read the new file format. If you only run MBSA 2.0 in the online mode, then you do not need to do upgrade. If you use MBSA in the offline mode, you will need to download the new version of MBSA. You will also need to download the new offline scan file, wsusscn2.cab, by clicking »go.microsoft.com/fwlink/?LinkId=76054. Save it to C:\Documents and Settings\\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab.
Does MBSA 2.0 support the same products as MBSA 1.2.1?
A. MBSA 1.2.1 and 2.0 support the same products for security configuration checks. For security update detection, MBSA supports all products supported by Microsoft Update which is the official source for future security updates. Some products have not yet been added to Microsoft Update and therefore updates to these products are not yet available. This includes Office 2000, various consumer applications as well as products that are out of support, such as Windows NT 4. Microsoft recommends that customers who primarily have Windows 2000+, Office XP+, Exchange 2000+, and SQL 2000 SP4+ environments should upgrade to MBSA 2.0. Over time, all Microsoft products will be supported through Microsoft Update and MBSA 2.0 will automatically support them. No new products will be added to MBSA 1.2.1. When the Microsoft Update catalog reaches full parity with MBSA 1.2.1, MBSA 1.2.1 will no longer be supported and all customers should upgrade to MBSA 2.0. You can find out more information about the upcoming product support for Microsoft Update at:»support.microsoft.com/kb/895660
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| Well, if others want to use MBSA, they are welcome to; I simply had/have no patience to deal with this product. Especially so when I manually re-installed the stuff that MBSA said was missing, and yet it continued to tell me these fixes did not exist in my system. Perhaps some anti-malware program I was running somehow shielded the needed info from MBSA, but I just didn't feel like disabling one program after another in order to see if MBSA then ran correctly; life is too short to waste it this way!
At this point, I cannot even begin to recall which version of MBSA I was using. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | said by daveinpoway  :Well, if others want to use MBSA, they are welcome to; I simply had/have no patience to deal with this product. Especially so when I manually re-installed the stuff that MBSA said was missing, and yet it continued to tell me these fixes did not exist in my system. Perhaps some anti-malware program I was running somehow shielded the needed info from MBSA, but I just didn't feel like disabling one program after another in order to see if MBSA then ran correctly; life is too short to waste it this way! At this point, I cannot even begin to recall which version of MBSA I was using. That is not the point...the point is you are using Blink and you better understand just where it really gets it's Info..so if you do not want to read the link I posted on MBSA which will tell you why..for your particular setup even it is giving you whacky stuff in BLINK.. and where Blink really get's it's "BASELINE" that is up to you. 
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| I'm sorry, but why do I need to understand where Blink gets its info from, since that is fixed by the programmers and cannot be changed by me? If I knew that it looked in a specific hive in the registry, for example, how would knowing this benefit me?
Anyway, for what it's worth, I fixed the remaining item that Blink said was missing (related to Office) by getting rid of Word yesterday and switching to OpenOffice.org. One less potentially-troublesome Microsoft product to worry about! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by daveinpoway :I'm sorry, but why do I need to understand where Blink gets its info from, since that is fixed by the programmers and cannot be changed by me? If I knew that it looked in a specific hive in the registry, for example, how would knowing this benefit me? Anyway, for what it's worth, I fixed the remaining item that Blink said was missing (related to Office) by getting rid of Word yesterday and switching to OpenOffice.org. One less potentially-troublesome Microsoft product to worry about! To know that it did not benfit you in the first place to even use it..and to further understand if you go to the Microsoft update sites for the various Microsoft products you do have..and let those site then scan your PC and tell you what still might be needed..that is your best source of info..and no other..even Belarc user have to realize they must also hit the magic button in Belarc once in a while to
update their data base..but that old blink thing will not even come close to telling you the real world.
Your first post in this thread was about 'Blink Personal Vulnerability Assessment', the assessment is well intended..but flawed.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| Yes, I suspected that the feedback that Blink was giving me was not accurate, but didn't know for sure. Unfortunately, however, even going by Microsoft's update scans may not save you- one of the updates released yesterday keeps coming up over and over again as required, even though my Microsoft Update history says that it was successfully installed and it appears in my Add/Remove Programs listing. I even tried installing this update again with Blink turned off (so that the registry protection feature would not interfere), yet I STILL get a message that this update is required! Oh, well, time to wait for a patch for this patch! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by daveinpoway :Yes, I suspected that the feedback that Blink was giving me was not accurate, but didn't know for sure. Unfortunately, however, even going by Microsoft's update scans may not save you- one of the updates released yesterday keeps coming up over and over again as required, even though my Microsoft Update history says that it was successfully installed and it appears in my Add/Remove Programs listing. I even tried installing this update again with Blink turned off (so that the registry protection feature would not interfere), yet I STILL get a message that this update is required! Oh, well, time to wait for a patch for this patch! You said about everything except which one.. give me the KB  you see that happen when you do not compeletly uninstall a program or App..but still no longer use it and Microsoft still thinks you need a fix. give me some more info please.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
