COMODO Vulnerability Analyzer Version 1.0.1.13 (BETA) Released

[Guest]

[umesh]

Hi,
Today we have released updated setups and program updates for CVA.

Following are setup details:

32-bit Setup
--------------
http://download.comodo.com/cva/download/setups/CVA_Setup_1.0.1.13_XP_Vista_x32_BETA.exe
Size: 3.22 MB (3,384,080 bytes)
MD5: 7f79811e7dac878cbd84ab94f92f27e4
SHA1: dcedc341ce8b11a823f1f403ceaae069a692d096

64-bit Setup
--------------
http://download.comodo.com/cva/download/setups/CVA_Setup_1.0.1.13_XP_Vista_x64_BETA.exe
Size: 6.41 MB (6,724,368 bytes)
MD5: 2984a97cff0b36344a96fa34db6cbbb3
SHA1: 6cbd590d882a5870aab82090b1355cdca08ff660

We have provided two types of updates in CVA today:

1. Database Updates: You can use version 1.0.0.9 and when you press 'Start', it will update local DB and you should see FPs reported in last release fixed. As i mentioned in previous release that whenever you scan, scanner makes sure it's local DB is up to date and is in sync with server.

2. Program Updates: Program files updates can be availed using 'Miscellaneous --> Update' option. It has following changes:
 * FIXED: Crash reported in updater is fixed. As users, for whom updater is crashing, can't avail these updates, i would request them to download following updated updater and then take latest updates:
http://download.comodo.com/cva/download/updates/beta/x32/cvaupdat.exe (for 32-bit OS)
http://download.comodo.com/cva/download/updates/beta/x64/cvaupdat.exe (for 64-bit OS)

 *IMPROVED: Added 'Close' button in 'Vulnerability Information' dialog.

A general note to testers:
CVA has just started and we can't be compared in detection count with competitors, we will catch up within short period of time. So this is not something that's going to be released next week. Once we have detected count at par with competitors, we will make it public and till then it will remain as BETA.
In this period we want to strengthen the quality and count of DB and that's where we need your input.  We are targetting for ZERO FP and Just like last release, input from you guys have been of tremendous help and we are very happy and obliged to you guys who invested valuable time in testing this product.

So please keep the momentum going and give it a try again and let us know your feedback on detection, specially if any FP is encountered.

Thanks
-umesh
 

[JJasper]

Looks great umesh

No FP's for me this time.

Thanks for this

John

[Toxteth O'Grady]

Great, thanks for the update.

There is\could be a false positive wit Winrar. Unless there is a beta somewhere (which I can't find) 3.71 is the latest version and that's the one that is one I have. Also the link to the update does not work (only for Winrar). It does not open the browser.

Apart from that, I wonder whether it is a good idea to list betas as available updates without any warning (for example, Opera browser). Personally I don't mind, but not everyone likes to use those.

The close button (X) only closes the program window and minimises it to the system tray. I don't like that behaviour. It should close the program. The minimise button (-) should minimise, not the close button.

[hbobeck]

Update went smooth!

thanks Umesh.

Harry

[coltrane]

Hi!

very good improvements in this update. I like to see updates also, so soon I can get rid of both Secunia PSI and Filehippo update checker!

Now, it seems to have a problem with Acrobat Reader. Yes, AcroRd32,exe shows 8.1.0.xxxxxx in file info, but it's already updated to 8.1.2 - you can see it in About Reader. Maybe it's Adobe's fault for not updating file info, but Secunia shows the right version.

Filehippo is now showing 7 updates to my programs, CVA only 3. 2 actually, because Winrar is a FP. Also, if I click the link in CVA does nothing (all other updates go to filehippo) The 5 updates missing are:

Google Earth 4.2.0205
Iso Buster 2.3.0.1
MBSA 2.1
OpenOffice 2.4 (I have 2.3 which is also vulnerable but not showed anywhere in CVA)
Skype 3.8

Well, i can's say if that is a bug or not, maybe Comodo only show updates for some programs.

Finally, the worse thing so far is OpenOffice issue. I don't mind FPs but not showing a ver well known vulnerability is really bad.

Thanks again for CVA, I needed such a program!

[eXPerience]

I think it gives a false positive with opera 9.27 ? It says that it isn't up to date?

I any case, the rest is right!

Xan

[Rafel]

Two little bugs:



Winrar 3.71 is the last version.
Utorrent 1.7.7 is the last estable version.

[LeoniAquila]

First, here's a quote from my last experience with the previous version:

Now I've also tried this nice little tool.

Here's a complete list of all my programs (on Windows XP SP3):

7-Zip
Adobe Reader Lite
Bryce
CCleaner
CFP
DC++
Diino
GIMP
InfraRecorder
Internet Explorer
JkDefrag
Media Player Classic
Mozilla Firefox
NT Registry Optimizer
OpenOffice.org
PDF Split and Merge
PDFCreator
RegSeeker

+ Java Runtime Environment and many codecs.

Everything is the very latest version (not referring to CVA here, but my own control of the system), except for Internet Explorer which is version 6. The result of the scan was the same FP as JamesFrance received: Adobe Reader. Other than that, no warnings, not even for IE 6.

I have the very same prerequisites now. I got a FP for Adobe Reader - it's the latest version on my system (8.1.2), although it's the "Adobe Reader Lite" version. I'm also posting the warning(s) I got from CVA.

LA

[gismo999]

I get a error, can't connect to server

even after a reboot

[Soyabeaner]

Comment on last beta:

There does appear to be false positives:
It states I have a vulnerable IE 6 (no need for funny remarks here ) and links to http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx for the solution, but I already have KB942615 installed.

uTorrent 1.7.7 has an update?  Excluding the 1.8 beta, this is untrue as the one I have is the last final version already.

MS PowerPoint 2003 is indeed vulnerable (I already knew that), but the url solution references the download site for -- MS PowerPoint 2003, which isn't a solution by itself, but I guess it is the only official site with info from MS.

I wonder why there are 2 instances of my Windows Media Player 10 (one in C:\Program Files\Windows Media Player and the other in C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}).

There's no close button for the info screen, just the X at the top-right corner.

Other than those to comment, I like this tool.  It literally took 3 seconds to scan my computer .

All the previous FP's have been fixed except for the "update" on uTorrent 1.7.7 because it's still the latest stable version.

In addition, there are now 2 new FP's that the others are getting:
Opera 9.27 and WinRAR 3.71 (both already latest stable versions).
And for some reason the only link that doesn't open a new browser tab is the one that supposedly updates to WinRAR 3.71.

The updater produced no errors for me.  Gizmo, ensure that IE is not uninstalled or in offline mode.

My only question is why are some of the programs' real updates removed, such as WMP 10 has version 11 and PowerPoint Viewer 2003 has version 2007 available for updating

[Little boy]

The latest version of opera in their official site itself "Opera 9.50b2 for Windows".

Check it out ....
http://www.opera.com/products/desktop/next/ 


 

[panic]

The latest version of opera in their official site itself "Opera 9.50b2 for Windows".

Check it out ....
http://www.opera.com/products/desktop/next/ 


 

Ummm .... the "b" in "9.50b2" means BETA. BETA release are not generally considered official releases.

Ewen :-)

[umesh]

Hi Everyone,
Thanks for giving it a try again.
We have fixed FPs reported for :
Winrar
Opera
Adobe
Utorrent

If you scan again, you should see it fixed.

In response to Little boy's comments:

The latest version of opera in their official site itself "Opera 9.50b2 for Windows".
Check it out ....
http://www.opera.com/products/desktop/next/ 

We don't cover Alpha/Beta/RCs, so that was not the case. Only official public releases are part of CVA.

In response to Soyabeaner's comment:

My only question is why are some of the programs' real updates removed, such as WMP 10 has version 11 and PowerPoint Viewer 2003 has version 2007 available for updating

We will be adding these back before month end, analyzing all the versions of it.

In response to coltrane's comments:

Filehippo is now showing 7 updates to my programs, CVA only 3. 2 actually, because Winrar is a FP. Also, if I click the link in CVA does nothing (all other updates go to filehippo) The 5 updates missing are:

Google Earth 4.2.0205
Iso Buster 2.3.0.1
MBSA 2.1
OpenOffice 2.4 (I have 2.3 which is also vulnerable but not showed anywhere in CVA)
Skype 3.8

Well, i can's say if that is a bug or not, maybe Comodo only show updates for some programs.

Like i said in first post of this topic, we don't cover all products/versions covered by competitors as of today and just adding up as we move on.

In response to Toxteth O'Grady's comments

The close button (X) only closes the program window and minimises it to the system tray. I don't like that behaviour. It should close the program. The minimise button (-) should minimise, not the close button.

It will be fixed in next program updates we make.

Please try again and letus know if any FP is found.

Thanks
-umesh

[Soyabeaner]

Ye, there are 2 categories: one for available Updates and another for Vulnerabilities (which could refer to a program regardless of its version).

[tormod]

Not a huge problem, but I've noticed that after I do a scan, the "Last Scanned" day/time is reported, but after rebooting, the Last Scanned reads Not Available as if I had never done a scan.

[Tags:]