HOME IT Security Measures for Information Security VulnerabilitiesIPA/ISEC：Vulnerabilities：Filtered Vulnerability Countermeasure Information Tool “MyJVN” English Version Released

IPA/ISEC：Vulnerabilities：Filtered Vulnerability Countermeasure Information Tool “MyJVN” English Version Released

Use the latest version to prevent security problems caused by the lack of security

Nov 30, 2009
IT Security Center
Information-technology Promotion Agency, Japan
>> JAPANESE

IPA (Information-technology Promotion Agency, Japan, (Chairman Koji Nishigaki) released MyJVN Version Checker, a tool that enables people to easily check whether the version of the software installed in their PC are the latest, on November 30, 2009.
URL: http://jvndb.jvn.jp/apis/myjvn/ (in Japanese)

In recent years, in addition to ever-evolving viruses which targets the general public, the methods of attacking are becoming increasingly diversified, such as attacking a specific company or organization by sending virus-attached emails under the guise of its employee (called targeted attacks), or aiming at security vulnerability of the web browser or video player to tamper with the web site of a famous company or organization^(*1). Many of these attacks utilize vulnerabilities in the older versions of software products.

Although it is effective to upgrade software version against these attacks, “Information Security Treats Survey 2009” shows that the software version upgrade is not done much. According to the survey, 24.2% answered it was “troublesome” and 42.5%^(*2) did not know how to upgrade.

Here, IPA developed a “MyJVN^(*3) Version Checker” that allows people to easily check whether the software installed on their PC is the latest version.

Figure 1 shows the operation screen of the “MyJVN Version Checker”. With just mouse click, people can check the versions of multiple software. The results are easy to understand: ○ the latest version, or × not the latest version^(*4).

If the software is not the latest version and users can easily access the vendor’s download website with also just a few click.

Figure 1. MyJVN Result Page

Figure 1. MyJVN Result Page

Currently, MyJVN Version Checker supports software shown in Table 1. Mainly internet-related software products were selected seeking cooperation from the software venders.

While implementing OVAL^(*5), a specification for assessing security configuration of computers and improving its flexibility and efficiency, IPA will continue to enhance the usefulness of the Version Checker by expanding supported software products.

Table 1. MyJVN Version Checker Supported Products

#	Software Products	Summary
1	Adobe Flash Player (ActiveX, Plug-in)^(*6)	Video player
2	Adobe Reader	PDF document software
3	JRE	JAVA Runtime Environment software^(*7)
4	Mozilla Firefox	Web browser
5	Mozilla Thunderbird	eMailing software
6	Lhaplus	Compression/Decompression software
7	QuickTime	Video player

MyJVN Version Checker’s operating requirements are shown below:

Table 2. MyJVN Version Checker Operation Requirements

OS (32bit only)	Microsoft Windows XP SP2, SP3 or Microsoft Windows Vista
Browser	Internet Explorer 6, 7 Firefox 3
JRE	Sun Java Runtime Environment 5.0, 6.0

Footnote

(*1)Information Security White Paper 2009 Part 2 “10 Major Security Threats” Released
http://www.ipa.go.jp/security/english/vuln/10threats2009_en.html

(*2)Attitude Study on Information Security Threats 2009, 4-3-3: The reason not to apply security patch
http://www.ipa.go.jp/security/fy21/reports/ishiki/documents/2009-ishiki.pdf (in Japanese)

(*3)A collective term of tools and services that support the better use of JVN iPedia ( http://jvndb.jvn.jp/en ), a vulnerability countermeasure information data base hosted by IPA. MyJVN Filtered Vulnerability Countermeasure Information Tool has been also offered since October 23, 2007.
http://jvndb.jvn.jp/en/apis/myjvn/index.html

(*4)When a software is not recognized, due to whether it is uninstalled or the version is older, the display will show the message like the following:
-uninstalled or not supported

(*5)Open Vulnerability and Assessment Language. OVAL is one of the elements that constitute SCAP(Security Content Automation Protocol), which allows the automation and standardization of technical approaches in the field of information security promoted by the U.S. government. For the detail, refer to Security Assessment Language “OVAL” Overview
http://www.ipa.go.jp/security/english/vuln/OVAL_en.html

(*6)Internet Explorer (ActiveX), and Mozilla Firefox for (Plug-in)

(*7)A set of software required to run a software developed in JAVA

Reference

“MyJVN Security Configuration Checker” released(Dec 21, 2009)
http://www.ipa.go.jp/security/english/vuln/200912_myjvn_cc_en.html
Filtered Vulnerability Countermeasure Information Tool “MyJVN” English Version Released(Jan 15, 2009)
http://www.ipa.go.jp/security/english/vuln/200901_myjvn_english_en.html
Filtered Vulnerability Countermeasure Information Tool “MyJVN” Now Available(Oct 23, 2008)
http://www.ipa.go.jp/security/english/vuln/200810_MyJVN_en.html
CVE (Common Vulnerabilities and Exposures) Overview
http://www.ipa.go.jp/security/english/vuln/CVE_en.html
CPE (Common Platform Enumeration) Overview
http://www.ipa.go.jp/security/english/vuln/CPE_en.html
OVAL (Open Vulnerability and Assessment Language) Overview
http://www.ipa.go.jp/security/english/vuln/OVAL_en.html
CWE (Common Weakness Enumeration) Overview
http://www.ipa.go.jp/security/english/vuln/CWE_en.html

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail:

Top Page

IT Security