[Implemented] Grouping multiple (vulnerable) programs

OLLI_S

Currently I have in VulnDetect the following applications:

• Microsoft Office 2016
• Microsoft Access 2016
• Microsoft Excel 2016
• Microsoft OneNote 2016
• Microsoft Outlook 2016
• Microsoft PowerPoint 2016
• Microsoft Publisher 2016
• Microsoft Word 2016

It would be cool to see only one entry called Microsoft Office 2016 that can be expanded to see all enclosed products.

Tom

We are planning something along the lines of this, where VulnDetect will group dependencies and possible product bundles as well.

However, this is still several weeks away.

OLLI_S

@tom said in Grouping multiple (vulnerable) programs:

However, this is still several weeks away.

No problem, important is that you have it on your To-Do list.

OLLI_S

I have some enhancements for the grouping feature:

• For grouped applications show just one entry (like "Microsoft Office 2016") and in front of this entry show a [+] icon, so the entry can be expanded and collapsed.
  If users expand it, they see all applications bundled with that product

• Show all applications (so don't hide any applications) but show them grouped.

Here are some examples:

---

• SecTeer VulnDetect
  • 7-Zip (C:\Users\All Users\chocolatey\tools\7z.exe)
  • 7-Zip (C:\ProgramData\chocolatey\tools\7z.exe)
  • chocolatey (C:\Users\All Users\chocolatey\choco.exe)
  • chocolatey (C:\ProgramData\chocolatey\choco.exe)

---

• NVIDIA GeForce Experience
  • 7-Zip (C:\Users\All Users\NVIDIA Corporation\Downloader\PostProcessing\GFE\a5c55c300a0970b183a69782967dfc59\GFExperience\7z.exe)
  • 7-Zip (C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\a5c55c300a0970b183a69782967dfc59\GFExperience\7z.exe)
  • 7-Zip (C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe)

---

• Windows 10 Professional
  • Adobe Flash Player (C:\Windows\System32\Macromed\Flash\Flash.ocx)
  • Adobe Flash Player (C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx)
  • curl (C:\Windows\System32\curl.exe)
  • curl (C:\Windows\SysWOW64\curl.exe)
  • Microsoft OneDrive (C:\Users\user1\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
  • Microsoft OneDrive (C:\Users\user2\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
  • Microsoft OneDrive (C:\Users\user3\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
  • Microsoft Silverlight (C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe)
  • Microsoft Silverlight (C:\Program Files\Microsoft Silverlight\sllauncher.exe)
  • OpenSSH for Windows (C:\Windows\System32\OpenSSH\ssh.exe)

---

• Google Chrome
  • Adobe Flash Player (C:\Users\user1\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)
  • Adobe Flash Player (C:\Users\user2\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)
  • Adobe Flash Player (C:\Users\user3\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)

---

• Star Citizen
  • 7-Zip (E:\StarCitizen\RSI Launcher\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe)

OLLI_S

What about also bundling multiple instances of the same application?

• FreeCommander XE
  • FreeCommander XE (C:\Program Files\FreeCommander XE\FreeCommander.exe)
  • FreeCommander XE (C:\Program Files\FreeCommander XE\backup\FreeCommander.exe)
  • FreeCommander XE (D:\PortableApps\PortableApps\FreeCommanderPortable\App\FreeCommanderXE\FreeCommander.exe)

And what about bundling 32-Bit and 64-Bit instances of the same application?

• Toolbox for VulnDetect
  • Toolbox for VulnDetect 32-Bit (D:\Lazarus\Toolbox for VulnDetect\Released Versions\Version 3.0\Toolbox for VulnDetect.exe)
  • Toolbox for VulnDetect 64-Bit (D:\Lazarus\Toolbox for VulnDetect\Released Versions\Version 3.0\Toolbox for VulnDetect x64.exe)

OLLI_S

@OLLI_S said in Grouping multiple (vulnerable) programs:

indows 10 Professional

I suggested above that you show one line for Windows and below that you should show all applications that are bundled with Windows.
You should also show the exact version number of Windows, like:

Windows 10 Professional Version 1809 (Build 17763.316)

Tom

@OLLI_S said in Grouping multiple (vulnerable) programs:

What about also bundling multiple instances of the same application?

• FreeCommander XE
  ....

And what about bundling 32-Bit and 64-Bit instances of the same application?
....

The rule of thumb that we will apply to bundling is the following:
If an installer installs both 32bit and 64bit versions, then we intend to bundle them.
If it requires downloading and running two different installers, then it will not be bundled.

In your example with FreeCommander, then we will bundle them, if the "backup" folder is created by the installer. If you created it manually, then we usually consider it separate installations (but manually moving exe files may class with the bundle specifications).
The PortableApps will generally not be considered bundled, but rather separate installations.

OLLI_S

For FreeCommander the backup folder is created automatically.
So you should bundle it (make it expandable and show the backup version as "bundled").

Here is an other specialty: FreeFileSync
I have installed FreeFileSync normally (not Portable) and I see the following files:

1. C:\Program Files\FreeFileSync\FreeFileSync.exe
2. C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe
3. C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
4. C:\Program Files\FreeFileSync\Bin\FreeFileSync_XP.exe

File 1. is detected by VulnDetect.
It is only 462 KB in size and is only a Launcher that starts the correct EXE file (files 2., 3. or 4.) depending on your system.
So when I start FreeFileSync.exe (launcher) then the FreeFileSync_x64.exe is started as child process.

So here you should also show FreeFileSync expandable and show all 3 platform-related files as child.
So it looks like the process tree structure.

OLLI_S

You also should group:

• Elite Dangerous
  • Elite Dangerous Launcher

---

• Star Citizen
  • RSI Launcher
    • 7-Zip

---

• The Dark Mod
  • The Dark Mod Updater/Downloader
  • The Dark Mod x32
  • The Dark Mod x64

The Dark Mod is not added yet, see https://vulndetect.org/topic/495/the-dark-mod-game-request
The Dark Mod Updater/Downloader is not requested yet, because the version number in the app is not correct

---

But the Launchers can be updated separately from the game.
So there can be new versions of the game available but also new versions of the launcher.
And I can update the launcher but not update the game.

OLLI_S

@Tom I wrote in Grouping multiple (vulnerable) programs:

But the Launchers can be updated separately from the game.
So there can be new versions of the game available but also new versions of the launcher.
And I can update the launcher but not update the game.

Do you have any idea how you will display this, when there is an update for the Launcher available but not for the game itself?
So an update for the bundled app and not for the parent applications.

OLLI_S

@OLLI_S said in Grouping multiple (vulnerable) programs:

how you will display this, when there is an update for the Launcher available but not for the game itself?
So an update for the bundled app and not for the parent applications.

Today I updated some apps, also the following:

• I had an update for the Elite Dangerous Launcher but not for Elite Dangerous (the game)
• I had an update for Star Citizen (the game) but not for the RSI Launcher

So you should show the user updates for bundles.

OLLI_S

@Tom I think we can mark this topic as "Implemented" because you added "Bundling".
If there are bundling issues then we should add new topics for each app in the detection issues.
Do you agree?

Tom

@OLLI_S I agree

OLLI_S

OK, I mark this idea as Implemented and move it to the category Implemented Feature Requests.