Show Reason for Unsafe Status
In VulnDetect you show the status "Unsafe" but this can have different reasons:
- User has an older version installed that has known vulnerabilities (user has to update)
- User has the actual version installed but there are still open vulnerabilities (user can not do anything here)
It would be useful when you show why an application is unsafe.
For users it is important to know if they can do anything or not.
So they need to know "Your app is up-to-date but still has vulnerabilities".
Otherwise I have 5 apps with the status "unsafe" although they are all up-to-date (and I don't understand this and blame VulnDetect).
The VulnDetect supports this, kind of.
Some Rules has been updated and does show a "Recommended" version, even if the version you got isn't flagged as insecure or EoL.
Right now we use the word "Recommended" in both cases.
This will be changed, so that Insecure and EoL triggers "Recommended".
And a different installed version than the latest known version from the vendor, will say "Suggested".
When you see that the version we "Suggest" or "Recommend" is older or different from the one you just installed or updated to, then you are most welcome to send us a chat message, write a short message here on the forum or simply wait a day.
We are (in most cases) "alerted" automatically when you have a newer version and it ends up on our automatic "to do list". Normally, these new or unknown versions are updated / added within a day, but feel free to ping us if you are impatient to have a Rule updated.
I am glad that you plan this feature because users won't understand why an application is Unsafe although it is up-to-date.
@olli_s Yes, I agree. Currently we do track this in the rules, but the UI hasn't been updated to utilize this.
During the past two months we have changed a bit in the structure of the rules, this is actually a huge improvement, but it also requires a bigger change in both the UI and the processing engine, before we can display this properly.
I can't give an ETA at the moment for this change to be reflected in the UI.
Rest assured, we will have detailed tracking of the reason for "Unsafe".
In the list of applications there are many entries that are marked as unsafe although they are up-to-date.
So I really don't know why they are marked ad unsafe (I just can imagine that there are some unpatched vulnerabilities).
Please write the reason why an application is unsafe, so I know if there is a new version available or if I have to kick some but and tell the developers of the app to release a patch for the unsafe version.
@gregalexandre Yes, this is due to the way we detect programs. One of the upcoming features of our rules, will be the ability to "group" based on what program it was bundled with. 7-zip is bundled with a lot of different apps, including certain Nvidia packages, so, in the future, you should only see Nvidia, and then when you expand Nvidia, you will see that it also includes 7-zip (which can't be updated). But again, that is part of the many things we are still working on, so please be patient.
GregAlexandre last edited by
@tom Thanks. I will ask about NVIDIA downloader which left unsafe 7-zip.
@gregalexandre If this makes too much noise in the Detection Issues and Suggestions category, then we will consider making a new category for such issues. But for now, feel free to discuss this in Detection Issues.
GregAlexandre last edited by
May I suggest to have a forum on how to remove safely unsafe version left?
For instance, I have many unsafe 7-zip version left in installshield data which are probably left by installations that do not clean up correctly. I am almost sure these 7-zip executables can be deleted without harm, but discussing this subject could help myself and others (and help let know vulndetect by having these solutions referenced by search engines).
This will affect many applications, also applications that were already patched but no info about the fixed vulnerabilities are available.
So this would definitely help the user.
report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.
Suggested by @CTaylor
Glad that you like this idea!
Yes, I agree. The UI is something we will work with soon. And this is also something that needs to be communicated better