Grouping multiple (vulnerable) programs


  • VulnDetect Team Member

    group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want

    Suggested by @CTaylor


  • Community Moderator

    OK, I mark this idea as Implemented and move it to the category Implemented Feature Requests.


  • VulnDetect Team Member

    @OLLI_S I agree


  • Community Moderator

    @Tom I think we can mark this topic as "Implemented" because you added "Bundling".
    If there are bundling issues then we should add new topics for each app in the detection issues.
    Do you agree?


  • Community Moderator

    @OLLI_S said in Grouping multiple (vulnerable) programs:

    how you will display this, when there is an update for the Launcher available but not for the game itself?
    So an update for the bundled app and not for the parent applications.

    Today I updated some apps, also the following:

    • I had an update for the Elite Dangerous Launcher but not for Elite Dangerous (the game)
    • I had an update for Star Citizen (the game) but not for the RSI Launcher

    So you should show the user updates for bundles.


  • Community Moderator

    @Tom I wrote in Grouping multiple (vulnerable) programs:

    But the Launchers can be updated separately from the game.
    So there can be new versions of the game available but also new versions of the launcher.
    And I can update the launcher but not update the game.

    Do you have any idea how you will display this, when there is an update for the Launcher available but not for the game itself?
    So an update for the bundled app and not for the parent applications.


  • Community Moderator

    You also should group:

    • Elite Dangerous
      • Elite Dangerous Launcher

    • Star Citizen
      • RSI Launcher
        • 7-Zip

    • The Dark Mod
      • The Dark Mod Updater/Downloader
      • The Dark Mod x32
      • The Dark Mod x64

    The Dark Mod is not added yet, see https://vulndetect.org/topic/495/the-dark-mod-game-request
    The Dark Mod Updater/Downloader is not requested yet, because the version number in the app is not correct


    But the Launchers can be updated separately from the game.
    So there can be new versions of the game available but also new versions of the launcher.
    And I can update the launcher but not update the game.


  • Community Moderator

    For FreeCommander the backup folder is created automatically.
    So you should bundle it (make it expandable and show the backup version as "bundled").

    Here is an other specialty: FreeFileSync
    I have installed FreeFileSync normally (not Portable) and I see the following files:

    1. C:\Program Files\FreeFileSync\FreeFileSync.exe
    2. C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe
    3. C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
    4. C:\Program Files\FreeFileSync\Bin\FreeFileSync_XP.exe

    File 1. is detected by VulnDetect.
    It is only 462 KB in size and is only a Launcher that starts the correct EXE file (files 2., 3. or 4.) depending on your system.
    So when I start FreeFileSync.exe (launcher) then the FreeFileSync_x64.exe is started as child process.

    FreeFileSync_Process_Tree.png

    So here you should also show FreeFileSync expandable and show all 3 platform-related files as child.
    So it looks like the process tree structure.


  • VulnDetect Team Member

    @OLLI_S said in Grouping multiple (vulnerable) programs:

    What about also bundling multiple instances of the same application?

    • FreeCommander XE
      ....

    And what about bundling 32-Bit and 64-Bit instances of the same application?
    ....

    The rule of thumb that we will apply to bundling is the following:
    If an installer installs both 32bit and 64bit versions, then we intend to bundle them.
    If it requires downloading and running two different installers, then it will not be bundled.

    In your example with FreeCommander, then we will bundle them, if the "backup" folder is created by the installer. If you created it manually, then we usually consider it separate installations (but manually moving exe files may class with the bundle specifications).
    The PortableApps will generally not be considered bundled, but rather separate installations.


  • Community Moderator

    @OLLI_S said in Grouping multiple (vulnerable) programs:

    indows 10 Professional

    I suggested above that you show one line for Windows and below that you should show all applications that are bundled with Windows.
    You should also show the exact version number of Windows, like:

    Windows 10 Professional Version 1809 (Build 17763.316)


  • Community Moderator

    What about also bundling multiple instances of the same application?

    • FreeCommander XE
      • FreeCommander XE (C:\Program Files\FreeCommander XE\FreeCommander.exe)
      • FreeCommander XE (C:\Program Files\FreeCommander XE\backup\FreeCommander.exe)
      • FreeCommander XE (D:\PortableApps\PortableApps\FreeCommanderPortable\App\FreeCommanderXE\FreeCommander.exe)

    And what about bundling 32-Bit and 64-Bit instances of the same application?

    • Toolbox for VulnDetect
      • Toolbox for VulnDetect 32-Bit (D:\Lazarus\Toolbox for VulnDetect\Released Versions\Version 3.0\Toolbox for VulnDetect.exe)
      • Toolbox for VulnDetect 64-Bit (D:\Lazarus\Toolbox for VulnDetect\Released Versions\Version 3.0\Toolbox for VulnDetect x64.exe)

  • Community Moderator

    I have some enhancements for the grouping feature:

    • For grouped applications show just one entry (like "Microsoft Office 2016") and in front of this entry show a [+] icon, so the entry can be expanded and collapsed.
      If users expand it, they see all applications bundled with that product

    • Show all applications (so don't hide any applications) but show them grouped.

    Here are some examples:


    • SecTeer VulnDetect
      • 7-Zip (C:\Users\All Users\chocolatey\tools\7z.exe)
      • 7-Zip (C:\ProgramData\chocolatey\tools\7z.exe)
      • chocolatey (C:\Users\All Users\chocolatey\choco.exe)
      • chocolatey (C:\ProgramData\chocolatey\choco.exe)

    • NVIDIA GeForce Experience
      • 7-Zip (C:\Users\All Users\NVIDIA Corporation\Downloader\PostProcessing\GFE\a5c55c300a0970b183a69782967dfc59\GFExperience\7z.exe)
      • 7-Zip (C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\a5c55c300a0970b183a69782967dfc59\GFExperience\7z.exe)
      • 7-Zip (C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe)

    • Windows 10 Professional
      • Adobe Flash Player (C:\Windows\System32\Macromed\Flash\Flash.ocx)
      • Adobe Flash Player (C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx)
      • curl (C:\Windows\System32\curl.exe)
      • curl (C:\Windows\SysWOW64\curl.exe)
      • Microsoft OneDrive (C:\Users\user1\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
      • Microsoft OneDrive (C:\Users\user2\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
      • Microsoft OneDrive (C:\Users\user3\AppData\Local\Microsoft\OneDrive\OneDrive.exe)
      • Microsoft Silverlight (C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe)
      • Microsoft Silverlight (C:\Program Files\Microsoft Silverlight\sllauncher.exe)
      • OpenSSH for Windows (C:\Windows\System32\OpenSSH\ssh.exe)

    • Google Chrome
      • Adobe Flash Player (C:\Users\user1\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)
      • Adobe Flash Player (C:\Users\user2\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)
      • Adobe Flash Player (C:\Users\user3\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.142\pepflashplayer.dll)

    • Star Citizen
      • 7-Zip (E:\StarCitizen\RSI Launcher\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe)

  • Community Moderator

    @tom said in Grouping multiple (vulnerable) programs:

    However, this is still several weeks away.

    No problem, important is that you have it on your To-Do list.


  • VulnDetect Team Member

    We are planning something along the lines of this, where VulnDetect will group dependencies and possible product bundles as well.

    However, this is still several weeks away.


  • Community Moderator

    Currently I have in VulnDetect the following applications:

    • Microsoft Office 2016
    • Microsoft Access 2016
    • Microsoft Excel 2016
    • Microsoft OneNote 2016
    • Microsoft Outlook 2016
    • Microsoft PowerPoint 2016
    • Microsoft Publisher 2016
    • Microsoft Word 2016

    It would be cool to see only one entry called Microsoft Office 2016 that can be expanded to see all enclosed products.


  • Community Moderator

    Very useful idea, especially for applications that are bundled with other apps (like 7-Zip is delivered with the NVIDIA Drivers).
    So I see 7-Zip only once, but can expand the entry.

    But this feature could also be used to group bundled applications, like Microsoft Office.
    I see an entry Microsoft Office 2016 and can expand it.
    Here I see all apps of the bundle, like Word, Excel, PowerPoint and so on.


Log in to reply