SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] Unique display of version information

    Solved Detection Issues
    2
    5
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_SO
      OLLI_S Community Moderator
      last edited by OLLI_S

      @Tom I the past I reported many times that you should alter the version numbers of applications because they display the version information not in the format 4 numbers separated by a dot.
      So I suggest that you always use the 4-numbers-format no matter how apps display it.

      Here are some examples(*) where the version number can be displayed in the 4-numbers-format because both numbers are equal:

      Application Version in the EXE Version in the Application
      7-Zip 16.2.0.0 16.02
      FileZilla 3.35.1.0 3.35.1
      GIMP 2.10.4.0 2.10.4
      Pidgin 2.13.0.0 2.13.0
      Thunderbird 60.0.0.0 60.0

      (*) = In my list of applications I have 28 apps where the version number has not the 4-numbers-format.

      Advantages/Disadvantages:

      • [Pro] Unique display of version number
      • [Pro] Less work for you
      • [Con] User might be confused because the version in the application is different to VulnDetect

      Here are some examples where the both numbers are not equal so you have to alter he version number:

      Application Version in the EXE Version in the Application
      Mp3tag 2.89.1.0 2.89.a
      Star Citizen 3.2.12.60262 3.2.2
      Xinorbis 8.0.15.37 8.1.8

      Advantages/Disadvantages:

      • [Pro] User see the same version in the EXE and in VulnDetect (no confusion)
      • [Con] More work for you
      • [Con] Not unique display of version number

      Conclusion

      Is suggest that you use a mix of both methods.

      • When the displayed version is the same than the version in the EXE (just missing zeros) then use the 4-numbers-format.
      • Only when both versions are totally different then you alter it.

      Advantages/Disadvantages:

      • [Pro] Unique display of version number (except of some apps)
      • [Pro] Less work for you
      • [Con] Not unique display of version number (for the exceptions)
      • [???] I am not sure if this will confuse the user
      1 Reply Last reply Reply Quote 0
      • T
        Tom VulnDetect Team Member
        last edited by Tom

        Yes, all this inconsistency in versioning is quite annoying and there is no "one size fits all" in this.

        As you know, we have a tonnes of breaking changes that are upcoming for the rules.

        Among them, is support for two different kind of version numbers:

        • FileVersion# or ProductVersion# as extracted from the detected file
        • "DisplayVersion" which is either a "sanitized" FileVersion# or information provided by users / registry / other file or where else we can get it

        So this is pretty much the same as you suggested above.

        We would really like to be able to detect all "DisplayVersions" automatically, since getting it from you and other users is time consuming, but in cases where the registry can't provide this information, then we have to continue to update this manually.

        However, patience is needed, we will make those changes in the rules and back end next week, but we will not implement this in the UI yet (since we don't have the data in the results database yet).

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        1 Reply Last reply Reply Quote 0
        • OLLI_SO
          OLLI_S Community Moderator
          last edited by

          @Tom it is good that you have a Display Version separate to the Technical Version.

          But the question now is: do you also want to have a different Display Version if there are only some zeros missing?
          So when Thunderbird has the displayed version 60.0 and the file version 60.0.0.0 do you still want to alter the Display Version ?

          So should I continue reporting if there are different Display Version even if there are only some zeros missing?

          T 1 Reply Last reply Reply Quote 0
          • T
            Tom VulnDetect Team Member @OLLI_S
            last edited by

            @olli_s I think this is a decision that needs to be made on a per app basis, depending on the discrepancy between the two.
            In most cases I suppose we want this, however, part of the new rules and back-end is support for pulling information from the registry and in some cases we can get it automatically from the registry.
            But when you suggest new software, it is always nice to get, because then I know what to look for when creating the first rules.

            /Tom
            Download the latest SecTeer VulnDetect agent here:
            https://vulndetect.com/dl/secteerSetup.exe

            1 Reply Last reply Reply Quote 0
            • OLLI_SO
              OLLI_S Community Moderator
              last edited by

              You display the version number like it is shown in the app.
              So I consider this issue is solved.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

              Please see our Privacy and Data Processing Policy
              Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
              Forum software by NodeBB