Unique display of version information
@Tom I the past I reported many times that you should alter the version numbers of applications because they display the version information not in the format 4 numbers separated by a dot.
So I suggest that you always use the 4-numbers-format no matter how apps display it.
Here are some examples(*) where the version number can be displayed in the 4-numbers-format because both numbers are equal:
Application Version in the EXE Version in the Application 7-Zip 18.104.22.168 16.02 FileZilla 22.214.171.124 3.35.1 GIMP 126.96.36.199 2.10.4 Pidgin 188.8.131.52 2.13.0 Thunderbird 184.108.40.206 60.0
(*) = In my list of applications I have 28 apps where the version number has not the 4-numbers-format.
- [Pro] Unique display of version number
- [Pro] Less work for you
- [Con] User might be confused because the version in the application is different to VulnDetect
Here are some examples where the both numbers are not equal so you have to alter he version number:
Application Version in the EXE Version in the Application Mp3tag 220.127.116.11 2.89.a Star Citizen 18.104.22.168262 3.2.2 Xinorbis 22.214.171.124 8.1.8
- [Pro] User see the same version in the EXE and in VulnDetect (no confusion)
- [Con] More work for you
- [Con] Not unique display of version number
Is suggest that you use a mix of both methods.
- When the displayed version is the same than the version in the EXE (just missing zeros) then use the 4-numbers-format.
- Only when both versions are totally different then you alter it.
- [Pro] Unique display of version number (except of some apps)
- [Pro] Less work for you
- [Con] Not unique display of version number (for the exceptions)
- [???] I am not sure if this will confuse the user
@olli_s I think this is a decision that needs to be made on a per app basis, depending on the discrepancy between the two.
In most cases I suppose we want this, however, part of the new rules and back-end is support for pulling information from the registry and in some cases we can get it automatically from the registry.
But when you suggest new software, it is always nice to get, because then I know what to look for when creating the first rules.
@Tom it is good that you have a Display Version separate to the Technical Version.
But the question now is: do you also want to have a different Display Version if there are only some zeros missing?
So when Thunderbird has the displayed version 60.0 and the file version 126.96.36.199 do you still want to alter the Display Version ?
So should I continue reporting if there are different Display Version even if there are only some zeros missing?
Yes, all this inconsistency in versioning is quite annoying and there is no "one size fits all" in this.
As you know, we have a tonnes of breaking changes that are upcoming for the rules.
Among them, is support for two different kind of version numbers:
- FileVersion# or ProductVersion# as extracted from the detected file
- "DisplayVersion" which is either a "sanitized" FileVersion# or information provided by users / registry / other file or where else we can get it
So this is pretty much the same as you suggested above.
We would really like to be able to detect all "DisplayVersions" automatically, since getting it from you and other users is time consuming, but in cases where the registry can't provide this information, then we have to continue to update this manually.
However, patience is needed, we will make those changes in the rules and back end next week, but we will not implement this in the UI yet (since we don't have the data in the results database yet).