[Added] WinDirStat - App-Request
-
@Tom said in WinDirStat - App-Request:
The user will get confused and believe that the information we provide is bogus, since the latest version on the site is 1.1.2 and not 1.1.2.80.
But it might also be confusing, if the vendor provides minor versions and do not tell and name all of them 1.1.2
@Tom said in WinDirStat - App-Request:
I would still appreciate to know what is shown in the UI as it helps create the correct mapping and understand if other factors are needed to determine the correct version.
-
This is a complicated topic and there just isn't a perfect solution since vendors are pretty poor at being consistent with their versioning, this even includes vendors like Microsoft and Mozilla.
The purpose of VulnDetect is primarily to inform users about vulnerable software and to ensure that users can find the next non-vulnerable version. And secondarily we want to inform about new versions that are available.
Based on this it makes most sense to "translate" or map whatever version the software is, to what is shown on the vendor website, especially what is show on download pages, changelogs, security bulletins and support documentation.
In the case of WinDirStat it doesn't make much sense to refer to 1.1.2.80 (Unicode).
Consider the case where a user has got version 1.1.1 (or something) and VulnDetect recommends version 1.1.2.80 (Unicode), how is the user supposed to find out what to download when they visit the website?
The user will get confused and believe that the information we provide is bogus, since the latest version on the site is 1.1.2 and not 1.1.2.80.
I'm not saying this is perfect or that this covers all situations we will encounter. But it is what comes closest to helping the normal users who doesn't want to do download and install the application to find out if it indeed is the right version.
So, when the vendor provides version information on the website, that will be used (if and when we can map to that in a reliable way). And if that isn't feasible for one reason or another, then we will use what is in the files.
I would still appreciate to know what is shown in the UI as it helps create the correct mapping and understand if other factors are needed to determine the correct version.
-
@OLLI_S I do not know, what a user normally do. Maybe he knows, which version he installed, because it is mentioned at the download site. Or the version number is in the name of the install file. Or a system administrator looks remote, which programs are installed - he will newer see the about box.
-
Users normally look up the version information in the app because many apps store not the correct information in Windows.
For example the Oculus App, they store < 3 ( a
symbol).
But most apps offer a Help -> About dialog where they show the correct version number. -
-
WinDirStat is now detected by VulnDetect but the version number 1.1.2 is not correct.
If I go to Help -> About in WinDirStat then I see: 1.1.2.80 (Unicode).
Tell me if you need a screen shot.
Here the information extracted from the EXE file:
File name and path: D:\PortableApps\PortableApps\WinDirStatPortable\App\WinDirStat\windirstat.exe Product Name: WinDirStat Internal Name: windirstat Original Filename: windirstat.exe File Description: Windows Directory Statistics Company: Seifert Legal Copyright: Copyright (C) 2003-2005 Bernhard Seifert Legal Trademarks: Comments: File Version String: 1.1.2.80 (Unicode) File Version: 1.1.2.80 Product Version String: 1.1.2.80 (Unicode) Product Version: 1.1.2.80
So don't care what is written on web pages, show what is shown in the GUI.
-
Generic detection and Specific Rules added. Version written as 1.1.2 as this is how it is done on the site and FossHub.
-
Every user should use the tool that he likes...
-
I think there were issues scanning network drives in old versions of TreeSizeFree.
However, the free version is restricted. here from the FAQ::"Does TreeSize Free support scanning network drives?
Yes, scanning network drives is fully supported by the free version, unless the network share lies within a Windows domain. This is mostly the case in larger environments, such as a company network. The professional edition also supports scans in Windows domains."
-
I also have it an I really love this tool.
@Anselm Good alternative is TreeSizeFree
