SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Added] WinDirStat - App-Request

    Added App Requests
    3
    15
    2467
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Anselm @Tom last edited by

      @Tom said in WinDirStat - App-Request:

      The user will get confused and believe that the information we provide is bogus, since the latest version on the site is 1.1.2 and not 1.1.2.80.

      But it might also be confusing, if the vendor provides minor versions and do not tell and name all of them 1.1.2

      @Tom said in WinDirStat - App-Request:

      I would still appreciate to know what is shown in the UI as it helps create the correct mapping and understand if other factors are needed to determine the correct version.

      👍

      T 1 Reply Last reply Reply Quote 0
      • T
        Tom VulnDetect Team Member last edited by

        This is a complicated topic and there just isn't a perfect solution since vendors are pretty poor at being consistent with their versioning, this even includes vendors like Microsoft and Mozilla.

        The purpose of VulnDetect is primarily to inform users about vulnerable software and to ensure that users can find the next non-vulnerable version. And secondarily we want to inform about new versions that are available.

        Based on this it makes most sense to "translate" or map whatever version the software is, to what is shown on the vendor website, especially what is show on download pages, changelogs, security bulletins and support documentation.

        In the case of WinDirStat it doesn't make much sense to refer to 1.1.2.80 (Unicode).

        Consider the case where a user has got version 1.1.1 (or something) and VulnDetect recommends version 1.1.2.80 (Unicode), how is the user supposed to find out what to download when they visit the website?

        The user will get confused and believe that the information we provide is bogus, since the latest version on the site is 1.1.2 and not 1.1.2.80.

        I'm not saying this is perfect or that this covers all situations we will encounter. But it is what comes closest to helping the normal users who doesn't want to do download and install the application to find out if it indeed is the right version.

        So, when the vendor provides version information on the website, that will be used (if and when we can map to that in a reliable way). And if that isn't feasible for one reason or another, then we will use what is in the files.

        I would still appreciate to know what is shown in the UI as it helps create the correct mapping and understand if other factors are needed to determine the correct version.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        A 1 Reply Last reply Reply Quote 0
        • A
          Anselm @OLLI_S last edited by Anselm

          @OLLI_S I do not know, what a user normally do. Maybe he knows, which version he installed, because it is mentioned at the download site. Or the version number is in the name of the install file. Or a system administrator looks remote, which programs are installed - he will newer see the about box.

          1 Reply Last reply Reply Quote 0
          • OLLI_S
            OLLI_S Community Moderator last edited by

            Users normally look up the version information in the app because many apps store not the correct information in Windows.
            For example the Oculus App, they store < 3 ( a ❤ symbol).
            But most apps offer a Help -> About dialog where they show the correct version number.

            A 1 Reply Last reply Reply Quote 0
            • A
              Anselm @OLLI_S last edited by

              @OLLI_S @Tom maybe it is more complicated? Windows->Programs and Features: The name is WinDirStat 1.2.0
              You can find a lot of programs there, which has version numbers in the name and additionally have a number in the version column

              1 Reply Last reply Reply Quote 0
              • OLLI_S
                OLLI_S Community Moderator last edited by OLLI_S

                WinDirStat is now detected by VulnDetect but the version number 1.1.2 is not correct.
                If I go to Help -> About in WinDirStat then I see: 1.1.2.80 (Unicode).
                Tell me if you need a screen shot.


                Here the information extracted from the EXE file:

                File name and path:     D:\PortableApps\PortableApps\WinDirStatPortable\App\WinDirStat\windirstat.exe
                Product Name:           WinDirStat
                Internal Name:          windirstat
                Original Filename:      windirstat.exe
                
                File Description:       Windows Directory Statistics
                Company:                Seifert
                Legal Copyright:        Copyright (C) 2003-2005 Bernhard Seifert
                Legal Trademarks:       
                Comments:               
                
                File Version String:    1.1.2.80 (Unicode)
                File Version:           1.1.2.80
                Product Version String: 1.1.2.80 (Unicode)
                Product Version:        1.1.2.80
                

                So don't care what is written on web pages, show what is shown in the GUI.

                A 1 Reply Last reply Reply Quote 0
                • T
                  Tom VulnDetect Team Member last edited by

                  Generic detection and Specific Rules added. Version written as 1.1.2 as this is how it is done on the site and FossHub.

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  1 Reply Last reply Reply Quote 0
                  • OLLI_S
                    OLLI_S Community Moderator last edited by

                    Every user should use the tool that he likes...

                    1 Reply Last reply Reply Quote 0
                    • A
                      Anselm last edited by

                      I think there were issues scanning network drives in old versions of TreeSizeFree.
                      However, the free version is restricted. here from the FAQ::

                      "Does TreeSize Free support scanning network drives?

                      Yes, scanning network drives is fully supported by the free version, unless the network share lies within a Windows domain. This is mostly the case in larger environments, such as a company network. The professional edition also supports scans in Windows domains."

                      1 Reply Last reply Reply Quote 0
                      • OLLI_S
                        OLLI_S Community Moderator last edited by

                        I also have it an I really love this tool.
                        @Anselm Good alternative is TreeSizeFree

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                        Please see our Privacy and Data Processing Policy
                        Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                        Forum software by NodeBB