Closed HayesE closed 9 months ago
stevehoek
commented
9 months ago Now that tigzy has code to scan VERSIONINFO in portable app exe's, I'm hoping he adds that to the community and curated app scans and uses it as a second source of truth in addition the the add/remove registry key. Too many apps don't update their registry on an update/patch, and some just don't do it well at all.
Tigzy
commented
9 months ago The problem is doing that randomly (meaning for community apps) will generate even more problems with applications that have different version numbers for some of their modules (setup, uninstall, foo, ...). Reading location, or icon from the registry leads to "guessing" which binary is the main binary. That's is not 100% error proof, and even more errornous than trusting the version from the registry.
IMO the best solution is to ask software developers individually to fix their setups.
stevehoek
commented
9 months ago I don't think it is as hard or as error-prone as you thing. SUMo did this. You could also scan the start menu for shortcuts to find the "main exe" of an app. Some heuristics in the code or a hint file from the server could improve the fuzzy logic.
HayesE
commented
9 months ago This is what BigFix and lots of anti-malware products do, they directly scan files to capture version numbers to see if any are outdated and/or vulnerable in need of patching
Tigzy
commented
9 months ago I don't think it is as hard or as error-prone as you thing. SUMo did this. You could also scan the start menu for shortcuts to find the "main exe" of an app. Some heuristics in the code or a hint file from the server could improve the fuzzy logic.
In fact it already created some issues where totally unrelated version numbers were brought and used as reference for comparison (Look at Java or Visual Studio if you have time). And we had to revert that part of the code, so we won't re-introduce the same issue elsewhere... Maybe there's an easy solution, but it's not found yet.
Tigzy
commented
9 months ago This is what BigFix and lots of anti-malware products do, they directly scan files to capture version numbers to see if any are outdated and/or vulnerable in need of patching
Yes and we do it as well, but only on a certain portions of supported programs where we know it's safe to use. It cannot be gereralized across thousands of hundreds of programs and hope it works. I believe it generates more issues than it fixes
Preliminary Checks
Beta Version
What happened?
UCheck is unable to verify that PCMark 10's latest version is installed, due to PCMark10 not updating version numbers in the add/remove programs section (and corresponding registry entry) - however a quick scan on the actual executable file located in C:\Program Files\UL\PCMark 10\ shows it is indeed the latest version.
ucheck-report
Program : UCheck Version : 5.0.6.0 x64 : Yes Program Date : Dec 4 2023 Location : C:\Program Files\UCheck\UCheck64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/ucheck/ Operating System : Windows 11 (10.0.22631) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : User is Admin : No Date : 2023/12/09 18:22:52 Type : Scan Aborted : No Scan Mode : Standard Updates Count : 4
Warnings
Updates PowerShell 7-x64 (64-bit), version 7.4.0.0 [+] Available Version : 7.4.101.0 [+] Size : 267 MB [+] Wow6432 : No [+] Portable : No
Microsoft Edge (32-bit), version 120.0.2210.61 [+] Available Version : 121.0.2256.2 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Microsoft\Edge\Application
PowerShell 7-x86 (32-bit), version 7.4.0.0 [+] Available Version : 7.4.101.0 [+] Size : 250 MB [+] Wow6432 : Yes [+] Portable : No
PCMark 10 (32-bit), version 2.1.2574.0 [+] Available Version : 2.1.2662.0 [+] Size : 599 MB [+] Wow6432 : Yes [+] Portable : No
Is the issue reproductible?
Yes
Don't forget to vote !