Page 1 of 1

SUMo scanning options and their meanings

Posted: Wed Jun 05, 2019 5:12 pm
by scheff
SUMo has an option for scanning. This option may have one of three values to choose from (ask, normal, in-depth). What's the meaning (semantics) and implications of these values?

I could only find another thread about a similar option for checking which I no longer can see. And it's this scan option where I ask myself what is meant by it and what should it mean. As I don't know the answer to the first question, I don't know to which extent it overlaps with the second.

With normal scanning I expect that SUMo finds all products installed including system programs and system integrator programs, since Windows 8 including those Windows Applications and UWP successors. I don't expect SUMo to find the components of those installed products in normal mode. It is ok for me if portable frameworks are only detected if storage location is provided via additional folder SUMo option. And unless Microsoft product reporting is disabled in SUMo (which is the default), I expect SUMo to report all these products, programs and applications.

With in-depth scanning I expect that SUMo finds additionally the components, plugins and add-ins to those products, programs and applications of normal mode. With in-depth scanning I further expect that SUMo no longer ignores those products, programs, applications, components, plugins and add-ins with empty, random of suspicious version info (issues https://www.kcsoftwares.com/bugs/view.php?id=1639 and https://www.kcsoftwares.com/bugs/view.php?id=1784). Various version management and software package management tools have alternative schemes in place for handling such inconsistent version information. I.e., I've Intel management software installed which claims being released about 6 months later then installed or Intel driver software claiming to be released 6 months before that company has been founded for hardware manufactured only for a few years now. With the amount of software expected in in-depth mode, it becomes increasingly important to become able to switch reporting between flat list mode and hierarchically grouped mode to ease understanding.

With inconsistent version information, I like the handling done by the Debian Linux team. They provide their own versioning scheme if the publisher has either a complex one or none. If the publisher has none, then Debians alternative is based on calendar date of integration into Debian distribution (not of the product but of the product version). If the publisher has a complex one, then Debian uses its own versioning scheme as a prefix to the publishers one with documented seperator.

As far as I can observe, SUMo does more in normal mode while still not finding all those products, programs and applications I expect. In in-depth mode it finds more but still only a subset of what I expect.

Intel Driver and Support Assistant does also scanning of computer for Intel Software including version information and update availability. It clearly states which kind of Intel Software will be ignored by this assistant. And it had been better in the past for those Intel Software adapted by system integrators. In the past it had reported these too, including release date and version when Intel provided updates but warned and refused to update such integrator adapted software. (Now it no longer reports those updates nor versions nor release dates. What's expected behaviour of DUMo for this kind of software?) It would be fine if SUMo adapts similarly to report which kind of software will not yet be detected and which kind of software not yet be reported although detected unless configured otherwise, and that this list shrinks.

HP Support Assistant is a software management solution coming preinstalled on normal computers, notebooks and tablets for consumers and business which have been integrated by Hewlett Packard (HP) and supplied with a Windows operating system. This software does also scanning of the local computer for software and the HP servers for available updates. It does take into account Microsoft software, HP software and third party software. Checking for available updates focuses on HP and Microsoft software and only a few third party software. It does not document which kind of software is ignored for update checking. This software ignored for update checking definitely includes HP software. HP has further alternative software management solutions free for download by its customers. Third party software scanned seems to be coming of Windows MSI database.

Concerning the incomplete SUMo scan, there is already a Mantis issue opened if I remember right for using all standard installation locations. I didn't succeed to look it up now. KC Softwares may take a look at another portable software tool of NirSoft called UninstallView (http://www.nirsoft.net/utils/uninstall_view.html or in system tools section of NirLauncher http://launcher.nirsoft.net/downloads/index.html) You may run it to get something that many scanners are doing (query Windows MSI database). If you take a look at its options, things get more interesting as it supports to include system tools and tools with either incomplete installer fields or incomplete version info and to include those Windows Apps. This gives a clue about standard locations still ignored by SUMo although not meaningful. Take a look on its findings and on its scanning for location and for missing information (meaning incomplete information provided by found software publisher). And taking a look into its advanced options show further options desired for SUMo and still not implemented. Some of these are already mentioned in forum or Mantis as feature requests. This tool is not for update management but for scanning / detection. These advanced options should be taken into account when redesigning the data model of SUMo for its next major feature update even if corresponding features are not implemented with the start of next major feature update. Otherwise desired features have to await several major feature updates due to too short-sided redesign and refactoring. Similar thoughts should be taken into account for redesigning the SUMo protocol (between SUMo client and server).

So if my impression is right and some consensus achieved on expected meaning / behaviour of the different SUMo scanning modes, a quick rewrite for normal scanning might be a solution shifting most of its current implementation into in-depth mode requiring more fundamental refactoring and extension to cover all kind of software and installation locations and (much better) coping with inconsistencies of detected software.

What about an import interface for SUMo so that CSV-Reports of other scanners can be imported and used by SUMo for checking and eventually learning storage locations (standard and non-standard)?

Re: SUMo scanning options and their meanings

Posted: Wed Jun 05, 2019 8:02 pm
by Kyle_Katarn
Good idea. Added here : https://www.kcsoftwares.com/bugs/view.php?id=5536

I'll try to implement this in 5.9.3 or 5.9.4

Re: SUMo scanning options and their meanings

Posted: Thu Jun 06, 2019 12:36 am
by scheff
scheff wrote:
Wed Jun 05, 2019 5:12 pm
SUMo has an option for scanning. This option may have one of three values to choose from (ask, normal, in-depth). What's the meaning (semantics) and implications of these values?
What about answering this question for the current implementation?
scheff wrote:
Wed Jun 05, 2019 5:12 pm
With normal scanning I expect that SUMo finds all products installed including system programs and system integrator programs, since Windows 8 including those Windows Applications and UWP successors. I don't expect SUMo to find the components of those installed products in normal mode. It is ok for me if portable frameworks are only detected if storage location is provided via additional folder SUMo option. And unless Microsoft product reporting is disabled in SUMo (which is the default), I expect SUMo to report all these products, programs and applications.

With in-depth scanning I expect that SUMo finds additionally the components, plugins and add-ins to those products, programs and applications of normal mode. With in-depth scanning I further expect that SUMo no longer ignores those products, programs, applications, components, plugins and add-ins with empty, random of suspicious version info (issues https://www.kcsoftwares.com/bugs/view.php?id=1639 and https://www.kcsoftwares.com/bugs/view.php?id=1784). Various version management and software package management tools have alternative schemes in place for handling such inconsistent version information. I.e., I've Intel management software installed which claims being released about 6 months later then installed or Intel driver software claiming to be released 6 months before that company has been founded for hardware manufactured only for a few years now. With the amount of software expected in in-depth mode, it becomes increasingly important to become able to switch reporting between flat list mode and hierarchically grouped mode to ease understanding.
Anybody wants to comment or propose different expectations for different modes of SUMo scanning?

Re: SUMo scanning options and their meanings

Posted: Fri Jun 07, 2019 7:30 pm
by Kyle_Katarn
Normal Scan : Checks from Start Menu shortcuts, Desktop shortcuts, + some predefined location and one-off scan from registry items. This is recommended method unless good reason to move in in-depth scan

In-depth scan : Normal Scan + Program Files. May lead to a LOT of extra items, but some of them being irrelevant.

In both case, additionnal folders can be scanned (see SUMo settings)