Secunia CSI7
Create Profile
Our Commitment
Open Discussions
My Threads
Create Thread

Forum Thread: Wireshark x86 update to v1.8.7 interactively prompts whether to u...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
Wireshark Foundation
And, this specific program:
Wireshark 1.x

This thread has been marked as locked.
libove Wireshark x86 update to v1.8.7 interactively prompts whether to uninstall v1.8.6 first
Member 28th May, 2013 08:10
Ranking: 31
Posts: 70
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
When PSI (also, xSI/ SmallBusiness) tries to automatically update Wireshark (this is on a 32-bit platform, in case it matters) from v1.8.6 (installed) to v1.8.7 (new), PSI successfully launches the 1.8.7 installer ... which *interactively* prompts the user whether to uninstall v1.8.6 first.

There are a few possible resolutions to this:
* Just automatically uninstall the old version (my guess is this is the "right answer" in the vast majority of cases, and PSI/xSI/ SmallBusiness are meant for the vast majority of cases), or
* Make it "Manual needed" (accurate, although less efficient for most cases), or
* Enhance the xSI/SmallBusiness interface especially (maybe also PSI) to allow the administrator to decide at the time of authorizing that particular update, whether to also keep the old version.

Jay Libove

libove RE: Wireshark x86 update to v1.8.7 interactively prompts whether to uninstall v1.8.6 first
Member 28th May, 2013 08:22
Score: 31
Posts: 70
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
Hm. Two more complexities with auto-updating Wireshark:

1. On uninstalling the older version, there's the further prompt about which settings to remove/keep. The "almost everybody does it this way" default would be "remove the global stuff, keep all the personal settings". (There are in fact the uninstaller's defaults). This (in addition to the "uninstall/keep old version" decision) would need to be handled correctly by either the repackaged xSI installer, or an administrator pre-option for that package update in the xSI console.

2. Today, for the first time in years, the version of WinPCAP has been updated. WinPCAP 4.1.3 has been recently released. The prior 4.1.2 version had been stable for almost three years. (This new release adds support for Windows 8 and Windows Server 2012, so it is timely).
See changelog:
Since Wireshark can include WinPCAP, and by default will offer to upgrade WinPCAP if an older version is found, the repackaged xSI installer would need to handle this also. And here we bifurcate:

2(a) If the older version of WinPCAP is not insecure (simply older), then it shouldn't be upgraded by default; that's xSI's philosophy, and I agree. (In this particular case, of WinPCAP 4.1.2 -> 4.1.3, I'm not quite sure whether the bugfixes count as security issues; one of them at least might allow denial of service, so I guess this one is security [availability] related).

2(b) But, even though WinPCAP is part of a Wireshark install/upgrade, is that where xSI should handle it?
Or should xSI look at WinPCAP as its own installed product, and the repackaged xSI installer for Wireshark should never change the installed WinPCAP version?

I vote for 2(b), because the way Wireshark delivers WinPCAP is convenience. Wireshark includes the full WinPCAP installer. There is no difference in the results obtained between:
A. upgrade WinPCAP, upgrade Wireshark; and
B. upgrade Wireshark (and let its upgrade WinPCAP)

Other cases of software needing an update including other software which might need an update may vary. (The 27 different copies of MSXML which appear on all systems which have lots of different software on them, comes to mind). Each of those must be treated separately.

Was this reply relevant?
E.Jeppesen RE: Wireshark x86 update to v1.8.7 interactively prompts whether to uninstall v1.8.6 first
Secunia Official 28th May, 2013 12:39
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Last edited on 28th May, 2013 12:40
Thank you for the information. We are currently investigating to see if there are any issues with our version rule for Wireshark that need to be corrected.

This thread has been marked as locked.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability