PC Audit from PCProfile provides Network Inventory, Anti Piracy PC Audit advice, Software Audit, License Audit Solutions to overcome - Piracy, Illegal Software, Warez in your organization to reduce your risk!

This product can be used to identify and match "legacy application" files created from any software inventory listing in ASCII format for assessment and scrutiny of COTS software licensing detail and software identification.

Conducting Software Inventory and Assessment and using a legacy database

OK, after using an audit tool or your own techniques, you've still unable to identify some exe, sys and com program files after conducting your software inventory. If you have been using our audit software we identify and name as many programs as we are permitted to do (around 90% upwards) by industry "standards" in place. The problem is the industry (including Microsoft) doesn't follow the practises that have defaulted to standards!

The audit tools that we provide contain electronic detection methods to identify and name those files that have specific detail embedded within the executable. Many vendors DO NOT include that detail so there will be some files that most audit tools vendors cannot identify. If any audit vendor tells you they can identify 100% of all files, be very wary!

The "unnamed software list" that occurs with MOST audit programs still needs substantial detail to enable you to identify what these "unidentified" programs are to enable you to achieve software compliance.

To complete the task you may need an inexpensive legacy file database to identify these. Our Legacy Application Data base can go someway towards providing the clues as to what is left over after an audit.

We supply a database for your guidance, which contains approx. 45,000 program files (with approx. 33,000 exe, sys and com files included) as an indicator of the software that is resident on the local computer systems you are auditing. The database is supplied in EXCEL 97 format. This database is provided as a GUIDE ONLY and is designed to be a kick starter that you can use to add to with your own local knowledge and inventory details.

Our single database in EXCEL 97 format contains approx. 45,000 file names (including some DLL's) based on most commonly available software. The database includes details of DOS 7 and Microsoft Windows 95, Windows 98, Windows NT and NOVELL software as well as major software vendor programs such as Microsoft and other more common business software e.g. LOTUS etc. The database is NOT COMPLETE AND NEVER WILL BE due to the reasons outlined above. As a result of the Year 200 date issues when new software was compiled for many applications that the true size of any database should be well in excess of 750,000 file names! BONUS OFFER - we supply a list of over 3000 FILE extensions and their common names for your guidance.

Load the database to your network and write a parsing routine to parse all the audit files gathered against the database to create a list of matched/unmatched files. Most larger organisations can achieve this very quickly using Access or Excel macro routines.

If you are running SMS, NetCensus, UniCenter, Tivoli, Tangram and other inventory tools you could export the database to ASCII (you may need to tailor the output file to suit) and then reload it to these other inventory packages to increase your software tracking capability!

It is physically and electronically impossible to positively cover ALL the permutations and combinations of software naming and associated parameters that could be used to accurately determine that a particular program, stored on YOUR PC IS xxxxxxxx.

The total size of any database should now exceed 650,000 individual program names as a MINIMUM! This is not counting shareware, demonstration files and beta release programs, and the plethora of Internet related software being released for browsers etc. Databases of the size suggested above need to be loaded and created in Oracle, Sybase etc. as many other lower end database systems will not cope with the volume of records.

Most databases (if not all) WILL not identify RENAMED program files and files specifically hidden by staff who want to beat the audit. Some audit software attempts to do this but you need to include not only the program name, but the file byte size - or a range of byte sizes to cover revisions, or the adding of CRC check summing for anti-virus software; date of creation; and alias names. This blows the database to a horrendous size, and becomes TOTALLY impossible to maintain.

Some Internet sites are now providing around 50,000 programs in their downloadable lists as freeware or shareware titles. Our database DOES NOT INCLUDE any of these sites or these programs.

There were tens of thousands of replacement software programs which appeared when each vendor provided Year 2000 "ready" software etc. These are also not included.

We suggest that you load our database file to your own system and add to it your own local knowledge of installed software which then becomes tailored to your own legal state of ownership, rather than containing every program written to date!

You will NEVER keep up if you try and track every program. You will also need to allow for all the demo software that staff load to your systems as these leave behind program files even when deleted!.

Even major program vendors such as Microsoft, Corel, Symantec etc. are impossible to track as to all their releases, which by definition must include all patches, internal releases etc.

In this regard the software industry around the world has made life unnecessarily hard as there has been no consideration given to a naming convention other then the standard 8 + 3 file name, which will probably stay the same even with Win95/Win98 due to backward compatibility reasons.

There is no consideration given to a standard file format that enables package name and serial number and version to be auto-detected CONSISTENTLY AND REPEATEDLY and there also is very few software manufacturers who provide a packing list which contains this data. Microsoft itself is very intermittent on this issue with some products having limited detail, with others none at all!

INFORMATION NOTE 2004

The legacy application database (its an Excel 97 file) set contains 33,000 exe files with 44,000 total (approx 11,000 various other files (ZIP, DLL, DRV, PIF, OVL, BIN etc) We call it "legacy applications" as many of these have passed there use-by-dates and are no longer installed, although from time to time we do see some still in use at some sites.

We stopped maintaining this database for 3 reasons in March 1999. However it is still useful for many sites running older version software!

1. The Year 2000 caused a significant number of recompiled software versions (with different byte sizes etc) to be flooded back onto the market (our estimates at that time was the real size the database needed to be was of the order of 650,000 applications (all languages, all versions)! This meant running it in Oracle/SQL etc which made it beyond reach of many sites except the very large.

2. The ability to detect and match using database matching technologies became obsolete due to the issue of the number of false positives. This didn't help audit teams get the issue right and for many they went on wild goose chases after false identified apps. Unfortunately this is still true for many of the audit tools on the market today which persist in using matching techniques".

3. We created an audit tool solution that required NO database for matching as it stripped all the details from the software internals and came up with a naming to detection ratio of greater than 90% initially , (now its risen higher) of applications listed on a PC. Have a look at the data we generate in around 15 seconds per PC (XPPro O/S) using our software audit tools http://www.pcprofile.com/auditbaselinev4.htm. The results files are located at http://www.pcprofile.com/XPProfiles.zip, and applications have been named without any reference database. The audit results files contain “no false positive results”. The "naming to detection ratio" on a range of XPPro machines is ~ 91%. The ~ 9% unnamed are purely due to the vendors NOT including sufficient (or any) details within their software build details, yet most are identifiable by their folder names so this ought not be an issue. They are generally "accessory type" files associated with the main application package. The fault with being unable to detect these names lies directly with the vendors and not with our software! Microsoft still hasn’t named some of its applications internally!

IF YOU WANT TO STRENGTHEN YOUR SOFTWARE COMPLIANCE POLICY AS WELL AS & CONTROL THE ADDITION OF NON_COMPLIANT SOFTWARE TO YOUR SYSTEMS THEN:

There are TWELVE key strategies you can use to lower the cost of software compliance audits.