Wh
hite Pape
er
The Softwa
are Ide
entifica
ation C
Challen
nge:
Whyy it Matters, and
a What
W Yo
ou Nee
ed to Know
The Software Ide
entification
n Challeng
ge: Why itt Matters,, and Wha
at You
Need to
t Know
The So
oftware Id
dentificattion Challlenge
Any softw
ware produc
ct that needs
s to access, interact with
h, or report o
on installed d
desktop
applicatio
ons requires
s a method of
o 1) discove
ering and 2) recognizing those appliccations. Witthout
strong ap
pplication dis
scovery and recognition capabilitiess, software data cannot b
be properly
rationaliz
zed or presented in an accurate, unified, or trulyy meaningful manner.
Ascertain
ning the pres
sence of app
plications on
n a PC is a fa
airly straighttforward process from a
technolog
gy standpoin
nt. Howeverr, there existts no commo
on, standard
dized method for correla
ating
"discoverrable" applic
cation data in
ndicating the
e presence o
of an installe
ed program w
with its actua
al
software title, version
n, manufactu
urer, or othe
er important a
application d
data. In factt, most produ
ucts
that claim
m to discover and identiffy application
ns in an auto
omated fash
hion rarely de
eliver inform
mation
reliable and
a accurate
e enough to calculate the
e correct nu mber of insttalled titles. Most produccts
rely on one of two me
ethodologies
s: examining
g file headerr and analyzzing registry entries. Due
e to
the inherrent lack of uniformity
u
within the com
mputing envirronment, the
e use of anyy one of thesse
methods in isolation is inaccurate
e and/or inco
omplete.
File He
eader Exa
amination
n
File head
der analysis is one comm
monly used technique
t
fo
or identifying
g installed ap
pplications. The
advantag
ge of this approach is tha
at it's directly
y tied to the application executable; the presencce of
an applic
cation is dete
ermined by the
t presence
e of its exec utable(s). H
However, one
e major issu
ue
with file header
h
analy
ysis is the le
evel of reliability of the in
nformation th
he file heade
er contains –
many sofftware vendo
ors don’t pro
ovide comple
ete informatiion or don't u
update file h
headers on a
regular basis,
b
leading
g to inaccura
ate, inconsis
stent, or eve
en missing ap
pplication da
ata. For
example, the file hea
ader for Google's Chrom
me browser, w
when read o
on the Windo
ows platform
m,
reveals itts name and
d copyright, but
b no versio
on informatio
on at all. In a
addition, Ado
obe productts are
notorious
s for being named inconsistently, ma
aking it difficcult to evalua
ate data in a consolidate
ed,
unified manner.
m
But even
n for applicattions that do include relia
able informa
ation, a much
h more significant proble
em
often exis
sts. Applica
ations freque
ently consist of numerou s (sometime
es hundredss or thousand
ds)
executab
ble files, and in many cas
ses, multiple
e application
ns from a sin
ngle vendor may share o
one
or more identical
i
exe
ecutables. Because
B
file headers con
ntain no info
ormation reve
ealing the
relationsh
hip between
n executables, there's no
o way of kno
owing with w
which applica
ation they
correspo
ond. The nett results of basing
b
applic
cation recog nition on thiss information
n are:
a) artificia
ally inflated application counts
c
that may
m lead to the wrong cconclusion th
hat too few
licenses have been purchased
p
th
han are actu
ually required
d, and/or b) uncertainty as to which
on a shared executable represents.
applicatio
Registrry Analyssis
Many tec
chnologies re
ely on inform
mation conta
ained in the W
Windows reg
gistry to dete
ermine whatt
software is installed on
o a PC. Ho
owever, therre are some
e downsides associated with this
methodology. First, programs in
nstalled using
g means oth
her than the Windows installer are o
often
not detec
cted; and even when the
ey are, they may lack criitical version
n information
n. More
2
The Software Ide
entification
n Challeng
ge: Why itt Matters,, and Wha
at You
Need to
t Know
at shown in tthe Add/Rem
move Progra
ams control
importantly, registry information (such as tha
ow a produc
ct is package
ed from an in
nstallation p
perspective, not how the
panel) is based on ho
compone
ents of the product need
d to be evaluated from a licensing standpoint. In
n other word
ds,
each entry in Add/Re
emove does not necessa
arily indicate
e a separate
e application for which a
s required.
license is
Softwa
are Catalo
ogs
An altern
native to the identification
n methods described
d
ab
bove is the u
use of a softw
ware recogn
nition
database
e. Such "sofftware catalo
ogs" are gen
nerally built b
by teams wh
ho understan
nd how to turn
raw data into normalized informa
ation represe
enting how ssoftware is a
actually licen
nsed. Softwa
are
catalogs are thereforre usually more useful th
han the othe
er methods fo
or generatin
ng accurate
license counts
c
and evaluating
e
on
ne's license position. Witth this appro
oach, specia
al algorithmss are
used to allow
a
discove
ered executa
able file and
d other appliccation inform
mation to be compared w
with
applicatio
on data resid
ding in the database.
d
Th
he end resu lt is a list of normalized software title
es,
manufacturers, versions, and oth
her informatiion indicated
d by the disccovered data
a. Further,
software catalogs oftten contain other
o
"non-discoverable"" information
n originating outside the
e
desktop environment
e
t—such as software
s
cate
egories, SKU
U informatio
on, and just a
about any otther
relevant data point—
—that can be associated with the iden
ntified appliccation titles.
Assuming the algorithms are pro
operly constrructed, the ssuccess of th
he outcome depends on the
accuracy
y and compre
rehensivenes
ss of the sofftware datab
base. That iss where the A
Apptria Softw
ware
Catalog comes
c
in.
The Ap
pptria Sofftware Ca
atalog™
The Appttria Software
e Catalog eliiminates the
e need to relyy solely on inaccurate or incomplete
e file
headers and/or regis
stry entries to
o identify ap
pplications w
within the dessktop and se
erver
environm
ment. The da
atabase conttains an exte
ensive collecction of application titles and their
associate
ed details su
uch as versio
on, manufac
cturer, softwa
are categoryy, executable
e file namess, file
sizes, an
nd more. Ap
pplication info
ormation (su
uch as that ccontained within the Win
ndows registry
and/or file headers) collected
c
by an agent ca
an then be e
evaluated against the cattalog data to
o
correctly determine installed app
plication titles
s and versio
ons—a prere
equisite for u
using the
information in a meaningful way.
s, this “exec
cutable signa
ature” level o
of analysis iss sufficient. However, in
n
For mostt applications
other situ
uations, file signatures
s
are
a not enoug
gh to reveal information that's critica
al for making
g
licensing decisions. For example
e, executablle name and
d size alone aren't enoug
gh to determ
mine
whether a copy of Microsoft Acce
ess 2007 wa
as installed a
as a standallone productt, as part of the
Microsoftt Office 2007
7 Profession
nal edition, or
o as part of tthe Enterprisse edition. IIn such case
es,
further an
nalysis using
g Globally Unique Identifiers (GUIDss) is then ap
pplied to com
mplete the
identifica
ation process
s.
Once applications an
nd suites hav
ve been properly identifiied using the
e methods d
described ab
bove,
nalyzed and grouped in such
s
a way as to facilita
ate a variety of software
the results can be an
asset ma
anagement tasks. Without such ratio
onalization, ccapabilities ssuch as the following wo
ould
be virtually impossible:
3
The Software Ide
entification
n Challeng
ge: Why itt Matters,, and Wha
at You
Need to
t Know
Group and correlate
e all executtable files re
elated to a s
single application
Most app
Without pro
plications consist of more than one executable.
e
oper recognition and
rationaliz
zation, multip
ple related files may be incorrectly
i
in
nterpreted as independe
ent applicatio
ons
or, in som
me situations
s, not identiffied at all. Su
uch errors ca
an only be a
ascertained a
and correcte
ed
manually
y, an overwh
helmingly ted
dious and tim
me-consumin
ng process. The Apptria
a Software
Catalog contains
c
exe
ecutable info
ormation that enables yo
our product tto group all d
discovered
executab
bles that com
mprise a sing
gle applicatio
on, so that d
data can be e
evaluated fro
om a licensing
perspective.
heir installe
ed compone
ents
Correctly identify suites and th
Methods that analyze
e the registry
y will identify
y the presen
nce of a suite
e but genera
ally won't revveal
which co
omponents of
o the suite are actually in
nstalled. Thiis makes it e
extremely diffficult, for
example, to collect software usage data on individual pro
ograms in order to deterrmine wheth
her
they are actually bein
ng utilized. Other
O
techniq
ques that re
ely on executtable file info
ormation alo
one
may reco
ognize the in
ndividual suitte components, but cann
not provide tthe informattion necessa
ary to
identify th
he exact suite configuration. The Ap
pptria Softwa
are Catalog uses GUIDss in conjuncttion
with exec
cutable file in
nformation, making such
h analysis po
ossible.
4
The Software Ide
entification
n Challeng
ge: Why itt Matters,, and Wha
at You
Need to
t Know
Differenttiate betwee
en applicatiions that sh
hare a comm
mon executtable
Identifica
ation method
ds that rely solely
s
on exe
ecutable file information generally la
ack the detail
necessarry to distingu
uish between
n different editions of ap
pplications th
hat share a ccommon
executab
ble. This is th
he case, for example, with Microsoftt Project Sta
andard and M
Microsoft Pro
oject
Professio
onal—a critic
cal distinctio
on to make frrom a licensse and cost sstandpoint. The Apptria
Software
e Catalog als
so contains registry-base
r
ed informatio
on (in the form of GUIDss) which enable
proper id
dentification of
o such appllications.
Normaliz
ze variation
ns in applica
ation titles, versions, a
and manufa
acturer
Traditional methods of software recognition depend
d
on ssoftware pub
blishers to provide consiistent
information across all products and
a all produ
uct versions. Unfortunattely, it's rarely the case tthat
this information is co
onsistent from
m release to
o release (lett alone acrosss an entire product line
e),
even among the mos
st reputable manufacture
ers. The Ap
pptria Softwa
are Catalog normalizes a
all
the variations of any given software title, version, or pub
blisher into co
onsistent, fa
amiliar
nomencla
ature. For example,
e
sofftware licens
se agreemen
nts often allo
ow for simulttaneous verssions
or multiple copies of an application to be insttalled. Witho
out a way of normalizing
g different file
e
headers, discovered executables
s can't be grrouped unde
er a common
n application
n title. This ccan
present a significant challenge frrom a license
e managem ent perspecctive because
e each versiion
or installa
ation may be
e mistakenly
y viewed as a separate a
application rrequiring its o
own license.
The Appttria Software
e Catalog relies on exec
cutable file in
nformation th
hat enables all versions of a
given application to be
b consolida
ated under a single appliication title a
and manufaccturer, while
e
preservin
ng the versio
oning information.
5
The Software Ide
entification
n Challeng
ge: Why itt Matters,, and Wha
at You
Need to
t Know
The capa
abilities note
ed above are
e nothing sho
ort of criticall when it com
mes to virtua
ally every lice
ense
managem
ment function. Because
e the Apptria Software C
Catalog was d
designed to provide
applicatio
on identificattion utilizing multiple me
ethods—and
d has specialists dedicatted to
researching and valid
dating the ac
ccuracy of th
he data—on
ne can appre
eciate why so
o many worlldclass sofftware vendo
ors partner with
w Apptria Technologie
T
es to bring su
uperior application
recognitio
on to their own products
s.
About Apptria Technolo
T
ogies
Apptria Technologies
T
s was founded in 2011 by
b several exxecutives off Express Me
etrix, an indu
ustry
leader in developing IT and softw
ware asset management
m
t solutions. The Apptria
a Software
Catalog™
™ (formerly the
t Express Software Id
dentification Database [E
ESID]®), pow
wers the
applicatio
on recognitio
on within Express Metrix
x's flagship p
product, Exp
press Softwa
are Managerr.
Apptria Technologies
T
s' singular fo
ocus is to de
eliver reliable
e and trustwo
orthy softwa
are recognitio
on
capabilities to its OEM partners in
i order to in
ncrease the vvalue and uttility of their own techno
ology
offerings to customers.
Contacct Apptria
a Technologies
Web: ww
ww.apptria.c
com
Email: in
nfo@apptria.com
Phone: 1.888.589.7
1
042
6