Free utility suite bundles over 100 tools

Topic

New Reply

	PERIMETER SCAN[/size][/font] Free utility suite bundles over 100 tools[/size]
	By Ryan Russell A popular Windows utility maker offers its suite of apps as a single download with a new application launcher that makes picking and running a utility quick and easy. The suite covers everything from an application-crash reporter to a Windows updates viewer — and over 100 other titles in between.[/size]

---

The full text of this column is posted at WindowsSecrets.com/2010/05/20/07 (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I’ve never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
Trojan:Win32/Blad!irts – Alert Level High
HackTool:Win32/Passview – Alert Level Medium

I would really like a response to this question but I’m not sure how to get it since the end of the column says:

“Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.”

Reply | Quote

Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I’ve never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it?

Yes, it would be a good idea to discuss the security implications of any download. However, your issue is with Nirsoft, and they have a page that discusses the problem here:
Nirsoft blog about Antivirus Companies

Good luck!

Kevin

Reply | Quote

Yes, it would be a good idea to discuss the security implications of any download. However, your issue is with Nirsoft, and they have a page that discusses the problem here:
Nirsoft blog about Antivirus Companies

Good luck!

Kevin

Sorry Kevin. How is this an issue with Nirsoft?

Microsoft Security Essentials flagged the same 2 files on my system when I downloaded the Nirsoft Utilities. It was easy for me to “allow” the Passview file because I had a sense of why it was flagged and felt comfortable letting it stand. However, I could not find such a file as “Trojan:Win32/Bladi!rts” in the list of files being downloaded.

So I went to the MS Malware Protection site and here’s what it says: “Trojan:Win32/Bladi!rts is a name used for trojan detections that have been added to Microsoft signatures after advanced automated analysis.” and “There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).” Pretty informative isn’t it.

Then I tried submitting a sample for analysis but I can’t find the Bladi!rts file on my computer even though I “allowed” it in MSE.

It seems that some file that’s part of the Nirsoft download has been flagged as Critical by a security software routine, given a generic name and we’re told that it’s asymptomatic. What’s wrong with this picture?

Regards,

Dan

Reply | Quote

Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I’ve never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
Trojan:Win32/Blad!irts – Alert Level High
HackTool:Win32/Passview – Alert Level Medium

I would really like a response to this question but I’m not sure how to get it since the end of the column says:

“Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.”

I had the same problem. So I went to the MSE and clicked settings. Then went into the Default actions. In that window at the bottom there is a click on/off thingy which says “Apply recommended actions…blah blah” I Unclicked that and the downloaded the Nir package. A little window came up saying “The file you are downloading….” and on that window it says “Disregard and download unsafe file….”. I clicked on that and eveything went fine. Then I moved the unzipped Nir package into my USB fob. Deleted all the Nir stuff from my hard drive and put clicked the MSE back on.

Now my problem is how to make the USB fob read only. Any advice welcome.as to how?

Regards

Reply | Quote

Now my problem is how to make the USB fob read only. Any advice welcome.as to how?

Regards

Welcome to the Lounge, Shariff!
The only way I am aware of doing this effectively and economically is to purchase a USB flash device that has a write protect switch. Check out this CNet page for some ideas.

Reply | Quote

Many legitimate companies offer password recovery tools. If it’s a tool that can be used by the bad guys, many anti-malware vendors will classify it as a Trojan or Virus, even though most of us might need it someday and will use it for good and honest purposes. I’ve used NirSoft products before and they are legitimate. Never caused any issues on any of my computers. You can temporarily turn off your MSE by clicking Settings tab > Real-time protection > uncheck the “turn on” box. You may have to turn off your SmartScreen Filter, too. To see if you’re using SmartScreen Filter, click Tools (in the menu bar, upper left of screen next to File, Edit, View, etc.) and follow the prompts to temporarily disable it. Even if you turn off your MSE the SmartScreen filter will block the NirSoft download. Don’t forget to turn MSE and SmartScreen Filter back on when finished.

Reply | Quote

Another nice launcher for the Nirsoft utilities but also for Sysinternals is KLS SOFT – WSCC – Windows System Control Center.

Joe

--Joe

Reply | Quote

Between MSE and Avira, there were about 17 malware warnings (some at once) between the unzip and opening the program. The first batch includes Trojan: Win32/Bladi!rts, Hacktool:Win32/Passview and astlog.exe – SPR/PSW.Asterisk.C, while the latter include the password related apps, the key/keyview/view/dump apps. Almost all of those are listed as SPR/… malware. I wrote Windows Secrets about this before thinking of stopping by here.

I assume (and hope) all of these are related to the nature of the apps themselves, and thus false positives not malware. What bothers me is that this should have been checked prior to publishing and then spoken to in Ryan’s article.

Btw, what app is “Trojan: Win32/Bladi!rts” related to?

Reply | Quote

Hi all, and welcome to all first time posters in the Lounge!

I want to let all who enter this thread know that Roger Farmer also posted his question in the Windows 7 forum in this thread , which has since been moved to the Security & Backups forum.

We want to encourage anyone interested in the topic of AV alerts concerning the Nirsoft product to post in the Security & Backups thread. The thread in the Security & Backups forum has the most potential for discussion as many veteran loungers will frequent the Security & Backups forum and participate in the discussion.

Thanks, and enjoy the Lounge!

Gerald

Reply | Quote

Gerald, please clarify. This thread would seem far and away the most logical place for discussion of the issue, on the face of it, and is a Windows system version neutral forum.

Reply | Quote

Gerald, please clarify. This thread would seem far and away the most logical place for discussion of the issue, on the face of it, and is a Windows system version neutral forum.

Yes, I agree. And the Security & Backups forum should be even better.

Thanks

Reply | Quote

Just signed up to forum to add my first-time-disappointment with your advice… altho I trust your site implicitly, I automatically scan all downloads w/AVIRA…. it detected 15!!! viruses??!!?! … wut-up?? any Quality Control on WS?… did author ever try the ‘download’ for effectiveness?? tell me I made a mistake… tx

Reply | Quote

Just signed up to forum to add my first-time-disappointment with your advice… altho I trust your site implicitly, I automatically scan all downloads w/AVIRA…. it detected 15!!! viruses??!!?! … wut-up?? any Quality Control on WS?… did author ever try the ‘download’ for effectiveness?? tell me I made a mistake… tx

Did you read the other posts about this particularly numbers 3 & 4 in this thread?

Joe

--Joe

Reply | Quote

Here’s the reply I got from Avira, after submitting all the Nirsoft Utilities files getting warnings from Avira and MSE:

“Thank you for submitting this suspect files. Well we’ve analyzed these files again and cannot detect any false positive report. So our detection with SPR (Security Privacy Risk) is correct cause these files are opening some network ports which provides security risks.

If you need to use this application you have to exclude this application folder and files in AV guard and AV scanner.”

Reply | Quote

I just downloaded the NirSoft bundle as suggested in the newsletter article and opened the launcher but it’s window is completely empty! What am I supposed to do to get this set up for use? I extracted the ZIP file onto a flash drive.

BTW, to all the people who have posted about viruswarnings: The article did point out that this is likely to happen because of the nature of these programs — they dig into things and open ports, etc.; the same kind of things that a virus or trojan does, except these programs are supposed to do that, that’s why we use them. In fact, if my memory is correct, the article stated that if you antivrus/antimalware program does not complain about some of these programs you should look for better protection!

Thanks, Bill

Reply | Quote

BTW, to all the people who have posted about viruswarnings: The article did point out that this is likely to happen because of the nature of these programs — they dig into things and open ports, etc.; the same kind of things that a virus or trojan does, except these programs are supposed to do that, that’s why we use them. In fact, if my memory is correct, the article stated that if you antivrus/antimalware program does not complain about some of these programs you should look for better protection!

Your memory is faulty. I’ve just reread the article twice, and it addresses none of the security issues raised here. The link between the nature of these programs and security issues, however true or not, is your reasoning.

Reply | Quote

Highstream,

Well, I just looked in the newsletter for that statement and didn’t find it too! I read that statement on the same day that I read the newsletter but I don’t know where I read it! I looked on the NirSoft site and did find a pretty compete explanation on this subject that I did read before downloading but I didn’t find the statement that if your antivirus doesn’t flag something in the NirLauncher group then you probably should get a better antivirus/antimalware. The extensive discussion on the subject of protection programs complaining about the NirSoft utilities can be found here.

Bill

Reply | Quote

Highstream,
Well, I just looked in the newsletter for that statement and didn’t find it too! … The extensive discussion on the subject of protection programs complaining about the NirSoft utilities can be found here.
Bill

Thanks. It doesn’t look like I mentioned that NirSoft defense here, but I did read it right off and gave the link and files to Avira. They examined them again and wrote back to reiterate their warning. Basically, their claim is that the way those utilities work opens up channels for attack. That’s the catch-22 of anti-malware programs.

Reply | Quote

After downloading NirLauncer from the link provided in the newsletter,My MSE went nuts.
(nirsoft package 1.06.04.zip)

I had not opened the zip file,merely loaded it. address was:launcher.nirsoft.net/download.html

Thanks

Reply | Quote

Yes, anti-malware programs and snooping utilities certainly don’t get along with each other very well.

Bill

Reply | Quote

Apologies for being late to the thread, I’m just now getting involved in the lounge.

Readers have already answered the concerns, but I just want to reiterate what was said. I’m also going to incorporate this into a follow-up article.

I have on many previous occasions indicated that the security/auditing tools will often be flagged by anti-malware tools. I did neglect to reiterate that in this column though, sorry for that.

I did download and try the tools, as indicated. Windows Secrets has been writing about and recommending Nirsoft for years. I am fully confident that the site is not illegitimate in any way. I have not analyzed all of the 100-odd files manually myself, but I have reviewed the classifications that nearly all of the AV vendors applied. They are intended as warnings, or in some cases, there are bad heuristics in play.

Nirsoft is not doing anything wrong, and neither are the anti-malware companies. But it does put the users in a tough spot. It puts you in the position of having to decide, on the fly, if this is ok or not. Without really being able to do any significant research before deciding. The best course of action is to disallow, review the classification or vendor write-up, and then proceed.

Or not. To be completely fair, if you’re unsure, it’s probably best to disallow it. Here’s why: I could prove 100% beyond a doubt that something is safe, write it up, and publish it. And then the next day, the site in question could slip in something different. Or the site could get compromised. Or your ISP could suffer a DNS cache poisoning attack, and you could end up talking to a malicious server.

This does kinda suck if you’re a small tool vendor, though. And most consumer AV doesn’t make it obvious how to change your classification policies, if you can do it at all. Especially since I think the “might be unwanted” classifications are mostly for corporate users, who DO have the ability to tweak these policies.

Reply | Quote