Jump to content

Nirsoft Utilities


maiki
 Share

Recommended Posts

The very useful and legitimate freeware Nirsoft Utilities are all flagged by MBAM as malware! (Yes, I know that other AV-malware programs do that too, but that is no excuse.)

This has been reported many times.

Even if the Nirsoft Utilities have some traits that can get them listed as malware, since I am sure you know that they are not malware, can't you whitelist them somehow?

Thank you.

Link to post
Share on other sites

  • Staff

There are 2 groups of people that use these tool. Experts using them as intended and trojanized versions being used for nefarious purposes. The expert will see and understand the warning and select ignore while the unsuspecting user will be protected from trojanized versions.

This is also the same for multiple other hacktools that can be used in the same 2 circumstances. We put the average Joe user first, I am not sure why any true expert would have any issue with this.

Link to post
Share on other sites

There are 2 groups of people that use these tool. Experts using them as intended and trojanized versions being used for nefarious purposes. The expert will see and understand the warning and select ignore while the unsuspecting user will be protected from trojanized versions.

This is also the same for multiple other hacktools that can be used in the same 2 circumstances. We put the average Joe user first, I am not sure why any true expert would have any issue with this.

I never heard of any "trojanized versions". AFAIK, there is only one p[ace to download them: www.nirsoft.net Very useful free utilities.

As far as experts knowing that your flagging Nirsoft Utilities as "malware" is false positive, and ignoring them, not everyone is that much of an expert, but could still find some of these utilities useful. A lot of people, if on a malware scan, see a list of threats and infections the app wants to remove, most will juct click remove all, before studying it carefully. Then, next time they want to ues the Nirsoft utilities, they will be suprised, no longer there.

Also, some might be convinced that Nirsoft Utilities really are malware (due to being so flagged), although they are not.

I don't think it is good to block as malware, spps that are not that at all!

There is an interesting fact on the blog at nirsoft.net. A similar package of small freeware utilities, the Systernal Utilities, used to get many false positives also. After Systernals was bought by Microsoft,however, that package is never listed as malware any more. Why? Is it because no one would want to mess with a giant company like Microsoft, ane perhaps get sued for falsely labeling their software as malware? And no similar concern about a small freeware utility developer?

Link to post
Share on other sites

  • Staff
I never heard of any "trojanized versions". AFAIK, there is only one p[ace to download them: www.nirsoft.net Very useful free utilities.

There are tutorials all over, it is unfortunately very simple.

As far as experts knowing that your flagging Nirsoft Utilities as "malware" is false positive, and ignoring them, not everyone is that much of an expert, but could still find some of these utilities useful.

We do not flag them as malware, we use terms that are more obvious that these are tools.

There is an interesting fact on the blog at nirsoft.net. A similar package of small freeware utilities, the Systernal Utilities, used to get many false positives also. After Systernals was bought by Microsoft,however, that package is never listed as malware any more. Why? Is it because no one would want to mess with a giant company like Microsoft, ane perhaps get sued for falsely labeling their software as malware? And no similar concern about a small freeware utility developer?

We have nothing to do with either company. If there is a package of tools that can easily be trojanized we would also detect is as a tool and let the user figure out what the detection means to them.

I am sorry if you have a problem with our position of putting the novice user first and letting more advanced users read and understand the detection.

Let me be very clear here. If I developed a tool that extracted critical personal info from a system I would personally give it to every AV and request that it be detected as a hacktool as I understand exactly what it could do in the wrong hands. I would then expect that an advanced user using the tool and knowing what it does would see hacktool and understand exactly why this was happening.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.