Upcoming Changes to some Nirsoft tools (download now while available) - gHacks Tech News

Upcoming Changes to some Nirsoft tools (download now while available)

If you ask Windows professionals and experienced users about tools that they like and use a lot, chance is that Nirsoft and the programs created by Nir Sofer make that top list.

All Nirsoft programs are portable, very functional and easy to use. There are dozens of them for many different purposes like CurrPorts for a quick list of all open ports on the system. SearchMyFiles to locate files on the system or ShellExView to manage Shell extensions easily on the system.

Nirsoft has released security related tools as well, for instance some that display passwords saved in web browsers or email clients.

Downloads of Nirsoft applications or even access to the website may have been blocked in the past by security software installed on the system. I was notified about this by users here on the site who complained about that when I reviewed programs but cannot imagine how much emails Nir Sofer must have received about this on a weekly basis.

A blog post today sheds some light on this and how things have changed in recent time. Google started to tighten the security of the Chrome browser and along with it came the issue that Nirsoft program's and the website itself were not only blocked by some antivirus applications anymore but also by a browser that is widely in use.

nirsoft blocked

To make matters worse, Mozilla is using Google's Safebrowsing information so that Firefox blocked the same pages and programs as the Chrome browser.

I assumed that the blocking was done in error but Nirsoft seems to believe that this is not the case. While all of the programs can be used for good, some can also be used for bad things such as recovering passwords on a user system without the user knowing about it.

Nir Sofer identified the command line versions of his password recovery tools as the main culprits and decided to remove the command line options from these tools.

He hopes that the removal will lead to less blocking of programs and the website itself by antivirus software which in turn may lower the chance that Google Chrome and Mozilla Firefox do the same thing.

Now, these command line tools are not gone and the current plan seems to be to move them to another website instead to avoid them having an impact on the main Nirsoft website.

It is not clear when the changes will be carried out. For now, you can still download the programs from the Nirsoft website and if you rely on them, may want to do so especially if you require the command line version of these tools. The easiest way to do that is to download the NirLauncher Package from here.

You may get an error here depending on which browser you use. Firefox refused the download for instance as you can see on the screenshot above.  If you use Firefox, you can disable Google's Safe Browsing for example and Chrome users can do the same in their browser.

Summary
Upcoming Changes to some Nirsoft tools (download now while available)
Article Name
Upcoming Changes to some Nirsoft tools (download now while available)
Description
The command line versions of some Nirsoft applications will be removed in the near future due to them causing browsers and programs to block downloads and access to the website.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Joe said on September 22, 2014 at 4:54 pm
      Reply

      Even Macintosh anti-virus software sees it as a threat:

      http://s28.postimg.org/tdsfuy65p/Screen_Shot_2014_09_22_at_10_51_10_AM.png

    2. jasray said on September 22, 2014 at 5:06 pm
      Reply

      May be a good time to download the 7.3 version of GE Geek Tech Toolkit:

      http://www.gegeek.com/

    3. ilev said on September 22, 2014 at 5:36 pm
      Reply

      With Chrome you can force the blocked download by opening the download folder and forcing download.

      1. Martin Brinkmann said on September 22, 2014 at 6:03 pm
        Reply

        Right, good point Ilev!

    4. city_zen said on September 22, 2014 at 6:00 pm
      Reply

      A good alternative to the NirLauncher Package is the Windows System Control Center (http://www.kls-soft.com/wscc/), which is also a free launcher program that integrates not only all of NirSoft’s tools but also all of Sysinternals utilities. Worth checking out.

    5. Jojo said on September 22, 2014 at 8:15 pm
      Reply

      Comodo AV typically flags some of his tools. I have to add them to the exclusions.

    6. Armond said on September 22, 2014 at 9:12 pm
      Reply

      Here, I have no problem downloading the ZIP file with Firefox, even if I delete my user profile and reset all settings. So maybe it is no longer blocked by Google? Both checkboxes are checked in the Security tab in the Advance settings. Thanks.

      1. Martin Brinkmann said on September 22, 2014 at 10:59 pm
        Reply

        Maybe it is, or it is a new version that has been uploaded. Don’t really know.

    7. Peter CM said on September 23, 2014 at 3:05 am
      Reply

      The latest version of Pale Moon (a Firefox fork) downloaded NirSoft Launcher, GEGeek Tech Toolkit, and WSCC (Windows System Control Center) without a hiccup. Of course, there’s probably no reason for WSCC to get blocked, but I thought I might as well mention it. (This is off-topic, but I’ve had so many fewer problems with Pale Moon than with Firefox since Firefox v. 29 came out that I switched to Pale Moon as my default browser. I guess this download-screening business will soon be one more case in point.)

      If memory serves, either Sophos and/or AVG used to consistently quarantine a couple of Sysinternals utilities as malware. (I’m pretty sure one of them was pskill.exe; I don’t remember the other.) I’ve never had that problem with Avast.

      1. Anonymous said on September 24, 2014 at 5:42 am
        Reply

        Count me in as a fan of Pale Moon. Firefox would not even let me download iTunes today. I had to use IE (uhh!).

      2. Peter CM said on September 24, 2014 at 8:41 am
        Reply

        You know what? I spoke too soon with respect to Avast. I attempted to download and “install” all of the NirSoft utilities using WSCC, and Avast balked at allowing two of NirSoft’s password-recovery utilities. One of them I was able to download by entering a path exception in Avast, but the utility that allows you to recover passwords for Internet Explorer, Outlook, and MSN (?) Explorer remained a no-go. Because I don’t use any of those programs (except for IE on rare occasions), I wasn’t motivated to press on for a solution.

        By the way, I now recall that the other Sysinternals utility that Sophos and/or AVG used to quarantine in addition to pskill.exe was psexec.exe.

    8. Uhtred said on September 23, 2014 at 11:08 am
      Reply

      firefox 30.0.2 downloaded fine
      but Malwarebytes Anti-Malware doesn’t like the password thing
      Malware Database: v2014.09.23.03
      Rootkit Database: v2014.09.19.01
      Files: 1
      PUP.Nirsoft.AsteriskPasswords, C:\Users\…\Downloads\nirsoft_package_1.18.76.zip, Quarantined, [a966b23f522963d37abaa36fd23357a9],

    9. G446 said on September 23, 2014 at 1:37 pm
      Reply

      WSCC (which file size on download is smaller than that of NirLauncher Package) is usually updated days after the latest release version of NirLauncher Package. The latter package’s latest version has a perfect detection ratio from VirusTotal.

      @Peter CM Pale Moon has no support for Google SafeBrowsing. It is recommended for now to download NirSoft’s programs from browsers that has Google SafeBrowsing disabled, and via download managers.

    10. CoolCatBad said on September 23, 2014 at 1:37 pm
      Reply

      “password recovery tools”, that is what triggers the malware alerts, Magical Jelly Bean Keyfinder does the same.

      Nir Sofer is one righteous coder, I think he should sue for Defamation.

    11. hum said on September 23, 2014 at 5:37 pm
      Reply

      NirLauncher is already lacking some proper versions of the password-recovery-tools, i.e. all programs modified on September 17th.

      EDIT: Last version before the change:
      http://download.nirsoft.net/nirsoft_package_1.18.76.zip

      GOGOGOGOGOGOGO!

    12. Leandro said on September 23, 2014 at 6:44 pm
      Reply

      Good for me I’m an advanced user and do not use any firewall (execpt windows’) nor antivirus.
      Hail to the freedom and cpu usage = 0%!
      Now, Nirsoft could make all it’s tools available for download via torrent. Besides packing them executables with UPX and/or changing it’s .exe signature/header may prevent these antivirus from sniffin them.

    13. Zeus said on September 24, 2014 at 10:14 pm
      Reply

      Honestly, guys, I think this might be the straw that broke the camel’s back.

      I think I might finally switch over to Pale Moon.

      Does anyone recommend the 32 or 64-bit version of Pale Moon? I’m on Win 7 64-bit Pro.

      1. Peter CM said on September 25, 2014 at 2:35 am
        Reply

        When I started using Pale Moon as my default browser, I switched from 64-bit Pale Moon to 32-bit Pale Moon because there are still a lot of plug-ins that aren’t offered in 64-bit versions and because I have only 4GB of RAM. I haven’t noticed a big difference between the two, although some people say that 64-bit Pale Moon runs a bit more slowly. I also got the distinct impression that 64-bit Pale Moon used somewhat more baseline RAM than 32-bit does. I’d say if you’ve got ≤4GB of RAM, go with 32-bit Pale Moon, and if you’ve got >4GB and have memory-hogging extensions installed (like AdBlock Plus) and/or tend to run sessions with large numbers of tabs (≥ … 90? 100?), go with 64-bit unless there are some unsupported plug-ins you can’t live without.

        By the way, take a look at Pale Moon’s instructions for replicating your Firefox profile in Pale Moon. They’re pretty straightforward. Good luck!

    14. BKV said on September 24, 2014 at 11:43 pm
      Reply

      64-bit of Pale Moon. I’m on using it on 2 of my systems, and I’m pleased with it.
      Haven’t used actual Firefox in a long time.

    15. Zeus said on September 25, 2014 at 2:48 am
      Reply

      Thanks for the advice! I have 8GB of RAM, and 64-bit browsing is something I always wanted to try, so I installed Pale Moon 64 and ported over my Firefox profile without any problem.

      As for plugins, the only ones I wanted were Flash and Silverlight (for Hulu/Netflix/YouTube), and both 64 versions seem to be working perfectly! :)

      I’m using a Firefox Persona called “Firefox Carbon” and overall it looks really nice. Plus, this feels more like a web browser to me, and less like… whatever Firefox is in the process of slowly becoming. ;)

    16. chesscanoe said on September 25, 2014 at 5:38 pm
      Reply

      Running Win7x64 Home and Fx 32.0.3, I had no trouble downloading the Nirlauncher Package from
      http://download2.nirsoft.net/nirsoft_package_1.19.1.zip . Extracting it caused Microsoft Security Essentials Prerelease to pop a warning message on 5 of the files. I simply closed each warning message by clicking its “X”. I later opened MSEP and allowed each of those files to be ignored by MSEP. I did not know of many of the files in Nirlauncher Package, and of those I’ve now tested, they all work very well. Thanks for the super tip.

    17. PW said on December 6, 2014 at 3:14 pm
      Reply

      Interesting article.
      If anyone is still following this article, I just tried to get to the site today, where I have gone to it previously but not for some months.
      Now, it is blocked from that side, with the following window:

      This site has been blocked by the network administrator.
      URL: http://www.nirsoft.net/

      Block reason: Forbidden Category “Pay to Surf Sites”

      1. Aland said on September 24, 2015 at 9:41 pm
        Reply

        I’m having the same problem with SonicWall bocking NIRSOFT and made a request to have it removed.
        I interpret the following response as the request being unsuccessful:

        —————–
        You submitted the following rating request to SonicWALL CFS Support:
        Rate nirsoft.net as “27.Information Tech/Computers” at 2015-09-24 07:25:14.590

        The request has been reviewed and rated as: “50.Pay to Surf” at 2015-09-24 07:30:15.197

    Leave a Reply