Upcoming Changes to some Nirsoft tools (download now while available)
If you ask Windows professionals and experienced users about tools that they like and use a lot, chance is that Nirsoft and the programs created by Nir Sofer make that top list.
All Nirsoft programs are portable, very functional and easy to use. There are dozens of them for many different purposes like CurrPorts for a quick list of all open ports on the system. SearchMyFiles to locate files on the system or ShellExView to manage Shell extensions easily on the system.
Nirsoft has released security related tools as well, for instance some that display passwords saved in web browsers or email clients.
Downloads of Nirsoft applications or even access to the website may have been blocked in the past by security software installed on the system. I was notified about this by users here on the site who complained about that when I reviewed Nirsoft programs but cannot imagine how much emails Nir Sofer must have received about this on a weekly basis.
A blog post today sheds some light on this and how things have changed in recent time. Google started to tighten the security of the Chrome browser and things started to get worth as a consequence; Nirsoft programs and the website itself were not only blocked by some antivirus applications anymore but also by a browser that is widely in use.
To make matters worse, Mozilla is using Google's Safebrowsing information so that Firefox blocked the same pages and programs as the Chrome browser.
I assumed that the blocking was done in error but Nirsoft seems to believe that this is not the case. While all of the programs can be used for good, some can also be used for bad things such as recovering passwords on a user system without the user knowing about it if access is gained to the data.
Nir Sofer identified the command line versions of his password recovery tools as the main culprits and decided to remove the command line options from these tools.
He hopes that the removal will lead to less blocking of programs and the website itself by antivirus software which in turn may lower the chance that Google Chrome and Mozilla Firefox do the same thing.
Now, these command line tools are not gone and the current plan seems to be to move them to another website instead to avoid them having an impact on the main Nirsoft website.
It is not clear when the changes will be carried out. For now, you can still download the programs from the Nirsoft website and if you rely on them, may want to do so especially if you require the command line version of these tools. The easiest way to do that is to download the NirLauncher Package from here.
You may get an error here depending on which browser you use. Firefox refused the download for instance as you can see on the screenshot above. If you use Firefox, you can disable Google's Safe Browsing for example and Chrome users can do the same in their browser.
Interesting article.
If anyone is still following this article, I just tried to get to the site today, where I have gone to it previously but not for some months.
Now, it is blocked from that side, with the following window:
This site has been blocked by the network administrator.
URL: http://www.nirsoft.net/
Block reason: Forbidden Category “Pay to Surf Sites”
I’m having the same problem with SonicWall bocking NIRSOFT and made a request to have it removed.
I interpret the following response as the request being unsuccessful:
—————–
You submitted the following rating request to SonicWALL CFS Support:
Rate nirsoft.net as “27.Information Tech/Computers” at 2015-09-24 07:25:14.590
The request has been reviewed and rated as: “50.Pay to Surf” at 2015-09-24 07:30:15.197
Running Win7x64 Home and Fx 32.0.3, I had no trouble downloading the Nirlauncher Package from
http://download2.nirsoft.net/nirsoft_package_1.19.1.zip . Extracting it caused Microsoft Security Essentials Prerelease to pop a warning message on 5 of the files. I simply closed each warning message by clicking its “X”. I later opened MSEP and allowed each of those files to be ignored by MSEP. I did not know of many of the files in Nirlauncher Package, and of those I’ve now tested, they all work very well. Thanks for the super tip.
Thanks for the advice! I have 8GB of RAM, and 64-bit browsing is something I always wanted to try, so I installed Pale Moon 64 and ported over my Firefox profile without any problem.
As for plugins, the only ones I wanted were Flash and Silverlight (for Hulu/Netflix/YouTube), and both 64 versions seem to be working perfectly! :)
I’m using a Firefox Persona called “Firefox Carbon” and overall it looks really nice. Plus, this feels more like a web browser to me, and less like… whatever Firefox is in the process of slowly becoming. ;)
64-bit of Pale Moon. I’m on using it on 2 of my systems, and I’m pleased with it.
Haven’t used actual Firefox in a long time.
Honestly, guys, I think this might be the straw that broke the camel’s back.
I think I might finally switch over to Pale Moon.
Does anyone recommend the 32 or 64-bit version of Pale Moon? I’m on Win 7 64-bit Pro.
When I started using Pale Moon as my default browser, I switched from 64-bit Pale Moon to 32-bit Pale Moon because there are still a lot of plug-ins that aren’t offered in 64-bit versions and because I have only 4GB of RAM. I haven’t noticed a big difference between the two, although some people say that 64-bit Pale Moon runs a bit more slowly. I also got the distinct impression that 64-bit Pale Moon used somewhat more baseline RAM than 32-bit does. I’d say if you’ve got ≤4GB of RAM, go with 32-bit Pale Moon, and if you’ve got >4GB and have memory-hogging extensions installed (like AdBlock Plus) and/or tend to run sessions with large numbers of tabs (≥ … 90? 100?), go with 64-bit unless there are some unsupported plug-ins you can’t live without.
By the way, take a look at Pale Moon’s instructions for replicating your Firefox profile in Pale Moon. They’re pretty straightforward. Good luck!
Good for me I’m an advanced user and do not use any firewall (execpt windows’) nor antivirus.
Hail to the freedom and cpu usage = 0%!
Now, Nirsoft could make all it’s tools available for download via torrent. Besides packing them executables with UPX and/or changing it’s .exe signature/header may prevent these antivirus from sniffin them.
NirLauncher is already lacking some proper versions of the password-recovery-tools, i.e. all programs modified on September 17th.
EDIT: Last version before the change:
http://download.nirsoft.net/nirsoft_package_1.18.76.zip
GOGOGOGOGOGOGO!
“password recovery tools”, that is what triggers the malware alerts, Magical Jelly Bean Keyfinder does the same.
Nir Sofer is one righteous coder, I think he should sue for Defamation.
WSCC (which file size on download is smaller than that of NirLauncher Package) is usually updated days after the latest release version of NirLauncher Package. The latter package’s latest version has a perfect detection ratio from VirusTotal.
@Peter CM Pale Moon has no support for Google SafeBrowsing. It is recommended for now to download NirSoft’s programs from browsers that has Google SafeBrowsing disabled, and via download managers.
firefox 30.0.2 downloaded fine
but Malwarebytes Anti-Malware doesn’t like the password thing
Malware Database: v2014.09.23.03
Rootkit Database: v2014.09.19.01
Files: 1
PUP.Nirsoft.AsteriskPasswords, C:\Users\…\Downloads\nirsoft_package_1.18.76.zip, Quarantined, [a966b23f522963d37abaa36fd23357a9],
The latest version of Pale Moon (a Firefox fork) downloaded NirSoft Launcher, GEGeek Tech Toolkit, and WSCC (Windows System Control Center) without a hiccup. Of course, there’s probably no reason for WSCC to get blocked, but I thought I might as well mention it. (This is off-topic, but I’ve had so many fewer problems with Pale Moon than with Firefox since Firefox v. 29 came out that I switched to Pale Moon as my default browser. I guess this download-screening business will soon be one more case in point.)
If memory serves, either Sophos and/or AVG used to consistently quarantine a couple of Sysinternals utilities as malware. (I’m pretty sure one of them was pskill.exe; I don’t remember the other.) I’ve never had that problem with Avast.
You know what? I spoke too soon with respect to Avast. I attempted to download and “install” all of the NirSoft utilities using WSCC, and Avast balked at allowing two of NirSoft’s password-recovery utilities. One of them I was able to download by entering a path exception in Avast, but the utility that allows you to recover passwords for Internet Explorer, Outlook, and MSN (?) Explorer remained a no-go. Because I don’t use any of those programs (except for IE on rare occasions), I wasn’t motivated to press on for a solution.
By the way, I now recall that the other Sysinternals utility that Sophos and/or AVG used to quarantine in addition to pskill.exe was psexec.exe.
Count me in as a fan of Pale Moon. Firefox would not even let me download iTunes today. I had to use IE (uhh!).
Here, I have no problem downloading the ZIP file with Firefox, even if I delete my user profile and reset all settings. So maybe it is no longer blocked by Google? Both checkboxes are checked in the Security tab in the Advance settings. Thanks.
Maybe it is, or it is a new version that has been uploaded. Don’t really know.
Comodo AV typically flags some of his tools. I have to add them to the exclusions.
A good alternative to the NirLauncher Package is the Windows System Control Center (http://www.kls-soft.com/wscc/), which is also a free launcher program that integrates not only all of NirSoft’s tools but also all of Sysinternals utilities. Worth checking out.
With Chrome you can force the blocked download by opening the download folder and forcing download.
Right, good point Ilev!
May be a good time to download the 7.3 version of GE Geek Tech Toolkit:
http://www.gegeek.com/
Even Macintosh anti-virus software sees it as a threat:
http://s28.postimg.org/tdsfuy65p/Screen_Shot_2014_09_22_at_10_51_10_AM.png