New tool that lists all files opened by other computers on your network

February 6th, 2016

NetworkOpenedFiles is a new tool for Windows that displays the list of all files that are currently opened by other computers on your network. For every opened filename, the following information is displayed: Filename, user name, computer name (On Windows 7/2008 or later), Permissions information (Read/Write/Create), locks count, file owner, file size, file attributes, and more...

NetworkOpenedFiles

NetworkOpenedFiles

 

You can download this new tool from this Web page.

 

New tool that shows the history of connections to wireless networks on your computer

January 9th, 2016

WifiHistoryView is a new tool for Windows 10/8/7/Vista that displays the history of connections to wireless networks on your computer. For every event that the computer connected to a wireless network or disconnected from it, the following information is displayed: The date/time that the event occurred, network name (SSID), profile name, network adapter name, BSSID of the router/Access Point, and more...
WifiHistoryView can read the wifi history information from a running system or from external event log file of another computer.

WifiHistoryView

WifiHistoryView

 

You can download this new tool from this Web page.

 

New utility that displays the details of all MMC snap-ins installed on your system

December 1st, 2015

MMCSnapInsView is a new tool for Windows that displays the details of all MMC snap-ins installed on your system, including name, description, CLSID, dll file, product name, company name, file version, and more...
You can also select multiple MMC snap-ins and then open them in the MMC application.

MMCSnapInsView

MMCSnapInsView

You can download this new tool from this Web page.

 

Antivirus statistics and scores according to false positives of NirSoft tools

October 18th, 2015

As you may know, some of the powerful tools on NirSoft Web site, especially the tools that recover passwords, are constantly targeted by many Antivirus programs.
In order to find out which Antivirus programs cause more troubles with the tools of NirSoft, I decided to generate a report with the number of false positive alerts of every Antivirus program. I have created a small program that downloads the Antivirus scans result of all .exe files of NirSoft from VirusTotal Web site and then processes the collected information and generates the desired report. I have also decided to generate score for every Antivirus program according to their false positive issues.

Before I continue with more information about this report... let me say a few words about the term "False Positive": There are people who say that I don't use the term "False Positive" correctly, simply because the alerts about my tools are not a mistake and the Antivirus programs have to display an alert about a program that can be used by hackers for bad purposes (like my password-recovery tools).
So here's my opinion.... It's somewhat legitimate that Antivirus program will display a warning about my password-recovery tools, as long as it's done with full explanation about the alert, which means that the Antivirus program must explain the user that the program is completely legitimate and it's not bad by itself, but it can be also used by hackers to steal passwords and that's why the warning is displayed.
Also... the alerts on password-recovery tools should not be detected in VirusTotal Web site, unless this Web site will start to make full separation between Viruses/Trojans/Malwares and non-malicious tools, so people who check the file in VirusTotal will not think that my tool is an horrible  Virus.

Unfortunately, Antivirus programs and VirusTotal Web site don't provide clear explanation about the alerts they display and many people are confused, thinking that my tools are infected with Virus/Trojan, and As long as there are users who think that my programs are infected, I consider it as a "False Positive". The right definition of "False Positive", in my opinion, is a situation that a user thinks a file is infected with a Trojan/Virus/Malware according to an alert displayed by Antivirus software, while the file is not infected at all.
It doesn't really matter that the Antivirus developers only wanted to warn the user about a software that can be used by hacker, if the Antivirus program doesn't deliver the message to the end user correctly, then it' still a false positive.

It's important to say that some of the Antivirus programs imply that my tools are not a Virus by adding "not-a-virus" or "Hacktool" or "Riskware" strings to the alert name, but many
users don't understand the meaning of these strings and still think that the file is infected. Nevertheless, in my score calculation , Antivirus programs that do it got an higher score.

Explanation about the report

The report contains 6 columns and one line for every Antivirus software/engine, here's the description of every column:

  • AV Name - The name of the Antivirus
  • Total Alerts - The total number of NirSoft files that the specified Antivirus display alerts.
  • No Virus - Number of alerts that contain the following strings, implying that NirSoft software is not a Virus/Trojan/malware: not-a-virus, tool, pup (potentially unwanted program) , pua (potentially unwanted application) , riskware, unwanted, passwordrevealer, not  malicious, passwordviewer
  • NO PR - Number of alerts for programs that are not a password recovery tool.
  • Trojan Alerts - Number of alerts that contain the following strings, implying that NirSoft software is a Virus/Trojan (So these alerts are severe false positives): trojan, spyware, malware, adware.
  • Score - Total score calculated for this Antivirus. Read the 'How the score is calculated' for more information.

 

How the score is calculated

Here's a full explanation about how the Antivirus score is calculated:

  1. Every Antivirus engine starts with 100 points.
  2. For every alert displayed for a password-recovery tool, 1.5 points are reduced from the Antivirus score.
  3. For every alert displayed for a tool that doesn't recover passwords, 3 points are reduced from the Antivirus score.
  4. When one of the following strings appear inside the alert name, 0.5 points are added to the Antivirus score: not-a-virus, tool, pup (potentially unwanted program) , pua (potentially unwanted application) , riskware, unwanted, passwordrevealer, not malicious, passwordviewer
    That's because the Antivirus does a good thing here, implying the my tool is not a Virus/Trojan/Malware.
  5. When one of the following strings appear inside the alert name, 5 points are reduced from the Antivirus score: Trojan, spyware, malware, adware
    That's because the Antivirus does a bad thing here, implying the my tool is a Trojan/malware, which is completely a lie.  Comodo, for example, displays 'UnclassifiedMalware' alert for 11 NirSoft files, which is totally misleading, because the "Malware" term is mostly used for programs that are designed to be bad , and  that's why they got very low score.
    ViRobot and Antiy-AVL also got low score from the same reason.

Example for score calculation

AVG display alerts for 13 files, 12 of them are password recovery tools, so 1.5 * 12 = 18 points are reduced, 1 tool is not password recovery, so additional 3 points are reduced.
All 13 alerts contain 'hacktool' and 'passwordviewer' strings, so 13 * 0.5 = 6.5 points are added.

100 - 1.5 * 12 - 3 * 1 + 13 * 0.5 = 85.5

 

Finally... Here's the report.

The report is based on Virus scanners results downloaded from VirusTotal on October 4, 2015. The NirSoft files taken from NirLauncher package 1.19.53. Be aware that Antivirus signatures changes every day, so it's possible that if you check the virus alerts from today you'll get a little different result. You can download a csv file containing all alerts found on this day from here. This file contains the Antivirus Name, the alert name, the NirSoft file that triggered the alert and the SHA-256 hash of this file, and you can optionally view this file with CSVFileView...

The good news in this report is that there are 12 Antivirus engines without any false positive and they got the best score possible (100)
The bad news - There are 2 Antivirus engines that show alerts for more than 100 files of NirSoft (!!) - Bkav and TheHacker, and they got very low negative score...

AV Name Total Alerts No Virus NO PR Trojan Alerts Score
AegisLab 0 0 0 0 100
Alibaba 0 0 0 0 100
ALYac 0 0 0 0 100
ByteHero 0 0 0 0 100
ClamAV 0 0 0 0 100
Emsisoft 0 0 0 0 100
Panda 0 0 0 0 100
Qihoo-360 0 0 0 0 100
Tencent 0 0 0 0 100
TotalDefense 0 0 0 0 100
VBA32 0 0 0 0 100
Zoner 0 0 0 0 100
nProtect 1 0 0 0 98.5
Microsoft 3 3 0 0 97
F-Prot 2 1 1 0 96
Avira 5 1 0 0 93
Cyren 5 0 1 0 91
Agnitum 9 9 0 0 91
AhnLab-V3 9 9 0 0 91
CMC 6 5 2 0 90.5
Ikarus 5 4 0 1 89.5
Baidu-International 6 6 2 1 86
Kingsoft 8 2 2 0 86
AVware 3 0 0 2 85.5
AVG 13 13 1 0 85.5
Ad-Aware 10 0 0 0 85
BitDefender 10 0 0 0 85
F-Secure 10 0 0 0 85
MicroWorld-eScan 10 0 0 0 85
Jiangmin 3 1 1 2 84.5
Zillya 10 9 0 1 84.5
Avast 14 14 1 0 84.5
Malwarebytes 11 11 4 0 83
Kaspersky 16 16 2 0 81
K7AntiVirus 17 16 2 0 79.5
K7GW 18 17 2 0 78.5
Rising 6 1 3 2 77
VIPRE 10 7 1 2 77
SUPERAntiSpyware 15 14 2 1 76.5
CAT-QuickHeal 21 21 3 0 74.5
GData 16 2 0 1 72
Fortinet 22 22 4 0 72
NANO-Antivirus 12 9 0 3 71.5
DrWeb 16 15 5 1 71
Symantec 20 14 4 0 71
McAfee-GW-Edition 24 21 4 0 68.5
McAfee 21 10 4 0 67.5
Arcabit 12 0 0 3 67
TrendMicro 24 0 3 0 59.5
ESET-NOD32 26 16 8 0 57
TrendMicro-HouseCall 25 0 5 0 55
ViRobot 12 5 2 7 46.5
Sophos 34 32 19 0 36.5
Comodo 13 2 0 11 26.5
Antiy-AVL 27 19 7 13 -6.5
TheHacker 113 0 104 1 -230.5
Bkav 175 0 162 175 -1280.5

 

It's possible that I'll generate another  false positives report within a few months in order to check whether the Antivirus companies improve their software or they are getting worse...

 

 

New utility that runs a program with different settings you choose.

October 11th, 2015

AdvancedRun is a new tool for Windows that allows you to run a program with different settings that you choose, including - low or high priority, start directory, main window state (Minimized/Maximized), run the program with different user or permissions, Operating system compatibility settings, and environment variables. You can also save the desired settings into a configuration file and then run the program automatically from command-line with the desired settings.

AdvancedRun

AdvancedRun

Here's some examples of what you can do with AdvancedRun:

  • Run the RegEdit of Windows as normal user on Windows 10/8/7/Vista, without elevation. In this mode, you'll not be able to access or modify Registry keys that require admin rights.
  • Run the RegEdit of Windows as SYSTEM user on Windows 10/8/7/Vista. In this mode, you'll be able to access the HKEY_LOCAL_MACHINE\SECURITY key.
  • Run a program with a user of another running process.
  • Run a program in high priority.
  • Run a specific instance of program in Windows XP compatibility mode, without making global changes in the Registry.
  • Run a specific instance of program with different PATH environment string, but without modifying the PATH string of the entire system and without using batch files or command prompt window.
  • Run a program with a full set of environment variables you choose, ignoring the system environment variables completely.

You can download this new utility from this Web page.

 

New utility that shows all tasks from the Task Scheduler of Windows Vista/7/8/10

July 11th, 2015

TaskSchedulerView is a new tool for Windows Vista/7/8/10 that displays in a single table the list of all tasks from the Task Scheduler of Windows. It also allows you to easily disable/enable mutiple tasks at once. For every task, the following information is displayed: Task Name, Description, Status, Hidden (Yes/No), Last Run/Next Run Times, Task Folder, EXE filename or COM handler of the task, number of missed runs, and more...

TaskSchedulerView

TaskSchedulerView

You can download this new tool from this Web page.

 

New utility that displays the result of WMI queries in a simple table

May 7th, 2015

SimpleWMIView is a new tool for Windows that displays the result of WMI queries in a simple table, and allows you to easily export the data to text/csv/tab-delimited/html/xml file, or to copy the selected items to the clipboard and then paste them to Excel or other spreadsheet application. With SimpleWMIView you can get extensive information about your system, like a list of running processes, services, drivers, user accounts, hardware, and so on...
SimpleWMIView works on any version of Windows, starting from Windows XP and up to Windows 10 and  both 32-bit and 64-bit systems are supported.

SimpleWMIView

SimpleWMIView

You can download this new tool from this Web page.

New utility that displays the AntiVirus/AntiSpyware/Firewall programs registered with the security center of Windows

April 27th, 2015

SecuritySoftView is a new tool for Windows that displays the AntiVirus, AntiSpyware, and Firewall programs that are currently installed on your system and registered with the security center of Windows operating system.  This tool works on any version of Windows, starting from Windows XP and up to Windows 10, and both 32-bit and 64-bit systems are supported. However, on Windows XP, SecuritySoftView displays less information than Windows Vista or later.

SecuritySoftView

SecuritySoftView

 

You can download this new tool from this Web page.

New utility that displays firmware tables

February 1st, 2015

FirmwareTablesView is a new tool for Windows that displays a list of firmware tables (ACPI, SMBIOS) stored on your system. You can view the content of these tables in Hex-dump format and export them to a binary file.

FirmwareTablesView

FirmwareTablesView

 

You can download this tool from this Web page.

New utility that shows general information and statistics about current wireless connection

January 18th, 2015

WirelessConnectionInfo is a simple tool for Windows Vista/7/8/2008 that displays general information and statistics about the active wifi connection, including the SSID, BSSID, PHY Type, Signal Quality, Receiving rate, Transmission Rate, Authentication Algorithm, Channel Number, Total number of transmitted/received frames, and more...

 

WirelessConnectionInfo

WirelessConnectionInfo

 

You can download this new tool from this Web page.