NirBlog

A few years ago, I wrote a Blog post about false positive problems that I have in many of my tools, and I received many responses from users and developers that experience the same problem.
Today the false positive issues still exist, but it seems that people are more aware to the false positive problems, because I get less complaints about virus alerts in my software than what I have gotten in the past.

Some of my tools have 2 different builds – one for using on 32-bit systems and one for using on 64-bit systems.
WirelessKeyView is one of these tools that is available in 2 builds – 32-bit and 64-bit. Both 32-bit and 64-bit builds of WirelessKeyView are compiled with exactly the same code and the same compiler options, and naturally they also do exactly the same actions. The only reason for creating the 64-bit build is because WirelessKeyView injects code into a system process in order to get the wireless keys, and 32-bit process cannot execute code on 64-bit process.

When sending the latest 32-bit version of WirelessKeyView to VirusTotal Web site, it shows false positive alerts from 16 different Antivirus programs:

VirusTotal WirelessKeyView 32-bit

Many people think that VirusTotal Web site can be used to find out whether a software is good or bad. Google probably thinks that too, because just recently they purchased this VirusTotal Web site. But the above sample proves that it’s not correct. WirelessKeyView is a completely legitimate software to get the wireless keys stored on your own system and to move your wireless keys from one compueter to another. As opposed to many other “Freeware” distributers, my software doesn’t send any personal information, doesn’t install any unwanted toolbar/spyware/malware, and doesn’t make any change in the Registry, so there is no any good reason to warn and scare the user who downloads my software.

If the 32-bit version of WirelessKeyView triggers 16 Virus alerts, you may expect that the 64-bit of WirelessKeyView , which is compiled from exactly the same code will also trigger exactly the same 16 Virus alerts.
So here’s the surprise… The number of Virus alerts of WirelessKeyView 64-bit is zero !! Yes, there  is no even a single Virus alert !

VirusTotal WirelessKeyView 64-bit

So what is the explanation for the difference between the alerts of 32-bit and 64-bit  versions ?
Well… This question should be sent to the Antivirus companies… But I have a theory:
Looking in the downloads statistics from the last month (September 2012), the 32-bit version of WirelessKeyView (wirelesskeyview.zip) has been downloaded 313,458 times,
while the 64-bit version (wirelesskeyview-x64.zip) has been downloaded only 50,799 times.
So maybe the 32-bit version of WirelessKeyView get false alerts simply because it’s much more popular than the 64-bit version ?

When a download is more popular, there is an higher chance the somebody will use for bad purpose and the Antivirus company will get a report about that, for example: A person allows his good friend to access his computer, but his friend uses it to run WitelessKeyView 32-bit and get access to some wireless networks that it shouldn’t have access to. When this person discovers that his wireless keys have been stolen by his “friend”, he send a complaint to the Antivirus company with a sample of WitelessKeyView. In the next day, the people of the Antivirus company decide to set an alert for WitelessKeyView in order to prevent future wireless key stealing.  But now many people who want to download WirelessKeyView 32-bit for good purpose, like recovering their own wireless key or moving it to another computer, get a warning from their Antivirus software or from VirusTotal Web site, without understanding the reason of getting this alert.
On the other hand… if somebody tries to use WitelessKeyView 64-bit for bad purpose, the Antivirus won’t show any alert, simply because the 64-bit version is less popular and nobody complained that it has been used to steal wireless keys.

Just a guess…

Recently I purchased a digital signature and both 32-bit and 64-bit builds of WirelessKeyView are signed with it. Some people told me that signing the .exe files will decrease the false positive alerts. So is it really help ?   Maybe a little. I checked an older version of WirelessKeyView (32-bit), and VirusTotal shows 23 alerts:
https://www.virustotal.com/file/bb9bb534858fb79cb58b4a5411edd59c1b8b3390eb11635294f606f9950c595c/analysis/1349885723/

So 16 alerts is a little better than 23 alerts, but it’s still too much.

Finally, here’s 2 small articles related to false positive issues posted on other Web sites:

False Positives by some random antivirus vendor

The Funny World of Virus Scanners

WinsockServicesView is a new  utility that displays the details of all Winsock service providers installed on your system. For every Winsock service, the following information is displayed: Display Name, Status (Enabled/Disabled), DLL Type (32-bit or 64-bit), DLL Filename, DLL Description/Version, and Created/Modified Time.
WinsockServicesView also allows you to easily disable/enable a Winsock service provider.

WinsockServicesView

For more information about this new utility, click here.

WifiInfoView is a new utility for Windows 7/Vista/2008/8 that scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name (Only for routers that provides this information), and more…

When you select a wireless network in the upper pane of this tool, the lower pane displays the Wi-Fi information elements received from this device, in hexadecimal format.

WifiInfoView

WifiInfoView also has a summary mode, which displays a summary of all detected wireless networks, grouped by channel number, company that manufactured the router, PHY type, or the maximum speed.
For example, in the screenshot below, you can see that there are 25 wireless networks that use channel 6, 10 wireless networks that use channel 10, and so on….

Wi-Fi Channels Summary

You can download this new tool from the bottom of this Web page.

BrowsingHistoryView is a new utility that reads the history data of 4 different Web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Safari) and displays the browsing history of all these Web browsers in one table.
The browsing history table includes the following information: Visited URL, Title, Visit Time, Visit Count, Web browser and User Profile. BrowsingHistoryView allows you to watch the browsing history of all user profiles in a running system, as well as to get the browsing history from external hard drive.
You can also export the browsing history into csv/tab-delimited/html/xml file from the user interface, or from command-line, without displaying any user interface.

You can download this new utility from this Web page.

BrowsingHistoryView

MultiMonitorTool is a new tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do these actions from the user interface or from command-line, without displaying user interface. MultiMonitorTool also provides a preview window, which allows you to watch a preview of every monitor on your system.

MultiMonitorTool

You can download this new tool from this Web page.

FolderChangesView is a new tool that monitors the folder or disk drive that you choose and lists every filename that is being modified, created, or deleted while the folder is being monitored.
You can use FolderChangesView with any local disk drive or with a remote network share, as long as you have read permission to the selected folder.

FolderChangesView works on any version of Windows, starting from Windows 2000 and up to Windows 8, and both 32-bit and 64-bit systems are supported.

FolderChangesView

You can download this new utility from this Web page.

RTMPDump toolkit is a quite impressive open source project that allows you to download RTMP video/audio streams. However, using this tool under Windows operating system is not very easy.

My new utility, RTMPDumpHelper, is exactly what need in order to easily download  RTMP streams with RTMPDump toolkit under Windows operating system.  By combining this utility and the proxy server of RTMPDump toolkit, you can simply open a Web page containing RTMP video stream in your favorite Web browser, and while watching the video, it’ll be saved to your disk automatically as .flv or .mp4 file.

RTMPDumpHelper and RTMPDump toolkit

You can download my new RTMPDumpHelper utility from this Web page.

The RTMPDump toolkit is available to download from this Web page.

The new version of SysExporter utility (v1.60) allows you to grab data from Explorer windows that display files and folder under Windows 7 operating system.

The Explorer windows of Windows 7 appears in SysExporter as a type of ‘DirectUI’.

SysExporter on Windows 7

OutlookAddressBookView is a new utility that displays the details of all recipients stored in the address books of Microsoft Outlook. For every recipient entry, the following information is displayed: Email Address, Display Name, Address Type (MS-Exchange or SMTP), Street Address, Phone Number, Created Time, Modified Time (Works only with address books of Exchange server), and more…
You can easily select one or more recipients from the list and export them into tab-delimited/comma-delimited/xml/html file, or copy them to the clipboard and then paste the list into Excel.

OutlookAddressBookView

You can download this new tool from this Web page.

NetBScanner is a new network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address).
NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

NetBScanner

You can download the new NetBIOS scanner tool from this Web page.