Anyone Uses Software from NirSoft Website?

[Boris_yo]

Hello,

I have been using occasionally software from NirSoft website.
What concerns me is this article: https://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/

From one side developer is concerned about his tools as seen here: https://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
From another side it seems strange that he does not address security vulnerability found in his software.

 

[SamirD]

I've used his stuff over the years because it doesn't need an install and pretty much 'just works'.

But to do this, it has to do stuff like call DLLs directly, etc. using unconventional programming methods. The 'best practices' Nazis that control things like anti-virus programs call this malware/virus/etc, so there's a conflict.

Personally, I don't think there's anything nefarious about Nirsoft since they've been around well before ransomware and malware was as 'big business' as it is today. Still, if you're worried, run it in a virtual machine or sandbox it another way.

 

[Nicklebon]

Yawn ... Nothing specific about nirsoft with this exploit. Would pretty much apply to any self contained program that runs as admin from a user owned directory.

 

[SamirD]

Would pretty much apply to any self contained program that runs as admin from a user owned directory.

That's pretty much where I think the issue lies, and as you mentioned it's not specific to Nirsoft or malware--it can be anything that runs this way.