Every day we offer FREE licensed software you’d have to buy otherwise.
Hard Disk Sentinel Standard 5.30 was available as a giveaway on July 24, 2019!
Detect Hard Drive Issues Before Catastrophe Strikes. With Hard Disk Sentinel, you'll always have a complete overview of your hard disk drive's health, so you can spot potential problems before they result in an irrecoverable data catastrophe. Hard Disk Sentinel is your key to identifying, testing, diagnosing, and repairing hard drive problems, even with Solid State Drives.
With Hard Disk Sentinel, you can instantly see reports detailing the total health of your drive, including temperature, self-monitoring data, transfer speeds, and more. Any deviation in these factors could be an early warning sign of impending drive failure! Hard Disk Sentinel also works on hard disks that are being used in external USB or e-SATA enclosures and RAID controllers. No need to use separate tools to verify internal hard disks, external hard disks, SSDs, disks in RAID arrays as these are all included in a single software. If your data is important, you owe it to yourself to get a copy of Hard Disk Sentinel today!
NB: For those who have 'file corrupted' error:
This problem is due to our software wrapper that limits the program activation to 24 hours. In this case, you may try using the following:
1) disable the anti-virus suite and restart the computer. You need to disable all the anti-virus systems if you have more than one installed. Make sure it won't start automatically with the computer.
2) download the program archive once again and extract the contents to a dedicated folder
3) carefully follow the installation instructions in the readme.txt file.
4) please mind that all the files have been checked for viruses before the program goes live, so you can be sure that the installer is 100% clean.
Windows 95/ 98/ 98 SE/ ME/ NT4/ 2000/ XP/ 2003/ 2008/ Vista/ 7/ Home Server/ 2012/ 8/ 8.1/ 10; Pentium or compatible CPU; 64 MB of system memory; HD: 30 MB
26.9 MB
$19.50
Order Hard Disk Sentinel PRO with 45% discount for 1 computer, OR for 5 computers, Family license.
Downloaded the free trial on the 24th, but it was asking for a registration key to activate it!? How do I go about getting the registration key? Thanks.
Save | Cancel
Downloaded and installed without a problem...It works exactly as described...Brilliant !!... Still time guys download and install asap
Save | Cancel
Seriously Apart form an AntiVirus/Malware program The HDS Pro Version is the very next thing people should buy and install.
I've bought 3x Family Licenses (1x Given to a good Friend, 1x given to an Relative & one for my home useage).
Of course even v5.40 could use a tweak or two, BUT - You'll NEVER REGRET Buying a HDS Pro License.
Disclaimer: I'm NOT Paid to spruik (promote) the product, but as a paid license owner, I just love what it does including giving PEACE-OF-MiND, and find it THE MOST iNVALUABLE TOOL for a WiNDOWS PC
Save | Cancel
Be sure to poke around in configuration/preferences. Lots of settings.
Save | Cancel
Smooth, problem-free install on Win 10. Thanks...
Save | Cancel
This seems to be easy to make portable like... Install it using the giveaway installer to any location you like... copy the Program Files sub folder for the program over to the removable media and if you want uninstall from the main system. The program will run ok as activated from the removable media on any supported operating system with an available administrator account and it apears to be portable IF you do not install the HD Sentinal Service using the configuration menu Integratio option Use As Service... because when you remove the removable drive the service will fall over.
Save | Cancel
On the features pages the developer invites ideas and suggestions for improvement... Well most of you know me by now *grins*
To the developer:
On the drive surface test you could completley avoid the bottleneck of checking a drives surface when attached by a slower data connection like any modern SSD in a USB caddy or a SATA III SSD plugged into a SATA II or even a SATA I port. Currently you do normal READ commands which means the data has to pass over the slower bus technology before you can get the answer of the status flags... But there is a command READ VERIFY SECTOR(S) – 40h and READ VERIFY SECTOR(S) EXT – 42h that performs the IDE VERIFY command solely on the drives firmware and then provides the flags to tell you if the command completed with or without error. Avoiding the redundant transfer of the data for the vast majority of the sectors ... You'd only need to read the real data if you detect there was a successful verify read but it was ECC corrected indicating the sector has damage but so far it's correctable... you'd then read the data that's been ECC corrected and then write it back to the same sector and try re-reading it to see if it still had to be ECC corrected again and decide what to do about it if the sector is still showing signs of ECC correctable damage...
Save | Cancel
when I download the zip, it only contains the GAOTD installer, not Hard Disk Sentinel. What's going wrong?
Save | Cancel
installed without a problem,
Thank you!
Save | Cancel
I like HDS. Thumbs up !
Save | Cancel
An excellent program, very easy to install. I have used it a year or more. With four HDD of different ages installed it is essentiel to know the condition, teperature etc. HDS solve this the best way.
Save | Cancel
I originally got this as a giveaway, and liked it enough to buy the lifetime "Family Pro 5 pack" and installed it on every machine here.
Just a really good unobtrusive program to keep an eye on your disks and even display the internal temperature of all the drives in the system on your taskbar (if you so wish). My Pro version displays total on time and data written (and total start/stop count for spinning disks) and even predicts life expectancy for every drive it can see on your machine. Plus it will do all kinds of disk tests, both non-destructive (all data is maintained) and destructive (all data is overwritten).
Current Pro version is 5.5, just recently updated.
I have recommended this to friends and business associates.
Save | Cancel
Can we see somewhere the differences between Professional and Standard versions?
Save | Cancel
IVAN, there is a comparison matrix on the page:
https://www.hdsentinel.com/store.php
Save | Cancel
Seems to work, can be very useful. Thanks~~ win 10x64
Save | Cancel
I have the programme on my XP computer, but since it says it works on Win 98 I downloaded the zip and transferred it to my 98 computer (which is not connected to the internet and has no anti-virus) where I unzipped it and read the readme.
I then pressed setup.exe and a message appeared that setup.exe needs a later version of Windows! (and asks me to upgrade my windows).
I specifically want win98 and nothing later on that computer. Either it does work on win 98 or it does not, why mislead people and waste their time?
Save | Cancel
I haven't used Win 98 for years. There maybe a compatibility mode available when your right-click on the shortcut.
Save | Cancel
Installs ok on one W10 PC but not on another (both ver.1903)- "Activating > Giveaway of the Day > failed to connect."
Both only use Windows Defender.
Save | Cancel
Stewart, what firewall is active on that computer? Have you installed a a third party enhancment to windows firewall like the free TinyWall for example as it re-writes the windows firewall rules to block any new exectuables access to the network until specificaly instructed by the user to permit internet access. I mention TinyWall specifically as that windows firewall enhancements developer beliberately designed it to NEVER produce an alert that a program is trying to access the internet and just silently blocks it and you'd only ever find out that it needed the internet by the program being run reporting an error like you reported. I know this from direct experience and eventually removed TinyWall because I got fed up with having to diagnose program failures which kept on turning out to the programs being siently denied internet access.
Save | Cancel
That sounds like an internet problem - "failed to connect"
Save | Cancel
Do yourself a favor and buy the professional version, particularly if you have any spinning hard drives.
Reasons:
1. The professional version of the software will not only alert you if a drive is going bad, but can also email you (I have not tried this feature).
2. You can do a surface test using a variety of methods, which can find and even rescue the data from bad sectors. ONE of the methods is not destructive - after overwriting a sector to test it, it puts the data back, so you don't lose it. I do this on every new hard drive in order to weed out any bad drives before putting them into service.
3. Support is excellent. The author of the software responds quickly to issues. I had a new Kingston drive that was reported as being at the end of life, based on the data it reports. It turns out that the way Kingston reports lifespan in its SMART data is different than most. When I emailed the author about this, he fixed the problem within a couple days.
This software has saved my bacon several times, and is the first piece of software I install on the computers I operate.
Save | Cancel
S. Pupp, Agree with you. The program warned me about an external HD. It was down to 42%. I immediately made a backup. 3 days later it stopped working. Saved me a lot of jobs.
Save | Cancel
S. Pupp, The giveaway licensed edition also has email settings too and shows no indication that any of it is disabled in the standard edition license.
See https://www.hdsentinel.com/hard_disk_sentinel.php?page=features
"Alerts
Hard Disk Sentinel has wide range of alerts upon different problems. It can send e-mail (with e-mail->SMS gateway it can be SMS warning to your mobile), network message, can play sound alerts and so.There is an option to send daily emails about current status."
Save | Cancel
Saved more than one of my drives too!
Save | Cancel
This is a good app that I primarily use to monitor conventional hard drive temps when using a USB drive dock -- without active cooling [i.e. a fan] they can get hot enough to become unreliable &/or damage the drive. It does a lot of other stuff too, but for a quick review of S.M.A.R.T. data the free, portable Crystal Disk Info is lighter weight, e.g. quicker to start up & close. I use CPUID HWMonitor for CPU temp & %, & it also shows internal drive temps, so while the taskbar display of temps that Hard Disk Sentinel provides is nice, for me it's unneeded.
Save | Cancel
I was not aware that the themidia wrapper functioned under Windows 95/98/98 SE and ME... or are the inclusion of not NT based windows version there in system requirements just for amusement value?
Save | Cancel
TK, For amusement only. See my comment no. 14/
Save | Cancel
Zen , Thanks I suspected as much... you can also use innoextractor to extract the contents of most inno installers which their downloadable installer is one. Then copy the entire extracted contents to the windows 98 machine and try running the HDSentinel.exe trial executable under windows 98 just to be sure it was not a problem with the setup program itself... Though from my examination of the programs executables they are configured to need at least Windows NT 4.0 to have a chance of running which excludes all the non-NT versions of windows.
Save | Cancel
Installer doesn't errrr actually install the program, but says it has been activated successfully!!! Total waste of time.
Save | Cancel
Datsun, IMPORTANT: Please note that due to the software wrapper, developed by GOTD Team, that limits software ativation to 24 hours only, your installation might be blocked by your antivirus (AVG, Avast or Kaspersky)!
In order to install the program, you'll have to temporally disable your antivirus.
If you have Kaspersky antivirus, please disable it and restart the computer.
Please make sure it won't start automatically with the computer.
Now please download the program archive once again and try to install it.
Be sure, all installers are always tested on virustotal.com and are virus free.
We apologize for inconvenience!
Save | Cancel
Alexa, I am perfectly aware of everything you say, as i have been using software from your site for years, normally without issue. However today, this is not working. I stand by what i said earlier.
It is not the latest version anyway, so i will leave it. Thanks
Save | Cancel
It seems the latest version is 5.50, not this one
Save | Cancel
frank, where does it say that I said it's a waste of time ? I was merely stating fact . And who says the Pope is infallible ?
Save | Cancel
frank, It wasn't Mark, it was me that said it was a waste of time.....credit where it's due!!
Save | Cancel
Mark Campbell, I'd say only cult members claim or are conditioned to think their human leader is infalible.
Save | Cancel
Is this any different to version 4.71 that was a giveaway more than 2 years ago ?
Save | Cancel
Mark Campbell, You have to read here: https://www.hdsentinel.com/rev_previous_versions.php
Save | Cancel
This is great Hungarian software. I'm proud of my compatriots who created it! :)
Save | Cancel
frank, is that the only thing you know of Hungary, how sad... Well now you know that have a software devleoper or two too :-)
Save | Cancel
frank, Then it's time to expand your knowledge!
https://hu.wikipedia.org/wiki/Kateg%C3%B3ria:Magyar_feltal%C3%A1l%C3%B3k
Save | Cancel
For the first time, a program from GOTD fails to install. Says "Failed to Launch the Program."
Save | Cancel
Actually use the free one you get after the premium trail ends. Not bad software at all but I mostly use it to see my drive temps in storage tray. If you own a M.2 drive something like this can be very handy. As for monitoring beyond just generic read/write totals it doesn't have much to offer in terms of drive life. A lot of software out there for this kinda thing but in reality they all have a limited usefulness.
Bad sectors can give you a heads up if something is wrong but most drives never show any odd behavior/symptoms before they crash putting into question the usefulness of all software of this type. The software at it's core just reads total hours/boot cycles/reads writes and compares it to the frequency at which most drives crash under those same conditions to give a fair estimate of life left in the drive.
Save | Cancel
Clinton,
"... I mostly use it to see my drive temps in storage tray. If you own a M.2 drive something like this can be very handy."
FWIW... While it won't work for drives connected via USB, I find CPUID HWMonitor handier since it shows some system data as well. I've also used its drive tests on occasion & found them useful.
Save | Cancel
mike, are you sure CPUID HWMonitor won't work for drives connected via USB? I have it installed on Windows 10 laptop and it's showing the model name and Temperatures and space utilization for the drives when they are connected with one of two different Chinese cheap SSD drives in an old USB 2.0 caddy and the program apparently made all the same discoveries about those USB connected drives and the internal Sandisk SSD drive. Maybe your USB caddy uses a different bridging protocol? This older one uses "USB Mass Storage Device" as opposed to the newer UASP bridging devices.
Save | Cancel
For regular user it is not easy task to disable Windows Defender on Windows 10. There is no more option to turn it off on settings. Windows 10 Pro users can use "gpedit" to disable it. However Home version does not have "gpedit" function. There is a workaround to add "gpedit" function to Home version. You have to google it, if you want to do it.
j.
Save | Cancel
Jermin,
"... it is not easy task to disable Windows Defender on Windows 10. There is no more option to turn it off on settings. Windows 10 Pro users can use "gpedit" to disable it."
windowscentral[.]com/how-permanently-disable-windows-defender-windows-10
FWIW also check the running processes when Defender's turned off. It's been quite a while, but when I checked win10 ran another, lighter weight Windows security app/process instead. That's one of the things that prompted me to install 3rd party security software that could be turned on/off, but that solution won't work today with 1903 -- Defender will turn itself off when you have other security software installed, but now it will turn back on if that software is either not running or has not been updated.
Save | Cancel
been using the Pro version of HDS for years...works great,never had a problem
Save | Cancel
This is a well-established program with a good reputation. If all you want to do is keep an eye on the temperature of your main drive, it's more than you need, but it's excellent if you're interested in lots of details.
Save | Cancel
David J Wilson, It does make a significant logical mistake with SSD drives in a USB caddy... it wrongly lists the drive as supporting TRIM and all the other attributes of TRIM and claims that the Operating System supports TRIM and it's enabled... All are individually true BUT because its in a USB caddy there is no passthrough for the ATA TRIM command that Windows knows to do on any ATA interface. It also fails if a UASP bridging USB chipset is used as they do not have the inteligence to translate the SCSI Deallocate command, which is SCSI equivilent of ATA TRIM command, into the often manufacturer specific TRIM commands... different SSD manufacturers have different requirements to impliment the TRIM protocol and windows has to ask the drives how many sectors can be TRIMed at one time and what size the physical sectors are etc. Simple but accurate rule of thumb if an SSD drive is in a USB caddy of any kind unless the manufacturer can prove otherwise TRIM will never be applied to that SSD while it is in the USB caddy. The same should be true under linux too as the USB-SATA bridging chipsets non-upgradable firmware has no way to know what to do with it.
Save | Cancel
I don’t like at all to disable the anti-virus program, though it has been necessary if you should download software from GOTD, and I don’t know why. Can someone tell me? It is a potensially hazard, and for myself I don’t download software from GODT any more, if it is not from a developer Ii really trust.
Save | Cancel
Kjell, though all the anti-virus programs operate on the basis of data that they have collected from constant research over a period of time, that data need not be comprehensive. since thousands of programs (from all types of resources/sources) flood the software domain every day. In order to be effective and used extensively, the a-v programs adopt the principle of "guilty unless proved innocent" and that is the reason you get the warnings from those programs. The a-v programs themselves call these "false positives" .......... From whatever I have experienced, the downloads have not been prevented, but the installations have been. One method that I have used is to disable the a-v programs for 10 mins, download and install and re-enable the a-v. The a-v programs themselves have this feature of limited time non-deployment.... Your method of using the software only from the trusted sources is the best, but others are not that dangerous ....
Save | Cancel
Kjell, most software of this type has to hook into the operating system to function correctly. Malware does the same thing and if it manages to do so than it becomes a lot harder to detect and remove. For this reason several anti-malware programs absolutely reject virtually any program that attempt to do this regardless of reason. In generally it's not a good idea to do this but there is still options to see if it's safe beforehand.
You can always download said program to your computer (with anti-malware software running) than upload the program to virus total to see what they thing about it. Odds are if virus total says the software is clean than it is some antiviruses used can false positive a legitimate program from time to time tho. As long as you do not attempt to run an infected application it really doesn't offer much risk sitting on the drive.
It's only when the program has been launched (at least once) can it do any damage to the system short of a OS exploit where it can auto launch itself (or part of it) and pin itself into the bootloader so it launched on next reboot. This is extremely unlikely even for 99% of malware out there.
Save | Cancel
Kjell,
"I don’t like at all to disable the anti-virus program, though it has been necessary if you should download software from GOTD, and I don’t know why. Can someone tell me?"
1st, it Is Not Always necessary to turn off security software -- I've only had a problem with Defender once or twice, Never had a problem with McAfee, Never with Security Essentials in my win7 VMs, with BitDefender only rarely, & Never with the free version of Kaspersky I ran in a VM for a year. I run the free version of AVG in my XP Pro VM, and I have to turn off real time scanning there to install a GOTD in the wrapper, not because it won't work, but because it slows things down Far Too Much.
Why does some security software object? The methods employed by the GOTD wrapper are also employed by some malware. Windows itself, and all consumer security software make compromises for the sake of usability -- the better your security apparatus, the more inconvenient it is. Some security software presumably doesn't want to compromise when it comes to the GOTD wrapper. And the developers of some security software are no doubt too lazy to try to write code to try to tell the difference between the GOTD wrapper & malware. Then there's also Virus Total... many [most?] security software companies automatically add detection for any new malware uploaded to that database, because you always want the latest protection ASAP, and they only check out those new additions later on. I *think* that's why software like BitDefender occasionally will block the GOTD wrapper, but then will return to normal a day or so later.
Save | Cancel
Clinton,
" As long as you do not attempt to run an infected application it really doesn't offer much risk sitting on the drive."
I'd politely add: *Usually*. There have been cases where malware code runs because of the way Windows itself will look at or examine certain types of files, e.g. .zip files or images. They even figured out how to successfully run malware from emails that Did Not require those emails to be opened.
"... short of a OS exploit where it can auto launch itself (or part of it) and pin itself into the bootloader so it launched on next reboot. This is extremely unlikely even for 99% of malware out there."
Yes, it's less likely today, but not because it's difficult, but because there's so much low hanging fruit that many cybercriminals & would-be cybercriminals don't feel that they have to bother. There are actually more ways than ever before to ensure persistence [as it's called]. The latest frontier so-to-speak seems to be the sort of mini OS used by UEFI BIOS -- they found an early-on example of UEFI malware in the wild a while back, and they've likely only gotten better at it since.
Be Careful Out There.
Save | Cancel
Clinton,
>"short of a OS exploit where it can auto launch itself (or part of it)"
It is impossible for any program to auto launch itself; programs cannot think or make decisions on their own. That occurs only after they are loaded into a running state. The CPU then processes the steps in the program, which could then do lots of good or bad things. The main point is that a program has to be started by some other running program or the (already running) operating system.
I purchased the HDD Sentinel program several years ago. I am not aware of it hooking itself into the operating system in a manner that it cannot be uninstalled.
Save | Cancel
Kjell,
>"I don’t like at all to disable the anti-virus program, though it has been necessary if you should download software from GOTD, and I don’t know why. Can someone tell me?"
It isn't GOTD's fault. I have never had to disable my anti-virus program to install any program from GOTD, and I have successfully installed hundreds over the years. Some anti-virus software will view the setup used for most GOTD offers and block it. Most anti-virus software also have a method to allow programs you specify as safe, but very few people ever bother to go and make the change. Over the years, the same question you have asked has been asked by others. After learning they can alter their anti-virus settings, they have not had any more problems. Take a look and see if that will help you.
Save | Cancel
Kjell, from my own research and not the Public relations claims that antivrus program for some unexplained reasons get accused of detecting the themidia wrapper as malware false positive and some alledge its because some malware writers protect thir code using themidia.... well none of that is the truth as whenever anti-virus or anti-malware detect anything flasely or correctly it ALWAYS tells you in a popup notification to prove to you it's earning the money and resources it costs... They NEVER block something without celebrating it! What is really going on is the Themidia protection code used to report that it detected debugging software on the system and rrefuse to decode and launch the encrypted wrapped installer... often it would fire up when no real debugger was active. At some point GAOTD developer turned down the sensitivity of the debugger detection routines and the problem apeared to go away... but then a new problem started the themidia code detected certain anti virus heuristics scanners virtualised sandbox as a reverse engineering attempt and since the alert message about the detected debugging program had been removed the Themidia code itself SILENTLY aborts the decoding and launching of the wrapped installer and skips ahead to the Succefully Activated form and that's what gets displayed.
By preventing the Antimalware from doing its Heuristics sandboxing of setup.exe the Themidia code then permits the ecrypted wrapped installer to be decrypted and unwrapped and executed. Of course I could be wrong since I am not the GAOTD developer used to produce the latest build of the wrapper but that explanation is the ONLY one that fits all the observed symptoms and history of the setup.exe/gcd wrapper.
My personal opinion is GAOTD should wake up their developer and re-instate the capture of the Themidia detection of an unacceptable investigation environment and properly flag an error and change the final message so it does not lie and say it had been succesfully activated when the program knows damn well it aborted the decryption and launching of the installer and the anti-virus/anti-malware programs did NOTHING to prevent or quarantine any part of the wrappers operation! And stop blaming every other AV vendor/developer for their own use of Themidia in an incorrect way.
Save | Cancel
krypteller, have you never noticed that at no point do any of these blamed anti-virus programs EVER report they detected somthing suspicious... because THEY NEVER DO! It's NEVER the AV program blocking the Themidia code! It is the Themidia code silently aborting because it did not like the AV programs environment investigating what it was doing.... That's what Themidia code does! The encryption of the installer predates the use of Themidia. Themidia was used as a software counter measure to a simple hack that was published on youtube I think that showed everyone how to find the we*.tmp file that the original wrapper used to write to the temp folder and then launch some of us spotted it and used it to get a personal copy of the unprotected installer but some idiot decided to make the knowledge public so GAOTD had to up their protection to maintain their business model.
Save | Cancel
Gary, not strictly true there have been and will be many cases of remote code execution vulnerbilities including some that were designed in like the .WMF remote code exectuion vulnerability... https://www.grc.com/wmf/wmf.htm or the more modern ones scattered around various parts of Microsofts programs usually described as such and such component improperly handles data in memory which can lead to a remote code execution vulnerability....this update corrects that behaviour.... it is well known to be a designed in family of vulnerabilites that exists in many places in windows and can easily be fixed and moved to a different area of windows if exposed or threatened to be exposed publicly, because the error is in DATA processing and yet Data Execution Prevention protection NEVER blocks the remote code injected via specially crafted DATA and executed.
Save | Cancel
krypteller, any solution that takes away from the process the virtual environment that the Themidia code detects as invasive and to investigative allows the Themidia code to permit the retrieval of the decryption key and decryption and spawning of the in RAM image of the installer. Yours does this by instructing the AV program to not inspect any processes launched from the ignored folder. Other methods such as disabling the anti-malware program or disabling heuristics would have same effect. Your method is least risky of the methods often being used :-)
Same end result just the much vaunted reason that has been propgated was incorrect and blamed innocent anti-malware developers software.
There is also an option in windows 10 that I cannot remember if it is enabled by default or not and that is ransomware protection. It was added in one of the feature updates. I am not sure which one as I skipped a couple and if it is enabled then there is a very strong probability that it will prevent the giveaway wrapper from working, likely the problem that causes a report of a corrupted installer rather than the silently skipping the launching of the installer and landing on the successfully activated window.
It is possible that your method may mitigate with that too, though I'd hope not as ransomware malware could simply enumerate the windows 10 file system for any writable folder ignored by Windows Defender and then deposit itself in that folder and relaunch itself from there and proceed to encrypt user documents and hold the data to ransom.
Save | Cancel
TK,
>"Gary, not strictly true there have been and will be many cases of remote code execution vulnerbilities including some that were designed in like the .WMF remote code exectuion vulnerability"
Yes, other than the user initiating a program to execute (via the OS, scheduler, or anything that causes the file to be processed by the CPU), there have been many different types of initiating a program to execute, from the early days of DOS and ASCII BOMBs (sending a text file to the screen could cause a program to start) to the e-mail attachment vulnerabilities we had just a few years ago (assessing (not accessing) the attachment could cause a vulnerability). Executables have been hidden in all types of files, and then a method was used to start the executable part (e.g., an image viewer displaying a photo, and the processing of displaying the photo triggers something being loaded into executable memory). Those sort of vulnerabilities get solved pretty quickly.
Steve Gibson's coverage of the Microsoft MICE issue was big news back in 2010 (I think)(before Vista). I have not found any machines in a long time that originally had it because any that did have all probably been patched. Later machines didn't have it because it was removed by Microsoft. Even the MICE issue required something else processing the meta file before it caused an execution.
The main point is that regardless of what type of file (standard executable/hidden/disguised. etc.) it is merely taking up space on disk (non active), and cannot start itself. Something else has to trigger the action that causes that file to be processed in some manner before it will execute or cause something else to execute.
Save | Cancel
Gary, ok I thought that that example would have been sufficient but you need another? SMB v1 vulnerability that was exploited by wannacry ransomware to infect any windows NT based computer that was connected the the windows network that had SMB v1 server running that was left there for NSA to gain unsolicited remote access to computers of interest I believe the NSA exploit was known as eternal blue. The attackers code did not have to be ON the target machines hardware and since the SMB v1 server is a service it is always running on any machine with SMB v1 enabled which was practically all the machines on the UK NHS distributed LAN... and there are similar non-disclosed no user help required vulnerabilites in Windows 10 and back that will only ever be patched if a 3rd party security hacker or criminal hacker discovers any of them and makes it known by either proof of concept or a zero day attack. A similar vulnerability existed in XP I forget if it was connected direct to the internet and there were bots continuosly scanning the internet IP spaces sending a malicious packet that if it found an XP machine connected to the internet via a modem without a firewall it would cause the target machine to shut down. Remote code execution vulnerabilites can exist in any network facing server on a windows machine which is why windows firewall was first created and integrated into an XP service pack. But on a LAN for you to use cerain facilites, certain servers have to be passed through any firewall if the features are to be used and accordingly any vulnerabilities in those servers that permit remote code execution DO NOT require something to launch the payload as the vulnerable server is always running and the malicious software knows how to exploit the vulnerability and worm its way around a LAN from one vulnerable machine to another with NO operator intervention. It can even happen via a remote user that dials in via a VPN on an infected machine that got infected elsewhere and if that VPN is given direct access the real LAN the entire companies machines could get infected too! So once again what you are claiming is not true in all circumstances.
Save | Cancel
TK,
You are pointing out more possibilities of vulnerabilities, and the ones you mention only skim the surface of what types of exploits that have been developed, ... but my initial comment has nothing to do with those possible vulnerabilities. I was responding to part of the comment made by Clinton, which contained the text:
>"short of a OS exploit where it can auto launch itself (or part of it)"
That part I quoted at the start of my comment. Had I thought of it, I would have shortened my quoted text back to him to:
>"... where it can auto launch itself ..."
The only part of that comment I was responding to is the part about a program/exploit auto launching itself. Nothing on the computer can auto launch itself, not even the OS. It needs the BIOS to initiate the OS. The BIOS needs the circuitry/logic to start it when power is applied.
Clinton's comment just above that line I quoted said essentially the same thing: "As long as you do not attempt to run an infected application it really doesn't offer much risk sitting on the drive."
The part of a program "auto loading itself" is what I wanted to clarify. That part of the comment seemed to contradict the statement he had just made. I think if Clinton thought about it, the sentence would be worded slightly different. Anyone that knows very much about how a computer works (and obviously Clinton does) knows that executable code has to started by something that is already executing, whether it be initiated by the user telling the OS to start it, a scheduler that the OS runs that will start it, or a remote execution that starts it. The main point is that it cannot start itself; some already executing code must initiate it. I am pretty sure that is what Clinton was intending to point out as well. It just seemed odd to use the "auto load itself" part. It makes it sound like a file could somehow spontaneously start itself. For anyone that might have thought that was possible, I just wanted to make that part clear.
Save | Cancel
Gary, What I am describing is a program running on a different machine auto loading itself onto another machine that is running an operating system and that type of program is traditionally called a WORM
https://en.wikipedia.org/wiki/Computer_worm
as oppsed to a virus or trojan which is what you are describing. virii and trojans do not traditionally start themselves as you say but BIOS does autostart as soon as power is applied which then loads the operating system and startup programs and any malware that has installed itself in a prior session into the startup sequence by also having viral properties or rootkit properties. But by including live WORM code functionality it can once autostarted (because that's what it programed the operating system to do in the previous session) then install itself and launch itself on other connected vulnerable computers. So in previous session the WORM procedure on the other machine installed itself and its payload on the target machine without user interaction or scheduler interaction and then configured the target machine to launch the worm and payload on next operating system restart so yes the program started itself intially on the target machine, and then programmed the operating system to re-start it on next operating system re-boot so this class of malware does infect new machines and start its code executing and manipulates the startup processes to restart itself on reboot so as I said... what you were claiming was not strictly true in all cases.
Pretending that you werent saying that programs cannot start themselves on a victims computer is only just talking about the fact that computers are complex machinisms and all interconected kind makes your reply absolutely pointless since if you don't switch a computer on to prevent your WORM infected computer from loading and running the BIOS and that loading and running the boot sector code which then loads and runs the boot manager which then loads and runs the oeprating system and all the configured services, drivers and programs including the WORM self installed program with its self programmed auto run. because without the user switching it on in the first place the user just has an expensive paper weight or door stop. But if they use it as a computer the WORM based malware has installed itself and started itself on that computer. In fact there are several tricks that have been used to allow a program to auto-start itself like there was the %PATH% exploit where a worm would save a copy of itself as an executable that is normally launched as part of windows boot up period but the default launch did not explicitly state the path to the file but relied upon the systems searching of the %PATH% system variable list of paths and the worms saved payload would then autostart in place of the same named and correctly located executable... So it is wrong to claim that programs cannot start themselves because certain classes of programs certainly can! Some can't but SOME most certainly can start themselves without any intentional action or consent of the computer operator on the victims machine.
Save | Cancel