I don’t know much about security issues, but since Listary establishes a socket connection to listary.com via port 443 during the version request, data could also be compromised in this way. Listary waits for key events anyway, so a simple background process could record all keystrokes and send the data via socket more or less unnoticed. This does not even require admin privileges.
Someone apparently scanned 6.0.6.21 using VirSCAN.org and some scanners were tripped.
Personally, I won’t be updating until I see an update log.
Source https://r.virscan.org/report/0609f8f78f7f7e1b8c9ec1b60aff51d1
VirusTotal has more scanners and functions, all find the updated files clean.
Who realy uses Virscan.org, their home page even has problems to be loaded…
Since the updates there are no new modules or start-ups added to my system.
The CPU usage in idle state is still the same.
.
I think you’re right it about being careful, I didn’t think about it and updated it. Does anybody have Wireshark installed and can check if listary is doing anything strange? I want to uninstall it but I cannot find the previous version now. Does anybody have the original installer?
If you think about it, Listary’s situation would be really advantageous to a hacker:
- Hundreds/thousands of people use and trust the software
- Auto-update is always ready to prompt users to install that “trusted” software
- Current situation of the developer is unknown, giving users no immediate concern or reason to distrust the software
- Users are excitedly waiting for updates to the beta software and are a bit “trigger happy” with the auto-update button.
If someone somehow got ahold of the necessary files and accounts needed to rebuild/resign the software, they could take advantage of the situation in malicious ways. Since we haven’t seen any official announcement and considering the time it’s taken for this latest update, I am immediately suspicious.
I just do not know if it is the penultimate beta 🤷
ListaryInstaller_6.0.5.16 beta.exe
════════════════════════════════
Listary.6.0.5.16.Beta.Portable.zip
I agree with you but consider the effort vs. reward balance, it is a relatively small niche program why would hackers just focus on this small app?
Someone is paying for the website hosting and the domain has been updated on 2021-09-20 and will expire in 2024, so someone is managing the website, maybe they had to update the softer signature to comply with some Microsoft requirements.
If the hackers got into somewhere they could’ve also faked a version release message.
But I agree that we have to be careful that’s why I am uninstalling the latest update.
Thanks Andy.
Could you paste something which works normal, what is that for weird click through site?!
Kinda shitty the dev doesnt take the effort to state anything
The latest update indeed no longer says Beta in the About section. It also tries to sell Listary Pro on a new page which links the website. The extensions page has also dissapeared. This does appear to be genuine development…
I am also very suspicious.
Does anybody know how we could avoid the upgrade screen everytime we start the system?
It is just risky to get this update button.
Thanks
I almost want to abandon the software because of this very shitty unprofessional behavior…
If this is a chinese developer why is the domain registered in Iceland?!
Your question is very confusing. Could you elaborate what do you mean by “registered in Iceland”?
I buy my domains wherever it’s cheap and trustworthy enough, not based on my country of residence. My domains also probably still showing up with Lithuanian address despite I live in London.
It’s the administrative address that is registered on ICANN.
So he could simply have registered his company in Iceland, nothing strange about that.
The new version accepts my Listary Pro license from 2016.
It is clean according to Virus Total.
It still supports all my file mangers (Explorer, Total Commander, XYplorer, Free Commander)
and the standard Open/Save dialogs.
I don’t understand the poeple who complained all the time
that there where no updates and now they don’t want it.
Windows 11 Home x64 Version 21H2 (OS Build 22000.613)
TC 10.50b1 x64 / x86
Everything 1.5.0.1309a (x64)
Listary Pro 6.0.7.23
XYplorer 23.00.0100
I blocked all outgoing/incoming Listary traffic in Windows firewall after I almost updated it by accident one time, and that seems to have stopped the update screen from appearing every boot.