Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.
Can confirm, same error, database too old.
RCC 1.69.015 is now available for download!
Thanks for the update
From the website a RCC description:
However I wonder if this program can highlight outdated, not necessarily rogue, certificates in a no Windows updates scenario, that is, a machine which its Windows OS has not been updated neither WU nor manually.
RCC 1.69.017 available
Thanks for the update!
Can you replace the SHA1 checksums with SHA2-512 or SHA3?
By 'outdated', do you mean.expired certificates, or an outdated certificate list (CTL)? I'm working on detecting potentially outdated CTLs.
Currently, all major trust list maintainers (Microsoft, Apple, Mozilla, Google) still rely on SHA1 to identify root certificates, so it is probably a little too early to switch.
Also, the current consensus is that the recently announced SHA1 collision does not impact this use case.
But that doesnt mean the whole world need to follow that. I sure or at least hope, that the big player change that ASAP.
Also it is no big deal to provide a secure checksum instead of a old, broken MD5 or SHA1
Actually, while I have problems with the "Mozilla attitude"--and Google--the fact is that between them they are the "whole world". Certainly I feel that SHA1 is a tad dated, not to mention bunged up, but what you're asking is for Sven to give us info in one language, while reading the info in another. Which will make life difficult for us when we want to manipulate our Cert Stores.
So do we all Mozilla can often be spelled "Godz....", and Google is suspected by many people of dastardly deeds. But don't hold your breath. These Three are up there because the whole (western) world buys their products and loves them. They have no reason to change their winning ways.
Sven... While I'm here, I notice the lede from RCC:
For continued use, consider making a donation or purchasing a license.
Ummmmm, I'd be happy to purchase a licence (one machine) for something in the usual line of US$20/year (about Au$26.50). I can live with a cmd box, but definitely a user guide would be highly appreciated, since RCC's options are not well documented, but also Microsoft's kludgy handling of certificates is... less than intuitive. And apart from functionality-related program upgrades, I do agree with the calls to have RCC download the CTL on ignition.
This is the sort of software I would use about two or three times a year, just to keep an eye on what my web-facing apps are doing while I'm out of the house, or if I change software.
I asked because of an intermittent issue I have, sometimes it quiets for 1 month or so then comes back.
RCC 1.69.019 available
Why does the file version for the exe file not always get updated? You have to run the program to see what version
you have. filever shows 126.96.36.199, but when you run the program, you see RCC 1.69.019
If i look at the file-properties, the "Product-version" is correct: 1.0.69.019
but yes, the file version is always showing an older version.
RCC 1.69.020 available
(File version + Product version = 188.8.131.52)
Any idea what is that used for (A Google certificate installed on my system a month ago).
I exported it before deleting it and now RCC doesn't detect it anymore. There is not much information about it in Google (I got only 2 results for it). By the way Zemana AntiMalware is detecting it as well:
Windows Registry Editor Version 5.00
Try checking if you installed any Google software on that day.
I didn't find any software related to Google in that period of time. In fact I even don't have any Google related software installed so I simple deleted it. Didn't encounter any issues so far but will keep the backup file for a while (just in case).
Is RCC still developed by svenfaw?
Maybe I never noticed before, but I saw a different name in the copyright.
I looked in the scan-results from a version of 2016 and i can see the same copyright.
The copyright doesn't changed since a long time, but yes, it is not svenfaw
Aaahh... And the relevance is...? Actually, the copyright is held by Stephen Fenchurch, hence the "FS1" which differentiates him from Sally Firbuckle ("FS")
Seriously, did youse really expect svenfaw to use his "real" name on a public security forum? Or even on his downloads page? I wouldn't worry over a change of copyright nominee, the big (and important!!!!!!) question is about the reliability of the product. Now if I see--for example--CruelSister criticising the product and mentioning the change of copyright nominee, then, yes, it's time to be concerned. But ATM it's none of my business.
I was no longer interested in staying anonymous and started releasing RCC (and most of the other apps) under my real name a couple months ago.
Ah, thanks. Curiosity satisfied
Separate names with a comma.