[German]Here's a blog post for people who love to use tons of tools onto their Windows systems. I have just become aware of the Windows tool UserBenchMark, that promises to create a benchmark of the system. I was asked if the tool is trustable.
The UserBenchMark tool
The tool UserBenchMark is offered here for free, may also be downloaded at Major Geeks and from other web sites. The program is promoted by UserBenchMark evaluating the user's PC and comparing the results with other users using the same components. The test is designed to compare the strengths and weaknesses of each component in your PC with the ten most popular components in its class.
It already makes alarm bells ring at me, because this is once again a feature that nobody actually needs. The mail goal of the tool is to extract data for comparison with other systems. The data have to be transmitted to the developer. The screenshot of the website shown below enlists data of scanned systems are displayed in the right column.
If you click on an entry, the website shows more details about the system in question in a subsequent page (although the user remains anonymous). But how good this data is remains unclear. And the prominent icons to share the results on reddit, Facebook, Twitter, Google+ indicates to me, it's more a tool to show others 'hey, I have the biggest, fastest or whatever'. Not really necessary, in my view.
A few words about the program
The program can be run without administrator rights (UAC query), does not have to be installed and runs with standard user rights of a local account.
The screenshot above shows that different components are tested at the benchmark. However, the checkboxes cannot be deselected (at least not under standard user accounts).
Is the tool secure/trustable?
The reason why I decided to investigate UserBenchmark briefly, was the question of a Twitter user whether this tool could be trusted. The tweet is private and protected, so I don't want to reveal its details here. Security researchers like Jake Williams (@malwarejake) said he couldn't say anything. Major Geek tweeted you can trust the tool. Users @RDSitze note that:
- The Windows Defender and Malwarebytes did not trigger an alarm (so should not include know malware).
- But tool does not allow the user to disable certain tests, although there is a user interface for them.
- UserBenchmark sends data to the developer without the possibility to opt out, this can only be blocked in the firewall.
The last two items should direct every cautious user in the direction of 'keep your fingers away'. The 'the tool sends data, it cannot be turned off* is clear, because the intension of the tool is the comparison of the benchmarks with other users. User @RDSitze notes that there is no Eula.
That was the reason for me to take a quick look at the tool. First I uploaded the downloaded .exe file to VirusTotal. I got the following feedback.
Only 2 out of 68 virus scanners consider the program file suspicious. Confirms the assessment that the tool does not contain any known malicious code. I then looked at the properties of the .exe file. The program does not have a digital signature, so we can't verify, that the program file is coming from the originator. But free software is often not digitally signed – so the user need to be rather cautious.
The I let run the program file within my test bed. In this test environment I use test modules provided by security expert Stefan Kanthak (see also my article PSA: Classic Shell is now Open Shell Menu – and a warning). The modules will trigger an alarm, if something is not properly implemented.
When I started the program, I could hardly get out of the loop of warning dialogs that are popped up, when the program calls dependent DLL libraries. I had to confirm countless warning dialogs. This means that the program calls the DLLs without a qualified path (the first with the same name found within the Windows search path will be loaded – which might not the intended file).
A malware could therefore place a malicious DLL with known names like uxtheme.dll in the UserBenchMark.exe folder and would be executed as soon as the user starts the program. In the current case, the damage is limited because the tool is executed with the standard user rights. And we can discuss whether a user has already lost if there is malware on the system. But: DLL hijacking is a vulnerability that can be avoided with clean programming – as is the Microsoft recommendation, which unfortunately is not always followed by its own developers.
What is my conclusion?
On the credit side you can see the following: UserBenchMark.exe is a free tool, that promises that it provide a benchmark. And it seems, that the tool is currently free of known malware.
However, the above explanations show that the functionality of the tool must at least be questioned. And from a security point of view, the implementation is rather critical. Now I ask myself the question: What does the tool do for me? My conclusion: Weighting the benefits and the disadvantages, I would keep my hands off it.
Warning against Intel Extreme Tuning Utility (XTU) V188.8.131.52
Warning: Avoid NVTrimmer for Nvidia driver customization
Nonsense Project: Windows 95 as an App
PSA: Classic Shell is now Open Shell Menu – and a warning
Vulnerabilities in Microsoft Visual C++ Runtime
Windows 10 and the OneDrive vulnerabilities – Part 1
PSA: Classic Shell is now Open Shell Menu – and a warning
Cookies helps to fund this blog: Cookie settings
My name is Ivana Balentic and while going through your website I saw you mentioned our friends at User Benchmark (https://borncity.com/win/2019/01/24/windows-tool-userbenchmark-is-it-trustable/).
I'm curious is it possible to sponsor the mention of my blog?
All the best,
Fear it's not possible